Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Telekom Brief Zeus/Zbot (https://www.trojaner-board.de/167222-telekom-brief-zeus-zbot.html)

rootofallevi 24.05.2015 09:45
Telekom Brief Zeus/Zbot
 
Schönen guten Morgen,
Ich habe folgendes Problem:
Vor kurzem lag ein Brief der Telekom im Briefkasten, in dem stand, dass ein PC in meinem Netzwerk vom Trojaner Zeus/Zbot befallen sei.
Weiter wurde erwähnt dass mit dem EUcleaner (HitmanPro) von botfrei.de/telekom dieser Trojaner ausfindig gemacht und entfernt werden kann.
Ich lebe in einer WG mit 2 weiteren Personen, die Rechner die in Frage kommen wären somit :
Mein Laptop (win7, avira& mbam & Lubuntu 14.10)
Mein Desktop (Win8.1 , avast & mbam& Lubuntu 14.10)
2 Laptops meiner Mitbewohner (beide win 7 mit avira)
+ Smartphones & Tablets

Das von der Telekom empohlene Tool Hitmanpro hat leider außer ein paar tracking cookies nichts gefunden, auf keinem Laptop/PC.
Mein Laptop zeigt in win7 mittlerweile auch ein merkwürdiges verhalten. Ich habe noch avira antivir free, das laut kontrollzentrum angeblich aktiv ist, jedoch kann ich keine scans durchführen, es erscheint die fehlermeldung, dass ich nicht die benötigten Berechtigungen hätte um auf avscan.exe zuzugreifen.

weiter wird im Telekomschreiben empfohlen, dass ich alle Passwörter zu email konten und sogar das Internetpasswort das zum einwählen verwendet wird ändern soll.


Wie soll ich weiter vorgehen?


Meine Mitbewohner und ich haben natürlich jegliche sensiblen Aktionen (onlineBanking, online Einkäufe,...) eingestellt.

Ich freue mich auf eure Hilfe
Beste Grüße
Michael

M-K-D-B 24.05.2015 09:47
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Wir beginnen mal mit einem deiner Rechner.

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.

rootofallevi 24.05.2015 09:48
Hier noch ein paar logs:
defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:18 on 23/05/2015 (Michael)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Michael (administrator) on MICHAEL-LAPTOP on 23-05-2015 17:20:40
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 &  (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM-x32\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172016 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399856 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [442352 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: E - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-09-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-09-10] (NVIDIA Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\abs@avira.com [2015-04-29]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Firebug - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-11]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: ProxTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Selenium IDE - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-18]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-14]
FF Extension: Fox!Box - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-17]

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-20]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-10-15] (Adobe Systems) []
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) []
S2 HitmanPro37CrusaderBoot; F:\HitmanPro_x64 (1).exe [11024496 2015-05-23] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18955552 2014-07-24] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) []
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S4 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-09-15] (Intel(R) Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-18] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300352 2014-09-10] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 US800_01; C:\Windows\System32\DRIVERS\US800Wdm.sys [36440 2011-01-08] ()
S3 US800_AA; C:\Windows\System32\DRIVERS\US800Drv.sys [90200 2011-01-08] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 15:59 - 2015-05-10 22:16 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-06-07 09:38 - 2015-06-07 09:39 - 00524288 _____ (Simon Tatham) C:\Users\Michael\Desktop\putty.exe
2015-06-06 17:11 - 2015-06-06 17:11 - 00689051 _____ () C:\Users\Michael\Documents\VisualBoyAdvance-1.8.0-beta3.zip
2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D () C:\Users\Michael\Desktop\gbx
2015-06-06 17:09 - 2015-06-06 17:09 - 00303558 _____ () C:\Users\Michael\Documents\Zelda - Links Awakening (D).zip
2015-05-23 17:20 - 2015-05-23 17:20 - 00032626 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-23 17:20 - 2015-05-23 17:20 - 00000000 ____D () C:\FRST
2015-05-23 17:19 - 2015-05-23 17:19 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00050477 _____ () C:\Users\Michael\Documents\Defogger.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00000546 _____ () C:\Users\Michael\Documents\defogger_disable.log
2015-05-23 17:18 - 2015-05-23 17:18 - 00000168 _____ () C:\Users\Michael\defogger_reenable
2015-05-23 16:46 - 2015-05-23 16:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-23 16:46 - 2015-05-23 16:46 - 00004908 _____ () C:\Windows\system32\.crusader
2015-05-23 16:37 - 2015-05-23 16:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 00:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 00:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 23:41 - 2015-05-18 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 23:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 23:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 23:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 23:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 23:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 23:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-18 23:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 23:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-18 23:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 23:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-18 23:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 23:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 23:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 23:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 23:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 23:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 23:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 23:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 23:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 23:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 23:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 23:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 23:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 23:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-18 22:59 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-18 22:59 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-18 22:59 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 22:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 22:59 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-18 22:59 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-18 22:59 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 22:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 22:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 22:59 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-18 22:59 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-18 22:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 22:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 22:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-18 22:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-18 22:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 22:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 19:58 - 2015-05-10 19:58 - 00088064 _____ () C:\Users\Michael\Documents\KIT_Bericht_farbig.dot
2015-05-03 13:50 - 2015-05-03 13:50 - 00000000 __SHD () C:\found.000
2015-04-29 21:46 - 2015-04-29 21:52 - 136308332 _____ () C:\Users\Michael\Documents\ClappLend_MicrosoftAvi_720x480.avi
2015-04-29 21:43 - 2015-04-29 21:44 - 102627328 _____ () C:\Users\Michael\Documents\ClappLend720p25.mpg
2015-04-29 20:59 - 2015-04-29 21:02 - 438235520 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t
2015-04-29 20:59 - 2015-04-29 21:02 - 00106196 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t.xmpses
2015-04-29 19:30 - 2015-04-29 19:33 - 438235520 _____ () C:\Users\Michael\Documents\Unbenannt.m2t
2015-04-29 19:30 - 2015-04-29 19:33 - 00106196 _____ () C:\Users\Michael\Documents\Unbenannt.m2t.xmpses
2015-04-29 19:18 - 2015-04-29 19:18 - 00285487 _____ () C:\Users\Michael\Downloads\H264_presets.zip
2015-04-29 19:18 - 2015-04-29 19:18 - 00000000 ____D () C:\Users\Michael\Downloads\H264_presets
2015-04-29 19:11 - 2015-04-29 19:13 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller(1).exe
2015-04-29 18:53 - 2015-04-29 18:56 - 00000000 _____ () C:\Users\Michael\Documents\Unbenannt.avi
2015-04-29 18:05 - 2015-04-29 18:06 - 608648700 _____ () C:\Users\Michael\Documents\ClappLend720x576DVPAL25.avi
2015-04-29 17:42 - 2015-04-29 17:48 - 136554112 _____ () C:\Users\Michael\Documents\ClappLend720x480MicrosoftAvi.avi
2015-04-29 11:47 - 2015-04-29 11:48 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller.exe
2015-04-29 11:43 - 2015-04-29 11:45 - 25716682 _____ () C:\Users\Michael\Documents\ClappLend720x480avi2997.avi
2015-04-28 22:42 - 2015-04-28 22:43 - 103688192 _____ () C:\Users\Michael\Documents\Preview.mpg
2015-04-28 22:07 - 2015-04-28 22:08 - 103694336 _____ () C:\Users\Michael\Documents\OhneLogoTausch.mpg
2015-04-28 18:40 - 2015-04-28 18:40 - 00000000 ____D () C:\Users\Michael\Documents\Promovideo
2015-04-28 18:29 - 2015-04-28 18:30 - 101259264 _____ () C:\Users\Michael\Documents\Unbenannt.mpg
2015-04-23 23:34 - 2015-04-23 23:34 - 00000000 ____D () C:\IPCamRecord
2015-04-23 23:26 - 2015-04-23 23:27 - 01154728 _____ ( ) C:\Users\Michael\Documents\IPCWebComponents.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 12:14 - 2014-03-10 17:55 - 00001029 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2015-06-07 12:14 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-23 17:18 - 2013-10-14 15:51 - 00000000 ____D () C:\Users\Michael
2015-05-23 17:09 - 2013-10-14 18:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 17:07 - 2014-01-24 14:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 17:05 - 2014-06-10 10:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:04 - 2015-01-20 08:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 16:56 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 16:56 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 16:52 - 2013-10-14 15:51 - 01707079 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 16:51 - 2014-01-06 12:32 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-05-23 16:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-23 16:47 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\VMware
2015-05-23 16:47 - 2014-03-10 17:55 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-23 16:47 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-23 16:47 - 2014-01-24 14:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 16:47 - 2013-11-05 17:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\TSVNCache
2015-05-23 16:47 - 2013-10-14 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-23 16:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 16:47 - 2009-07-14 06:51 - 00029070 _____ () C:\Windows\setupact.log
2015-05-23 16:12 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-05-23 15:47 - 2013-10-14 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 11:12 - 2013-10-14 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-22 10:09 - 2014-01-24 14:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 19:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-21 18:30 - 2013-10-14 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:38 - 2009-07-14 06:45 - 04892952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 07:37 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 07:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-19 00:51 - 2013-10-29 02:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 00:51 - 2013-10-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-19 00:44 - 2013-10-29 02:26 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 00:43 - 2013-11-10 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 23:02 - 2014-01-24 14:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 23:02 - 2014-01-24 14:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 22:55 - 2015-04-02 18:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\aacs
2015-05-05 11:16 - 2013-10-14 16:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 21:21 - 2013-10-15 10:49 - 00035997 _____ () C:\Windows\system32\DICoInst64.log
2015-04-28 19:35 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2015-04-28 18:36 - 2013-10-14 18:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-23 23:39 - 2014-04-30 00:16 - 00000000 ____D () C:\Users\Michael\Desktop\temp

==================== Files in the root of some directories =======

2013-11-22 14:02 - 2013-11-22 14:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-06-20 11:31 - 2014-08-19 12:16 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-03 09:52 - 2013-12-03 09:52 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\pref.ga
2014-03-05 13:42 - 2014-05-28 12:06 - 0005120 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-07 15:59 - 2015-05-10 22:16 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-02 18:36 - 2015-04-02 18:36 - 0001829 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2013-10-14 18:27 - 2014-11-09 20:20 - 0007660 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll
C:\Users\Michael\AppData\Local\Temp\GLF10B5.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFA99D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFCA05.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFD702.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFDA0F.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFF107.tmp.exe
C:\Users\Michael\AppData\Local\Temp\JavaRa.exe
C:\Users\Michael\AppData\Local\Temp\jli.dll
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-i586.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-x64.exe
C:\Users\Michael\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Michael\AppData\Local\Temp\keytool.exe
C:\Users\Michael\AppData\Local\Temp\msvcr100.dll
C:\Users\Michael\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Michael\AppData\Local\Temp\node.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Michael\AppData\Local\Temp\ose00000.exe
C:\Users\Michael\AppData\Local\Temp\SIntf16.dll
C:\Users\Michael\AppData\Local\Temp\SIntf32.dll
C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll
C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Michael\AppData\Local\Temp\war3_Install.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 01:54

==================== End of log ============================

rootofallevi 24.05.2015 09:49
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Michael at 2015-05-23 17:21:10
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1041102655-3613075563-312560558-500 - Administrator - Disabled)
Gast (S-1-5-21-1041102655-3613075563-312560558-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1041102655-3613075563-312560558-1003 - Limited - Enabled)
Michael (S-1-5-21-1041102655-3613075563-312560558-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AACS Updater (HKLM-x32\...\AACS Updater) (Version: 1.0 - labDV)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 Content (HKLM-x32\...\Adobe Premiere Elements 9 Content) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
Compona Controls v 1.0 (HKLM-x32\...\Compona Controls_is1) (Version:  - Compona)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Fantom-X Editor (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\InstallShield_{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}) (Version: 2.10.0032 - Roland Corporation)
Fantom-X Editor (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}) (Version: 2.10.0032 - Roland Corporation)
Fantom-X Editor (x32 Version: 2.10.0032 - Roland Corporation) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2013 Sprachpaket (DEU) - v1.3 (x32 Version: 1.3.21014.1603 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.28485 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.7.32691 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20621.0) (Version: 4.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.41012.0) (HKLM-x32\...\{79AB8378-D661-4021-9941-FE5F4AEB57BB}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB  (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects  (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service  (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{af15e1e3-cd81-4fbb-a41c-c1deef9f1691}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{B9A7B46F-0120-406B-9A12-3AD1DCC94D97}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.0.6361 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.1.1158 - Native Instruments)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Treiber 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenGL Extensions Viewer 4.1 (HKLM-x32\...\GLVIEW3) (Version: 428 - )
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Python 2.7.8 (Anaconda 2.1.0 64-bit) (HKLM\...\Python 2.7.8 (Anaconda 2.1.0 64-bit)) (Version: 2.1.0 - Continuum Analytics, Inc.)
Python Tools - Umleitungsvorlage (x32 Version: 1.3 - Microsoft Corporation) Hidden
Qt (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Qt) (Version: 1.0.1 - Digia Plc)
Qt (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Qt) (Version: 1.0.1 - Digia Plc)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Release Management for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TortoiseSVN 1.8.3.24901 (64 bit) (HKLM\...\{85C48946-A8C6-400C-91A8-DCB06AB36032}) (Version: 1.8.24901 - TortoiseSVN)
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version:  - )
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.2 - VMware, Inc)
VMware Player (Version: 6.0.2 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireshark 1.10.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.2 - The Wireshark developer community, hxxp://www.wireshark.org)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

03-05-2015 13:59:14 Windows Update
12-05-2015 08:58:52 Windows Update
18-05-2015 22:56:36 Windows Update
19-05-2015 00:41:44 Windows Update
21-05-2015 09:49:43 Windows Update
23-05-2015 16:45:07 Prüfpunkt von HitmanPro
23-05-2015 16:45:59 Prüfpunkt von HitmanPro
06-06-2015 02:01:04 Geplanter Prüfpunkt
07-06-2015 10:31:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-26 20:12 - 00001312 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns2.adobe.com
127.0.0.1 adobe-dns3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 acitvate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29B8A84A-75FF-4E94-B260-E77CE0426E19} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {2AB2CD9E-D0F0-46D0-B909-3492209D4D8D} - System32\Tasks\{5060034A-33C0-4FD5-B84F-408F0824F5A4} => C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupClient.exe
Task: {2DDE5368-5758-4094-AA95-657132FBD62B} - System32\Tasks\{D7DAA49D-944F-44A7-8785-E8B81E172C14} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/abandoninstall?page=tsBing
Task: {313A417E-784A-4AE2-AD11-371243900BF0} - System32\Tasks\{8D75A411-5F20-461A-86B0-8BC95CCCF7E0} => D:\S3\AUTORUN.EXE
Task: {3D74DCE3-87B5-4950-A96F-8A6269D50369} - System32\Tasks\{E9B1F063-BD20-4A62-9F3E-130B4D724D47} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe" -d "C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE 5"
Task: {4927BC09-D5C3-4FA9-813E-B55C7440156E} - System32\Tasks\{414B9851-FB51-49A8-8E29-0E3F0EB8CC33} => pcalua.exe -a C:\Users\Michael\Downloads\FantomXEditor210.EXE -d C:\Users\Michael\Downloads
Task: {57404627-EB67-4FAF-8BC8-65B3027EF1F2} - System32\Tasks\{839CDC3D-C238-4700-9B4F-324CBF11D602} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_BASSES.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {5921D166-076C-4A53-BCFB-A29FAF5C696E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {621357C1-7661-410E-BAF9-39708138D2B3} - System32\Tasks\{447C2350-ABEC-45B3-8AD7-77F91FFFA74F} => pcalua.exe -a "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupClient.exe" -d "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup"
Task: {6BC1A939-7A5C-4FC9-95FF-B097E4562B45} - System32\Tasks\{829FED17-2B99-4C6B-BFAF-8E7FCDFC2EF0} => pcalua.exe -a "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupApp.exe" -d "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup"
Task: {7121B4A6-61BC-4491-B07C-637AE6B5ACD4} - System32\Tasks\{A03B3539-0243-4827-A6A2-4C3156E7A2E2} => pcalua.exe -a C:\Users\Michael\Documents\chromeinstall-8u31.exe -d C:\Users\Michael\Documents
Task: {7FEF8DE6-3364-42CB-B4AB-21017CBED048} - System32\Tasks\{997291DA-B0A3-4D22-9707-23D9A3A91165} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_DRUMS.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {93B5ED0D-8843-4172-BFFE-00533A133824} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {994229F1-55FF-4874-91DE-CF55449C0E09} - System32\Tasks\{FC9D55D0-7405-4480-A372-ABD3ECA90994} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_GUITARS.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {9CCE880D-9BE7-47A8-BA64-BB0910F3DBEB} - System32\Tasks\{77D4F9AE-CDC4-4AC7-8232-07648122682E} => pcalua.exe -a H:\Data\Games\UT2004\System\UDebugger.exe -d H:\Data\Games\UT2004\System
Task: {9E110222-B2BE-4EF6-8E77-D0993B1AA2FF} - System32\Tasks\{F2CD9ED7-C213-4F86-94FA-CEC860E84DE7} => pcalua.exe -a C:\BlueByte\Siedler3\SETUPS3.EXE -d C:\BlueByte\Siedler3
Task: {B7BD85E6-7A03-458F-931B-D3CACE97DDAC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C8494936-A12F-471B-9B63-648AF71C8598} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
Task: {CF867DCE-8235-4F46-A0AC-CD35C26DA9B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {D6947A8C-76F9-4E36-8923-DB18BEB339AA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {DAD1002E-8281-442A-935C-627100630B38} - System32\Tasks\{54C4E012-294B-420E-86A5-FF475D8749DE} => pcalua.exe -a C:\BlueByte\Siedler3\s3new160.exe -d C:\BlueByte\Siedler3
Task: {E9795E0D-436B-44B9-B776-038D09357D1A} - System32\Tasks\{24CE67B7-ED80-4078-9BB9-E23104654ABF} => D:\S3\AUTORUN.EXE
Task: {F1501C6E-003B-4E38-9AA4-9AD12D3C99A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1659734-457C-4C37-B5F3-CDC0406E6244} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 19:10 - 2014-09-10 23:08 - 00010952 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-14 16:08 - 2014-09-10 21:34 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-27 19:52 - 2013-10-27 19:52 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-10-27 19:52 - 2013-10-27 19:52 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-14 16:03 - 2011-07-19 21:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-14 16:41 - 2014-04-14 16:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-01-20 19:10 - 2014-09-10 23:08 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-05-23 16:47 - 2015-05-23 16:47 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-27 21:07 - 2014-10-27 21:07 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2013-10-14 16:17 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-27 19:07 - 2013-10-27 19:07 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-10-27 19:06 - 2013-10-27 19:06 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-05-22 10:09 - 2015-05-13 18:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 10:09 - 2015-05-13 18:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeActiveFileMonitor9.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: ZcfgSvc7 => 2
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: US800Pane => US800Pan.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FA5E5F0D-D9F6-4B77-A66B-34D51AD41541}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{97D86E3B-C4DB-4180-BB32-4F21B6ECBAB9}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{82A92059-0934-4275-AA8E-5694639A742C}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [{DB69A71C-B59C-49B4-A77A-27AED12D7C6A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{513FE120-9D78-46B5-999D-984F539F9628}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [UDP Query User{8F6F0426-4BF0-4FA1-8DB4-F8863B51C454}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [TCP Query User{B97F4CE7-3BD0-47C3-ADFE-D530698F83AF}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{1968BBFB-A49D-4A4A-A92D-88A43A904726}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [TCP Query User{500BA5A7-A7F5-46CF-B05D-CB1B91972C16}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [UDP Query User{92CCCB09-9E0E-4E79-ABE6-B806EE0C2AE4}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [TCP Query User{BC3FC516-904E-4DBB-84A5-D3491D3304C9}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F3C128E5-7D75-4282-A386-AD5E7B7945F6}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{01CF21E4-542E-4B3F-976D-D6BA18D3E82D}G:\data\games\generals\game.dat] => (Allow) G:\data\games\generals\game.dat
FirewallRules: [UDP Query User{84A0B252-8C5A-4FCC-A77F-712FBB1F6555}G:\data\games\generals\game.dat] => (Allow) G:\data\games\generals\game.dat
FirewallRules: [TCP Query User{F20D9D65-5C0D-4200-9D6B-724BEE012D06}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{10F429CF-DB0C-4154-BC64-D5F4E193ED3D}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{835373F8-42A0-4581-9538-9666F53FC164}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [UDP Query User{9737ECCD-BADF-45B9-93D6-4A520CBAEC52}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [{E2CBB12F-BADB-43DC-9929-587F81213AD7}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{682ADC4B-8687-4577-8C7E-CF7047BAC67A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{213199F5-F43F-4AE4-AEE2-E031F690270A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{B79C59E7-9260-4511-AA62-11E39570954B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{E1E2DE8A-E742-416C-A053-8FFC4DAACE55}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{8C47AB55-1C77-4956-A12E-ECFC80A99210}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{60E314F5-F8C4-4243-8C2C-A84B30B88E0C}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC4BEE05-91AB-496C-946B-118ED2D2BDDB}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9802540E-0402-4F39-BF10-1D046BC7012D}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{403238B9-055A-41E3-BFCD-F81A2B501D52}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{92AA8E47-B1A4-4B79-91ED-C76C35BF8BCF}C:\slmev\tools.exe] => (Allow) C:\slmev\tools.exe
FirewallRules: [UDP Query User{163D8D58-1D1C-44B0-8AF2-EECBD97A9375}C:\slmev\tools.exe] => (Allow) C:\slmev\tools.exe
FirewallRules: [TCP Query User{6EBF6C69-EA19-4049-838D-3F7E7A74A2B1}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe
FirewallRules: [UDP Query User{19F3EB68-55EC-4D7D-A20E-4C2410B97A4A}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe
FirewallRules: [TCP Query User{8140151E-F4BD-4819-A5EE-2DD9348AB172}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [UDP Query User{3BFB8502-8CE5-4D36-B2BE-66FECFA24962}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [{923C9FC1-16ED-4245-AF73-0D58A365B0EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{F6BD4490-75B0-44E3-ACDA-21351A907E17}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{F17A530A-B5CF-40C9-AB78-2BE812E0F695}C:\users\michael\desktop\beamer\beamertool\beamertool.exe] => (Allow) C:\users\michael\desktop\beamer\beamertool\beamertool.exe
FirewallRules: [UDP Query User{3B8D8953-BF83-4020-AB09-4BD96DD2F387}C:\users\michael\desktop\beamer\beamertool\beamertool.exe] => (Allow) C:\users\michael\desktop\beamer\beamertool\beamertool.exe
FirewallRules: [TCP Query User{C2F2F70F-0625-4956-96FE-497E5A6D05C4}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe
FirewallRules: [UDP Query User{E307CC03-6432-4551-8B00-84DC0A85F8D4}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe
FirewallRules: [TCP Query User{850F3090-9618-4B56-B90A-CD6D7AD293E4}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{DCE3B05B-56E5-44EC-B3D7-7F255BDDCD98}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{D0815CA6-9347-4AEC-A441-79AFD3689831}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{7C8396C4-80A3-4415-9D18-3E10660C2FC1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{E1C332CC-17BF-4152-915C-3D6EC19E0CCF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{4873C62A-ECD5-4298-AF57-A0AA6C1CDD1D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{97F14B20-A34F-4107-A744-7A2383E450AE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{57A0EA4C-C42C-4FFF-B421-4D7A64A6F3B3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{5B694E98-70DA-4501-AF1B-89A28DDAA7CE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{6FEDDAD3-EFB5-4657-8F33-BB0E8E0EAF1D}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{251E44CF-B2CE-4438-B4D8-B0AB76E52325}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{53F74649-63C9-4439-B432-F2AD331000A6}] => (Allow) LPort=12292
FirewallRules: [{C2DD0EA6-C4D8-4539-BB63-89FE5E276884}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6659FD9A-B882-4FB7-B5F1-6DEF952A2BFC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{06BEBF8F-01A8-4B4D-ABBB-64B9E1048CDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1F27EB37-2968-4AAC-9F96-58B61F8570A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ACC25D52-4A3B-4422-B4FF-CD658268BB4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1D2FC9A-8DBC-478E-A362-FCE798510597}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{04D2525F-BDE0-4BDA-8B03-6C496CA6C24F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4A8637B-6579-44A5-A796-1DA843F50A5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{27CAB8B0-0A88-45DB-AF64-147FA01F714A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F5E648EF-03FA-47FA-B1DD-61DF3E0E627D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{61D7D473-7983-4060-BF58-214D002FFEFD}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{0E0DBD7D-23BE-48B6-A1B3-418BF9F789DF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{7FC74CA0-7D82-4CB2-B74F-DD28D832AA50}] => (Block) C:\windows\explorer.exe
FirewallRules: [{F47355B3-BFDD-4688-AEA7-EF9B19AC3D12}] => (Block) C:\windows\explorer.exe
FirewallRules: [{FFD2D604-58AC-46BF-A71C-73164D2B3E89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 04:48:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/23/2015 04:47:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/23/2015 04:47:45 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-05-23T16:47:45.659+02:00| vthread-5| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (05/23/2015 04:47:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/23/2015 04:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 04:47:35 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17113) (User: )
Description: Fehler 2(Das System kann die angegebene Datei nicht finden.) beim Öffnen der Datei 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\master.mdf' zum Abrufen von Konfigurationsinformationen beim Start. Der Fehler wurde möglicherweise durch eine ungültige Startoption verursacht. Überprüfen Sie die Startoptionen, und korrigieren oder entfernen Sie sie bei Bedarf.

Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002e0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003EDED90.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000031BE8D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {4da505fc-68e6-4c11-9835-1f2e848d99b8}

Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009f0,(null),0,REG_BINARY,000000000978E110.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Generatorname: MSSearch Service Writer
  Generatorinstanz-ID: {57acdb02-9601-4331-b1f1-d006817a300d}

Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000070CE210.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {da384a5c-31b9-486a-b6ea-7970115cdee2}


System errors:
=============
Error: (05/23/2015 04:48:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/23/2015 04:48:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069

Error: (05/23/2015 04:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069

Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069

Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069

Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069

Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069

Error: (05/23/2015 04:48:00 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203

Error: (05/23/2015 04:47:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203

Error: (05/23/2015 04:47:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 48%
Total physical RAM: 6038.17 MB
Available physical RAM: 3092.08 MB
Total Pagefile: 12074.54 MB
Available Pagefile: 8731.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:185.55 GB) (Free:31.87 GB) NTFS
Drive e: (Lubuntu 14.10 am) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
Drive f: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: C9A0D27B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=185.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=976 MB) - (Type=82)
Partition 4: (Not Active) - (Size=46.3 GB) - (Type=83)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

rootofallevi 24.05.2015 09:52
Gmer:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-23 17:47:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXT0 232,89GB
Running: oxqoiqu8.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kwliqkog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                              0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                              000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                        00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                      00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                      00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                            000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                              000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                          000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                          000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                        000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                                                                                                                                    000000006edc13b0 2 bytes JMP 764a5660 C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                                                                                                                                    000000006edc13c0 2 bytes CALL 75ff9cee C:\Windows\syswow64\msvcrt.dll
.text    ...                                                                                                                                                                                                                                                          * 20
.text    C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                                                                                                                                    000000006edc153e 2 bytes CALL 76537794 C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                                                                                                                                    000000006edc1553 2 bytes CALL 762f10ff C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                    0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                      0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                    0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                    000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                      00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                      000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                      000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                          0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                    000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                      0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                        000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                      00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                    00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                                        000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                          000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                                              000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                                      000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                                        000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                                      000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                                                                                              000007fef68adc88 5 bytes JMP 000007fff68800d8
.text    C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                                                                                            000007fef68ade10 5 bytes JMP 000007fff6880110
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                        000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                      0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                      000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                              00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                              00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                        0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                    000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                      000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                        000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                  000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                  000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                        000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                        000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                          000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                        0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                        000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                  00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                          0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                      000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                        000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                          000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                    000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                          000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                          000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                    000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                  000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                          000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                        0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                          000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                    00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                  00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                  00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                          0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                      000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                        000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                            000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                    000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                      000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                    000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                            000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                          000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                            000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                          0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                            000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                      00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                    00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                    00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                            0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                        000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                          000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                              000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                      000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                        000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                      000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                              000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                            000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                              000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                            0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                            000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                      00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                    00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                    00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                              0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                          000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                            000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                              000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                        000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                        000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                      000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                                    000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                      000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                                        000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                                  000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                                  000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                                000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                                        000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text    C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                                        000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                          000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                        0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                        000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                  00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                          0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                      000007fefd633460 7 bytes JMP 000007fffd4700d8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                        000007fefd64a590 6 bytes JMP 000007fffd470148
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                          000007fefd64ac00 5 bytes JMP 000007fffd470180
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                    000007fefd64ada0 5 bytes JMP 000007fffd470110
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                    000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                  000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                                  00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                                    00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                                    00000000763013f9 7 bytes JMP 0000000167a73f10
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                                    000000007630ea45 7 bytes JMP 0000000167a73dc0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                            0000000076398ea4 7 bytes JMP 0000000167a73b50
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                            0000000076398f29 5 bytes JMP 0000000167a73c00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                              0000000076399281 5 bytes JMP 0000000167a73b60
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                00000000771a1d29 5 bytes JMP 0000000167a73b00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                              00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                  00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                      00000000771a2d17 5 bytes JMP 0000000167a73890
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                      0000000075368a29 5 bytes JMP 0000000167a73370
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                  0000000075374572 5 bytes JMP 0000000167a73810
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                                  000000007538e567 5 bytes JMP 0000000167a73880
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                                            00000000753b07d7 5 bytes JMP 0000000167a73280
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                          00000000753c7a5c 5 bytes JMP 0000000167a73800
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                              00000000760ce96b 5 bytes JMP 0000000167a733e0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                00000000760ceba5 5 bytes JMP 0000000167a733f0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                                    0000000076185ea5 5 bytes JMP 0000000167a73320
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                      00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4                                                                                                                                  00000000761b9d0f 1 byte [F1]
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                                              00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                                                00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                                                00000000763013f9 7 bytes JMP 0000000167a73f10
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                                              000000007630ea45 7 bytes JMP 0000000167a73dc0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                      0000000076398ea4 7 bytes JMP 0000000167a73b50
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                                      0000000076398f29 5 bytes JMP 0000000167a73c00
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                                        0000000076399281 5 bytes JMP 0000000167a73b60
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                            00000000771a1d29 5 bytes JMP 0000000167a73b00
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                          00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                              00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                00000000771a2d17 5 bytes JMP 0000000167a73890
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                0000000075368a29 5 bytes JMP 0000000167a73370
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                            0000000075374572 5 bytes JMP 0000000167a73810
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                                            000000007538e567 5 bytes JMP 0000000167a73880
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                                                        00000000753b07d7 5 bytes JMP 0000000167a73280
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                      00000000753c7a5c 5 bytes JMP 0000000167a73800
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                        00000000760ce96b 5 bytes JMP 0000000167a733e0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                          00000000760ceba5 5 bytes JMP 0000000167a733f0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                                                0000000076185ea5 5 bytes JMP 0000000167a73320
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                                00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4                                                                                                                                            00000000761b9d0f 1 byte [F1]
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                                        0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                                          0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                                        0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                                        000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                          * 9
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                                          00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                    00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                                          000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                    0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                                          000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                                              0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                        000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                                          0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                                            000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                                          00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                                        00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                    00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                    00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                                                                                                                                            00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                                                                                                                                              00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                                                                                                                              00000000763013f9 7 bytes JMP 0000000167a73f10
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                                                                                                                                            000000007630ea45 7 bytes JMP 0000000167a73dc0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                                                                                                                                    0000000076398ea4 7 bytes JMP 0000000167a73b50
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                                                                                                                                    0000000076398f29 5 bytes JMP 0000000167a73c00
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                                                                                                                                      0000000076399281 5 bytes JMP 0000000167a73b60
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                          00000000771a1d29 5 bytes JMP 0000000167a73b00
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                        00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                            00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                              00000000771a2d17 5 bytes JMP 0000000167a73890
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                      00000000760ce96b 5 bytes JMP 0000000167a733e0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                        00000000760ceba5 5 bytes JMP 0000000167a733f0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                              0000000075368a29 5 bytes JMP 0000000167a73370
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                          0000000075374572 5 bytes JMP 0000000167a73810
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                                          000000007538e567 5 bytes JMP 0000000167a73880
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                                                      00000000753b07d7 5 bytes JMP 0000000167a73280
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                    00000000753c7a5c 5 bytes JMP 0000000167a73800
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                                              0000000076185ea5 5 bytes JMP 0000000167a73320
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                              00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4                                                                                                                                          00000000761b9d0f 1 byte [F1]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                                                      0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                                                        0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                                                      0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                                                      000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                                                        00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                  00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                                                        000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                  0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                                                        000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                                                            0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                      000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                                                        0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                                                          000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                                                        00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                                                      00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                  00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                  00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                  000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                          00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                        00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                        00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                  0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                              000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                  000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                            000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                            000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                          000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                        000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                      0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                        000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                  00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                        0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                    000007fefd633460 7 bytes JMP 000007fffd4700d8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                      000007fefd64a590 6 bytes JMP 000007fffd470148
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                          000007fefd64ac00 5 bytes JMP 000007fffd470180
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                  000007fefd64ada0 5 bytes JMP 000007fffd470110
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                          000007feff4a7490 11 bytes JMP 000007fffd470228
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                        000007feff4bbf00 7 bytes JMP 000007fffd470260
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                    000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                  000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex                                                                                                                                          000007fef79d2460 5 bytes JMP 000007fefd4702d0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\d3d9.dll!Direct3DCreate9                                                                                                                                            000007fef7a096b0 6 bytes JMP 000007fefd470298
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                    000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                      000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                        000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                  000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                  000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                            0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                              0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                            0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                            000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                        00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                        0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                              000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                    0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                            000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                              0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                  000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                              00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                            00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                        00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                        00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                                              00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                                                00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                                                00000000763013f9 7 bytes JMP 0000000167a73f10
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                                                000000007630ea45 7 bytes JMP 0000000167a73dc0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                        0000000076398ea4 7 bytes JMP 0000000167a73b50
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                                        0000000076398f29 5 bytes JMP 0000000167a73c00
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                                          0000000076399281 5 bytes JMP 0000000167a73b60
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                            00000000771a1d29 5 bytes JMP 0000000167a73b00
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                          00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                              00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                  00000000771a2d17 5 bytes JMP 0000000167a73890
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                          00000000760ce96b 5 bytes JMP 0000000167a733e0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                            00000000760ceba5 5 bytes JMP 0000000167a733f0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                  0000000075368a29 5 bytes JMP 0000000167a73370
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                              0000000075374572 5 bytes JMP 0000000167a73810
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                                              000000007538e567 5 bytes JMP 0000000167a73880
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                                                        00000000753b07d7 5 bytes JMP 0000000167a73280
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                      00000000753c7a5c 5 bytes JMP 0000000167a73800
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                                                0000000076185ea5 5 bytes JMP 0000000167a73320
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                                  00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4                                                                                                                                              00000000761b9d0f 1 byte [F1]
.text    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                        000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                          000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                              000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                      000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                          000000007737a3e0 7 bytes JMP 000000016fff0228
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                        0000000077383f00 5 bytes JMP 000000016fff0180
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                        000000007739ffd0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                  00000000773af350 5 bytes JMP 000000016fff0110
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                00000000773e9530 5 bytes JMP 000000016fff0148
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                          0000000077408850 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                      000007fefd633460 7 bytes JMP 000007fffd4700d8
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                        000007fefd64a590 6 bytes JMP 000007fffd470148
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                          000007fefd64ac00 5 bytes JMP 000007fffd470180
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                    000007fefd64ada0 5 bytes JMP 000007fffd470110
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                    000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                  000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                                                                00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                                                                  00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                                                                  00000000763013f9 7 bytes JMP 0000000167a73f10
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                                                                  000000007630ea45 7 bytes JMP 0000000167a73dc0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                          0000000076398ea4 7 bytes JMP 0000000167a73b50
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                                                          0000000076398f29 5 bytes JMP 0000000167a73c00
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                            0000000076399281 5 bytes JMP 0000000167a73b60
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                              00000000771a1d29 5 bytes JMP 0000000167a73b00
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                            00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                                    00000000771a2d17 5 bytes JMP 0000000167a73890
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                            00000000760ce96b 5 bytes JMP 0000000167a733e0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                              00000000760ceba5 5 bytes JMP 0000000167a733f0
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                                    0000000075368a29 5 bytes JMP 0000000167a73370
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                                                0000000075374572 5 bytes JMP 0000000167a73810
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                                                                000000007538e567 5 bytes JMP 0000000167a73880
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                                                                          00000000753b07d7 5 bytes JMP 0000000167a73280
.text    C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                                        00000000753c7a5c 5 bytes JMP 0000000167a73800

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [3788:6668]                                                                                                                                                                                                                  000007fef0499688
---- Processes - GMER 2.1 ----

Library  c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-05-23 14:47:39)                                      0000000003230000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)          0000000072590000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                          000000004a900000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                        0000000005dd0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                          000000004ad00000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        000000006e640000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000006e350000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30)                                                                                        0000000072fe0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        0000000067c30000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        0000000064550000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          0000000064330000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            00000000640d0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000072fb0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30)                                                                                          0000000072fa0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  0000000072f70000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        0000000072f30000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)  0000000072ee0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30)                                                                      00000000724b0000
Library  C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30)                                                                      0000000072ea0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424e2b21                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424e2b21@20d3906a6a4c                                                                                                                                                                      0xDC 0x7F 0x09 0x92 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424e2b21 (not active ControlSet)                                                                                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424e2b21@20d3906a6a4c                                                                                                                                                                          0xDC 0x7F 0x09 0x92 ...

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.05.2015
Suchlauf-Zeit: 17:05:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.23.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 588178
Verstrichene Zeit: 27 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

M-K-D-B 24.05.2015 09:52
Servus,


meinen 1. Post gelesen?


also wir bleiben bei deinem Rechner, Win 7.


TDSS-Killer dort bitte noch ausführen.

rootofallevi 24.05.2015 09:57
TDSSkiller:
Code:
10:52:00.0810 0x15b0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:53:32.0818 0x15b0  ============================================================
10:53:32.0818 0x15b0  Current date / time: 2015/05/24 10:53:32.0818
10:53:32.0818 0x15b0  SystemInfo:
10:53:32.0818 0x15b0 
10:53:32.0818 0x15b0  OS Version: 6.1.7601 ServicePack: 1.0
10:53:32.0818 0x15b0  Product type: Workstation
10:53:32.0818 0x15b0  ComputerName: MICHAEL-LAPTOP
10:53:32.0818 0x15b0  UserName: Michael
10:53:32.0818 0x15b0  Windows directory: C:\Windows
10:53:32.0818 0x15b0  System windows directory: C:\Windows
10:53:32.0818 0x15b0  Running under WOW64
10:53:32.0818 0x15b0  Processor architecture: Intel x64
10:53:32.0818 0x15b0  Number of processors: 8
10:53:32.0818 0x15b0  Page size: 0x1000
10:53:32.0818 0x15b0  Boot type: Normal boot
10:53:32.0818 0x15b0  ============================================================
10:53:33.0304 0x15b0  KLMD registered as C:\Windows\system32\drivers\69270610.sys
10:53:33.0632 0x15b0  System UUID: {85853974-A20C-3024-BF9C-CDDCA9912C17}
10:53:34.0630 0x15b0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:53:34.0646 0x15b0  ============================================================
10:53:34.0646 0x15b0  \Device\Harddisk0\DR0:
10:53:34.0646 0x15b0  MBR partitions:
10:53:34.0646 0x15b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:53:34.0646 0x15b0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x17318000
10:53:34.0646 0x15b0  ============================================================
10:53:34.0646 0x15b0  C: <-> \Device\Harddisk0\DR0\Partition2
10:53:34.0646 0x15b0  ============================================================
10:53:34.0646 0x15b0  Initialize success
10:53:34.0646 0x15b0  ============================================================
10:54:12.0741 0x140c  ============================================================
10:54:12.0741 0x140c  Scan started
10:54:12.0741 0x140c  Mode: Manual; SigCheck; TDLFS;
10:54:12.0741 0x140c  ============================================================
10:54:12.0741 0x140c  KSN ping started
10:54:15.0591 0x140c  KSN ping finished: true
10:54:15.0747 0x140c  ================ Scan system memory ========================
10:54:15.0747 0x140c  System memory - ok
10:54:15.0747 0x140c  ================ Scan services =============================
10:54:15.0778 0x140c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:54:15.0840 0x140c  1394ohci - ok
10:54:15.0856 0x140c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:54:15.0871 0x140c  ACPI - ok
10:54:15.0887 0x140c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
10:54:15.0903 0x140c  AcpiPmi - ok
10:54:15.0918 0x140c  [ 4AE327C9C375D985FF2A2AAB92765218, 0BE842E0682413222F5432891749B5C754CF6B3BDCED3CB3F39FFD245BE66F26 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:54:15.0934 0x140c  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
10:54:18.0820 0x140c  Detect skipped due to KSN trusted
10:54:18.0820 0x140c  Adobe LM Service - ok
10:54:18.0835 0x140c  [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
10:54:18.0851 0x140c  AdobeActiveFileMonitor9.0 - ok
10:54:18.0851 0x140c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:54:18.0867 0x140c  AdobeARMservice - ok
10:54:18.0898 0x140c  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:54:18.0929 0x140c  AdobeFlashPlayerUpdateSvc - ok
10:54:18.0945 0x140c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
10:54:18.0960 0x140c  adp94xx - ok
10:54:18.0976 0x140c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
10:54:18.0991 0x140c  adpahci - ok
10:54:19.0007 0x140c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
10:54:19.0023 0x140c  adpu320 - ok
10:54:19.0038 0x140c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
10:54:19.0038 0x140c  AeLookupSvc - ok
10:54:19.0054 0x140c  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:54:19.0054 0x140c  AERTFilters - ok
10:54:19.0069 0x140c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
10:54:19.0101 0x140c  AFD - ok
10:54:19.0101 0x140c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:54:19.0116 0x140c  agp440 - ok
10:54:19.0116 0x140c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
10:54:19.0147 0x140c  ALG - ok
10:54:19.0147 0x140c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:54:19.0163 0x140c  aliide - ok
10:54:19.0163 0x140c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:54:19.0179 0x140c  amdide - ok
10:54:19.0179 0x140c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
10:54:19.0194 0x140c  AmdK8 - ok
10:54:19.0194 0x140c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:54:19.0210 0x140c  AmdPPM - ok
10:54:19.0225 0x140c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
10:54:19.0241 0x140c  amdsata - ok
10:54:19.0241 0x140c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:54:19.0257 0x140c  amdsbs - ok
10:54:19.0272 0x140c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
10:54:19.0288 0x140c  amdxata - ok
10:54:19.0288 0x140c  [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
10:54:19.0319 0x140c  AMPPAL - ok
10:54:19.0319 0x140c  [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPALP        C:\Windows\system32\DRIVERS\amppal.sys
10:54:19.0335 0x140c  AMPPALP - ok
10:54:19.0366 0x140c  [ A47D7FEBD9381D34DDB4FF38B15A67FE, 2935E312C0BEDC2B8CABAA9B20C653B87373BE72F9AEEE0980E329CC30FCF678 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:54:19.0413 0x140c  AMPPALR3 - ok
10:54:19.0444 0x140c  [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
10:54:19.0475 0x140c  AntiVirMailService - ok
10:54:19.0491 0x140c  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:54:19.0506 0x140c  AntiVirSchedulerService - ok
10:54:19.0522 0x140c  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:54:19.0537 0x140c  AntiVirService - ok
10:54:19.0569 0x140c  [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
10:54:19.0600 0x140c  AntiVirWebService - ok
10:54:19.0600 0x140c  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
10:54:19.0615 0x140c  AppHostSvc - ok
10:54:19.0631 0x140c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID          C:\Windows\system32\drivers\appid.sys
10:54:19.0647 0x140c  AppID - ok
10:54:19.0647 0x140c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:54:19.0662 0x140c  AppIDSvc - ok
10:54:19.0662 0x140c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
10:54:19.0678 0x140c  Appinfo - ok
10:54:19.0693 0x140c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt        C:\Windows\System32\appmgmts.dll
10:54:19.0709 0x140c  AppMgmt - ok
10:54:19.0709 0x140c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
10:54:19.0725 0x140c  arc - ok
10:54:19.0740 0x140c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:54:19.0756 0x140c  arcsas - ok
10:54:19.0771 0x140c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:54:19.0787 0x140c  aspnet_state - ok
10:54:19.0787 0x140c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:54:19.0849 0x140c  AsyncMac - ok
10:54:19.0849 0x140c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
10:54:19.0865 0x140c  atapi - ok
10:54:19.0881 0x140c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:54:19.0912 0x140c  AudioEndpointBuilder - ok
10:54:19.0927 0x140c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:54:19.0943 0x140c  AudioSrv - ok
10:54:19.0959 0x140c  [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:54:19.0974 0x140c  avgntflt - ok
10:54:19.0974 0x140c  [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:54:19.0990 0x140c  avipbb - ok
10:54:20.0005 0x140c  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
10:54:20.0021 0x140c  Avira.OE.ServiceHost - ok
10:54:20.0021 0x140c  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:54:20.0037 0x140c  avkmgr - ok
10:54:20.0037 0x140c  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
10:54:20.0052 0x140c  avnetflt - ok
10:54:20.0052 0x140c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:54:20.0083 0x140c  AxInstSV - ok
10:54:20.0099 0x140c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
10:54:20.0130 0x140c  b06bdrv - ok
10:54:20.0146 0x140c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:54:20.0161 0x140c  b57nd60a - ok
10:54:20.0863 0x140c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:54:20.0895 0x140c  BDESVC - ok
10:54:20.0895 0x140c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:54:20.0926 0x140c  Beep - ok
10:54:20.0941 0x140c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
10:54:20.0973 0x140c  BFE - ok
10:54:20.0988 0x140c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:54:21.0082 0x140c  BITS - ok
10:54:21.0082 0x140c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:54:21.0097 0x140c  blbdrive - ok
10:54:21.0129 0x140c  [ 98CCFB0907C90B795E06A41A79372DB7, DAE51DE54C5FE7E50C5FCE6D348B988FBE2CAAFCCD4620D4D1118352985D081B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:54:21.0160 0x140c  Bluetooth Device Monitor - ok
10:54:21.0191 0x140c  [ 247EA1CD1EC0176672967BE27A95D46B, 56691773D684FD2069396EA38E01E70526C1CDA96EFF92C30B01E13990C4D88B ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:54:21.0238 0x140c  Bluetooth Media Service - ok
10:54:21.0269 0x140c  [ A24B01133179979911F8E499FAFFC7EE, 3B361C9551EACB6F9B681E4DE0C8833D24796D3968CEB0EDE0E5F122CC0D7F63 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:54:21.0285 0x140c  Bluetooth OBEX Service - ok
10:54:21.0300 0x140c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:54:21.0316 0x140c  bowser - ok
10:54:21.0316 0x140c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:54:21.0331 0x140c  BrFiltLo - ok
10:54:21.0331 0x140c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:54:21.0347 0x140c  BrFiltUp - ok
10:54:21.0347 0x140c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
10:54:21.0378 0x140c  Bridge - ok
10:54:21.0378 0x140c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:54:21.0409 0x140c  BridgeMP - ok
10:54:21.0409 0x140c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
10:54:21.0441 0x140c  Browser - ok
10:54:21.0441 0x140c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
10:54:21.0472 0x140c  Brserid - ok
10:54:21.0472 0x140c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:54:21.0487 0x140c  BrSerWdm - ok
10:54:21.0487 0x140c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:54:21.0503 0x140c  BrUsbMdm - ok
10:54:21.0503 0x140c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:54:21.0519 0x140c  BrUsbSer - ok
10:54:21.0519 0x140c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
10:54:21.0534 0x140c  BthEnum - ok
10:54:21.0550 0x140c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:54:21.0565 0x140c  BTHMODEM - ok
10:54:21.0565 0x140c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:54:21.0581 0x140c  BthPan - ok
10:54:21.0597 0x140c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
10:54:21.0628 0x140c  BTHPORT - ok
10:54:21.0628 0x140c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
10:54:21.0659 0x140c  bthserv - ok
10:54:21.0675 0x140c  [ 9E2AF97302B9F4BF97E952A865EB31AE, 2DE38CF8A24CC1E31604EF870704DE342D800762A2ECCF3E4AF0B183C1408456 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:54:21.0675 0x140c  BTHSSecurityMgr - ok
10:54:21.0675 0x140c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
10:54:21.0706 0x140c  BTHUSB - ok
10:54:21.0706 0x140c  [ BD64048EE0186D7988943327D677AC84, 436910AEDDBAED02A8E71BA0A96EBDE1906B20AA29F02BE2B20946898B4B0C27 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
10:54:21.0721 0x140c  btmaudio - ok
10:54:21.0721 0x140c  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
10:54:21.0737 0x140c  btmaux - ok
10:54:21.0768 0x140c  [ F15D822936DC4D9F3E374C73E9AA6D3F, 04C2A0416D051AC56D4FD6C58FEBC48238830B17B7D6CCF23D3F1B7B0F3C37A9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
10:54:21.0815 0x140c  btmhsf - ok
10:54:21.0815 0x140c  c2wts - ok
10:54:21.0831 0x140c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:54:21.0862 0x140c  cdfs - ok
10:54:21.0862 0x140c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
10:54:21.0877 0x140c  cdrom - ok
10:54:21.0893 0x140c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
10:54:21.0924 0x140c  CertPropSvc - ok
10:54:21.0924 0x140c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:54:21.0940 0x140c  circlass - ok
10:54:21.0955 0x140c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
10:54:21.0971 0x140c  CLFS - ok
10:54:21.0971 0x140c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:54:21.0987 0x140c  clr_optimization_v2.0.50727_32 - ok
10:54:21.0987 0x140c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:54:22.0002 0x140c  clr_optimization_v2.0.50727_64 - ok
10:54:22.0018 0x140c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:54:22.0033 0x140c  clr_optimization_v4.0.30319_32 - ok
10:54:22.0049 0x140c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:54:22.0065 0x140c  clr_optimization_v4.0.30319_64 - ok
10:54:22.0065 0x140c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:54:22.0080 0x140c  CmBatt - ok
10:54:22.0080 0x140c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:54:22.0096 0x140c  cmdide - ok
10:54:22.0111 0x140c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG            C:\Windows\system32\Drivers\cng.sys
10:54:22.0143 0x140c  CNG - ok
10:54:22.0143 0x140c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:54:22.0143 0x140c  Compbatt - ok
10:54:22.0158 0x140c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:54:22.0174 0x140c  CompositeBus - ok
10:54:22.0174 0x140c  COMSysApp - ok
10:54:22.0205 0x140c  [ 9DFA0D835CA97E2E99C03419185B57EE, 247E6FD2EF2C9904D114D270E65577B180477AA8211D4EC2AE4AE558A12FB0C7 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:54:22.0236 0x140c  cphs - ok
10:54:22.0236 0x140c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
10:54:22.0252 0x140c  crcdisk - ok
10:54:22.0252 0x140c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:54:22.0267 0x140c  CryptSvc - ok
10:54:22.0283 0x140c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC            C:\Windows\system32\drivers\csc.sys
10:54:22.0314 0x140c  CSC - ok
10:54:22.0330 0x140c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
10:54:22.0361 0x140c  CscService - ok
10:54:22.0361 0x140c  [ BC3D4F90978CD7C8EABD1BAF3BF7873A, 5978139650FC51BE0CAB12061702C7BC7BEDF6E7C3A047FF0A6328AA674E4226 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:54:22.0377 0x140c  CtClsFlt - ok
10:54:22.0392 0x140c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:54:22.0439 0x140c  DcomLaunch - ok
10:54:22.0439 0x140c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
10:54:22.0486 0x140c  defragsvc - ok
10:54:22.0486 0x140c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:54:22.0517 0x140c  DfsC - ok
10:54:22.0517 0x140c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:54:22.0533 0x140c  dg_ssudbus - ok
10:54:22.0548 0x140c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:54:22.0564 0x140c  Dhcp - ok
10:54:22.0595 0x140c  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack      C:\Windows\system32\diagtrack.dll
10:54:22.0642 0x140c  DiagTrack - ok
10:54:22.0642 0x140c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:54:22.0673 0x140c  discache - ok
10:54:22.0673 0x140c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
10:54:22.0689 0x140c  Disk - ok
10:54:22.0704 0x140c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc          C:\Windows\system32\drivers\dmvsc.sys
10:54:22.0720 0x140c  dmvsc - ok
10:54:22.0720 0x140c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:54:22.0735 0x140c  Dnscache - ok
10:54:22.0751 0x140c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
10:54:22.0798 0x140c  dot3svc - ok
10:54:22.0798 0x140c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
10:54:22.0829 0x140c  DPS - ok
10:54:22.0829 0x140c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
10:54:22.0845 0x140c  drmkaud - ok
10:54:22.0845 0x140c  [ F2D97A85F4F6E0942BC17C4EECEEE6B7, 3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:54:22.0860 0x140c  dsNcAdpt - ok
10:54:22.0876 0x140c  [ 07D2BA840A68855E0D0C9E0DF72B0FE6, 8FFE84A92DEBFD96B0A82D9262799DF1D0C131E4F1A4D80DAE99AA9159F557E9 ] dsNcService    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:54:22.0907 0x140c  dsNcService - ok
10:54:22.0907 0x140c  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:54:22.0938 0x140c  dtsoftbus01 - ok
10:54:22.0954 0x140c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
10:54:23.0001 0x140c  DXGKrnl - ok
10:54:23.0001 0x140c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
10:54:23.0047 0x140c  EapHost - ok
10:54:23.0110 0x140c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
10:54:23.0203 0x140c  ebdrv - ok
10:54:23.0219 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS            C:\Windows\System32\lsass.exe
10:54:23.0235 0x140c  EFS - ok
10:54:23.0250 0x140c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
10:54:23.0297 0x140c  ehRecvr - ok
10:54:23.0297 0x140c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
10:54:23.0313 0x140c  ehSched - ok
10:54:23.0328 0x140c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
10:54:23.0344 0x140c  elxstor - ok
10:54:23.0344 0x140c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:54:23.0359 0x140c  ErrDev - ok
10:54:23.0375 0x140c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
10:54:23.0422 0x140c  EventSystem - ok
10:54:23.0453 0x140c  [ B20A788579E443F768AAB1A24F705D0A, 7F861BFAE038F44FABE96F91FA9C28D6FFEBA61A400F49B77F60829DE3C31638 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:54:23.0500 0x140c  EvtEng - ok
10:54:23.0500 0x140c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
10:54:23.0531 0x140c  exfat - ok
10:54:23.0547 0x140c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
10:54:23.0578 0x140c  fastfat - ok
10:54:23.0593 0x140c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
10:54:23.0625 0x140c  Fax - ok
10:54:23.0625 0x140c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\drivers\fdc.sys
10:54:23.0640 0x140c  fdc - ok
10:54:23.0640 0x140c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
10:54:23.0671 0x140c  fdPHost - ok
10:54:23.0671 0x140c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:54:23.0703 0x140c  FDResPub - ok
10:54:23.0718 0x140c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:54:23.0734 0x140c  FileInfo - ok
10:54:23.0734 0x140c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
10:54:23.0765 0x140c  Filetrace - ok
10:54:23.0765 0x140c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:54:23.0781 0x140c  flpydisk - ok
10:54:23.0781 0x140c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:54:23.0812 0x140c  FltMgr - ok
10:54:23.0827 0x140c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache      C:\Windows\system32\FntCache.dll
10:54:23.0874 0x140c  FontCache - ok
10:54:23.0874 0x140c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:54:23.0890 0x140c  FontCache3.0.0.0 - ok
10:54:23.0890 0x140c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
10:54:23.0905 0x140c  FsDepends - ok
10:54:23.0905 0x140c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:54:23.0921 0x140c  Fs_Rec - ok
10:54:23.0937 0x140c  [ 38F3CF15321DC2B47C7907EB222B637A, C2CE4F62BD7C93566C36B7290DA3E804FB79A18A18E2544E2B6404B473483D4E ] fussvc          C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
10:54:23.0937 0x140c  fussvc - detected UnsignedFile.Multi.Generic ( 1 )
10:54:26.0811 0x140c  Detect skipped due to KSN trusted
10:54:26.0811 0x140c  fussvc - ok
10:54:26.0827 0x140c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:54:26.0842 0x140c  fvevol - ok
10:54:26.0842 0x140c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:54:26.0858 0x140c  gagp30kx - ok
10:54:26.0873 0x140c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
10:54:26.0920 0x140c  gpsvc - ok
10:54:26.0936 0x140c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:54:26.0936 0x140c  gupdate - ok
10:54:26.0951 0x140c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:54:26.0951 0x140c  gupdatem - ok
10:54:26.0951 0x140c  [ BDDBCFF870442B3C24C158CD53079132, 62314C296ACF1EF9EB38FB70B66B57D1BB9917C8536B39892272D172BC58A5C3 ] hcmon          C:\Windows\system32\drivers\hcmon.sys
10:54:26.0967 0x140c  hcmon - ok
10:54:26.0967 0x140c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:54:26.0983 0x140c  hcw85cir - ok
10:54:26.0998 0x140c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:54:27.0029 0x140c  HdAudAddService - ok
10:54:27.0029 0x140c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:54:27.0045 0x140c  HDAudBus - ok
10:54:27.0045 0x140c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
10:54:27.0061 0x140c  HidBatt - ok
10:54:27.0061 0x140c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:54:27.0092 0x140c  HidBth - ok
10:54:27.0092 0x140c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\drivers\hidir.sys
10:54:27.0107 0x140c  HidIr - ok
10:54:27.0107 0x140c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\system32\hidserv.dll
10:54:27.0139 0x140c  hidserv - ok
10:54:27.0139 0x140c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:54:27.0154 0x140c  HidUsb - ok
10:54:27.0154 0x140c  HitmanPro37CrusaderBoot - ok
10:54:27.0170 0x140c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:54:27.0201 0x140c  hkmsvc - ok
10:54:27.0201 0x140c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:54:27.0232 0x140c  HomeGroupListener - ok
10:54:27.0232 0x140c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:54:27.0248 0x140c  HomeGroupProvider - ok
10:54:27.0263 0x140c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:54:27.0279 0x140c  HpSAMD - ok
10:54:27.0295 0x140c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:54:27.0310 0x140c  HTTP - ok
10:54:27.0326 0x140c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:54:27.0326 0x140c  hwpolicy - ok
10:54:27.0326 0x140c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:54:27.0388 0x140c  i8042prt - ok
10:54:27.0404 0x140c  [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:54:27.0419 0x140c  iaStor - ok
10:54:27.0419 0x140c  [ 983FC69644DDF0486C8DFEA262948D1A, 329EC95117C31E61F6D22D79CFF339D70A70522710E7DC0CED06EC95E6D4B34F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:54:27.0419 0x140c  IAStorDataMgrSvc - ok
10:54:27.0435 0x140c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
10:54:27.0466 0x140c  iaStorV - ok
10:54:27.0466 0x140c  [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:54:27.0482 0x140c  iBtFltCoex - ok
10:54:27.0482 0x140c  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
10:54:27.0497 0x140c  ICCS - ok
10:54:27.0513 0x140c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:54:27.0560 0x140c  idsvc - ok
10:54:27.0560 0x140c  IEEtwCollectorService - ok
10:54:27.0669 0x140c  [ 0143C860F0D09B8465AE803FDDB47BE9, C11B079AC7338981BA844BF62B96FDC4FD83018E9F67CCA9ADE426978FCF2562 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:54:27.0856 0x140c  igfx - ok
10:54:27.0887 0x140c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
10:54:27.0887 0x140c  iirsp - ok
10:54:27.0903 0x140c  [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
10:54:27.0919 0x140c  IISADMIN - ok
10:54:27.0934 0x140c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:54:27.0965 0x140c  IKEEXT - ok
10:54:28.0028 0x140c  [ 8FED6428FDE53D7F4C105095F22524BE, 58DE45CB61643B25ABA73BD77553021FDD9AA904749582B10CDC662534CD77E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:54:28.0106 0x140c  IntcAzAudAddService - ok
10:54:28.0121 0x140c  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:54:28.0153 0x140c  IntcDAud - ok
10:54:28.0153 0x140c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:54:28.0153 0x140c  intelide - ok
10:54:28.0168 0x140c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:54:28.0184 0x140c  intelppm - ok
10:54:28.0184 0x140c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
10:54:28.0215 0x140c  IPBusEnum - ok
10:54:28.0215 0x140c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:54:28.0246 0x140c  IpFilterDriver - ok
10:54:28.0262 0x140c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:54:28.0293 0x140c  iphlpsvc - ok
10:54:28.0293 0x140c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
10:54:28.0309 0x140c  IPMIDRV - ok
10:54:28.0309 0x140c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
10:54:28.0340 0x140c  IPNAT - ok
10:54:28.0355 0x140c  [ 944A6D2E1D971806EFFE4BBABF0DBDC7, 394FC1137D2F5CAE0076229EBFEA940584A15AE4D382006507292A94441AF442 ] IpOverUsbSvc    C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
10:54:28.0355 0x140c  IpOverUsbSvc - ok
10:54:28.0355 0x140c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:54:28.0371 0x140c  IRENUM - ok
10:54:28.0387 0x140c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:54:28.0387 0x140c  isapnp - ok
10:54:28.0402 0x140c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:54:28.0418 0x140c  iScsiPrt - ok
10:54:28.0433 0x140c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:54:28.0433 0x140c  kbdclass - ok
10:54:28.0449 0x140c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:54:28.0449 0x140c  kbdhid - ok
10:54:28.0465 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
10:54:28.0465 0x140c  KeyIso - ok
10:54:28.0465 0x140c  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:54:28.0480 0x140c  KSecDD - ok
10:54:28.0496 0x140c  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
10:54:28.0511 0x140c  KSecPkg - ok
10:54:28.0511 0x140c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
10:54:28.0543 0x140c  ksthunk - ok
10:54:28.0558 0x140c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
10:54:28.0589 0x140c  KtmRm - ok
10:54:28.0605 0x140c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:54:28.0636 0x140c  LanmanServer - ok
10:54:28.0636 0x140c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:54:28.0683 0x140c  LanmanWorkstation - ok
10:54:28.0683 0x140c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:54:28.0714 0x140c  lltdio - ok
10:54:28.0730 0x140c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
10:54:28.0761 0x140c  lltdsvc - ok
10:54:28.0777 0x140c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
10:54:28.0808 0x140c  lmhosts - ok
10:54:28.0808 0x140c  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:54:28.0823 0x140c  LMS - ok
10:54:28.0823 0x140c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:54:28.0839 0x140c  LSI_FC - ok
10:54:28.0855 0x140c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
10:54:28.0870 0x140c  LSI_SAS - ok
10:54:28.0870 0x140c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:54:28.0886 0x140c  LSI_SAS2 - ok
10:54:28.0886 0x140c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:54:28.0901 0x140c  LSI_SCSI - ok
10:54:28.0901 0x140c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
10:54:28.0933 0x140c  luafv - ok
10:54:28.0948 0x140c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
10:54:28.0948 0x140c  MBAMProtector - ok
10:54:28.0979 0x140c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
10:54:29.0011 0x140c  MBAMService - ok
10:54:29.0026 0x140c  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy  C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:54:29.0042 0x140c  MBAMSwissArmy - ok
10:54:29.0042 0x140c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:54:29.0057 0x140c  MBAMWebAccessControl - ok
10:54:29.0057 0x140c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
10:54:29.0089 0x140c  Mcx2Svc - ok
10:54:29.0089 0x140c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\drivers\megasas.sys
10:54:29.0106 0x140c  megasas - ok
10:54:29.0106 0x140c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:54:29.0122 0x140c  MegaSR - ok
10:54:29.0137 0x140c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:54:29.0137 0x140c  MEIx64 - ok
10:54:29.0153 0x140c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
10:54:29.0169 0x140c  MMCSS - ok
10:54:29.0184 0x140c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
10:54:29.0215 0x140c  Modem - ok
10:54:29.0215 0x140c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
10:54:29.0231 0x140c  monitor - ok
10:54:29.0231 0x140c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:54:29.0247 0x140c  mouclass - ok
10:54:29.0247 0x140c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:54:29.0262 0x140c  mouhid - ok
10:54:29.0262 0x140c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:54:29.0278 0x140c  mountmgr - ok
10:54:29.0278 0x140c  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:54:29.0293 0x140c  MozillaMaintenance - ok
10:54:29.0309 0x140c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:54:29.0325 0x140c  mpio - ok
10:54:29.0325 0x140c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:54:29.0356 0x140c  mpsdrv - ok
10:54:29.0371 0x140c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:54:29.0434 0x140c  MpsSvc - ok
10:54:29.0434 0x140c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:54:29.0465 0x140c  MRxDAV - ok
10:54:29.0465 0x140c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:54:29.0481 0x140c  mrxsmb - ok
10:54:29.0496 0x140c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:54:29.0512 0x140c  mrxsmb10 - ok
10:54:29.0512 0x140c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:54:29.0527 0x140c  mrxsmb20 - ok
10:54:29.0543 0x140c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:54:29.0543 0x140c  msahci - ok
10:54:29.0559 0x140c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
10:54:29.0574 0x140c  msdsm - ok
10:54:29.0574 0x140c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
10:54:29.0590 0x140c  MSDTC - ok
10:54:29.0590 0x140c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:54:29.0621 0x140c  Msfs - ok
10:54:29.0637 0x140c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
10:54:29.0652 0x140c  mshidkmdf - ok
10:54:29.0668 0x140c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:54:29.0668 0x140c  msisadrv - ok
10:54:29.0683 0x140c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
10:54:29.0715 0x140c  MSiSCSI - ok
10:54:29.0730 0x140c  msiserver - ok
10:54:29.0730 0x140c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
10:54:29.0761 0x140c  MSKSSRV - ok
10:54:29.0761 0x140c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:54:29.0793 0x140c  MSPCLOCK - ok
10:54:29.0793 0x140c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
10:54:29.0808 0x140c  MSPQM - ok
10:54:29.0824 0x140c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
10:54:29.0839 0x140c  MsRPC - ok
10:54:29.0855 0x140c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:54:29.0871 0x140c  mssmbios - ok
10:54:29.0871 0x140c  MSSQL$SQLEXPRESS - ok
10:54:29.0871 0x140c  [ 04EF36EAF5C4DBCE424D81B76F1E9231, ABA97C3004903852357264291613649D823F5BB24806E6CF9952AB3AA0E97C15 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:54:29.0886 0x140c  MSSQLServerADHelper100 - ok
10:54:29.0886 0x140c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
10:54:29.0917 0x140c  MSTEE - ok
10:54:29.0917 0x140c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:54:29.0933 0x140c  MTConfig - ok
10:54:29.0933 0x140c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
10:54:29.0949 0x140c  Mup - ok
10:54:29.0964 0x140c  [ F217D7718FD7577AF331E89910B2D21E, 216605E4F3F7E2FDB531E4197FBDE46166D5C7D812099D322E20E0CA4BF4797C ] MyWiFiDHCPDNS  C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:54:29.0980 0x140c  MyWiFiDHCPDNS - ok
10:54:29.0995 0x140c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:54:30.0027 0x140c  napagent - ok
10:54:30.0042 0x140c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
10:54:30.0058 0x140c  NativeWifiP - ok
10:54:30.0089 0x140c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:54:30.0105 0x140c  NDIS - ok
10:54:30.0120 0x140c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
10:54:30.0151 0x140c  NdisCap - ok
10:54:30.0151 0x140c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:54:30.0183 0x140c  NdisTapi - ok
10:54:30.0183 0x140c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
10:54:30.0214 0x140c  Ndisuio - ok
10:54:30.0214 0x140c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
10:54:30.0245 0x140c  NdisWan - ok
10:54:30.0261 0x140c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
10:54:30.0276 0x140c  NDProxy - ok
10:54:30.0292 0x140c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
10:54:30.0323 0x140c  NetBIOS - ok
10:54:30.0323 0x140c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
10:54:30.0354 0x140c  NetBT - ok
10:54:30.0354 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
10:54:30.0370 0x140c  Netlogon - ok
10:54:30.0370 0x140c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:54:30.0417 0x140c  Netman - ok
10:54:30.0417 0x140c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0448 0x140c  NetMsmqActivator - ok
10:54:30.0448 0x140c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0463 0x140c  NetPipeActivator - ok
10:54:30.0479 0x140c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:54:30.0526 0x140c  netprofm - ok
10:54:30.0526 0x140c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0541 0x140c  NetTcpActivator - ok
10:54:30.0541 0x140c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0557 0x140c  NetTcpPortSharing - ok
10:54:30.0744 0x140c  [ 9FD1BE1881446D954FF77244AE58FBCB, 4FC9FFDB8F3079372C33F87102E38DC6A82E47FB8751498447CA4B00C2A17694 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
10:54:30.0978 0x140c  NETwNs64 - ok
10:54:30.0994 0x140c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
10:54:31.0009 0x140c  nfrd960 - ok
10:54:31.0009 0x140c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:54:31.0025 0x140c  NlaSvc - ok
10:54:31.0041 0x140c  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF            C:\Windows\system32\drivers\npf.sys
10:54:31.0056 0x140c  NPF - ok
10:54:31.0056 0x140c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:54:31.0087 0x140c  Npfs - ok
10:54:31.0087 0x140c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
10:54:31.0119 0x140c  nsi - ok
10:54:31.0119 0x140c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:54:31.0150 0x140c  nsiproxy - ok
10:54:31.0181 0x140c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:54:31.0243 0x140c  Ntfs - ok
10:54:31.0243 0x140c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:54:31.0275 0x140c  Null - ok
10:54:31.0275 0x140c  [ D584ABB6A308933A5F72B46C9E5A783F, 31922A27B3A9A64A9F71B7591FCAC6E0ACD15E36B9BFC4B4D75DE473E0F5CF6B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:54:31.0290 0x140c  nusb3hub - ok
10:54:31.0290 0x140c  [ 345B9C04E2036DA4346E3249A5BDFD06, 2FCA4661757EC8E33F6D1E8066165C0E0A0D32649318412A79A915B83496236A ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:54:31.0306 0x140c  nusb3xhc - ok
10:54:31.0321 0x140c  [ 10204955027011E08A9DC27737A48A54, 80F75EDE9FBEF4B6E6B2D43563C025C3458BA43F3E0988F52316C5591A54CAF0 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
10:54:31.0337 0x140c  NVHDA - ok
10:54:31.0337 0x140c  [ 198FA966EAF04D732EBD13BA9EE47CB7, FEF8EF4BF3FE32BB25B3ADC04C4827151FC4B08910406FB2E9D111E410930328 ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
10:54:31.0368 0x140c  nvkflt - ok
10:54:31.0620 0x140c  [ B98F9AE82D175F85290BC6FE2141A79F, C73BCFB3B881DB2636608F7FC3DF124F90CFC1AA83CE413C1EAA573F78CDBAD2 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:54:31.0932 0x140c  nvlddmkm - ok
10:54:31.0979 0x140c  [ 1B53F35149571A14D8C012FBD4A044A6, C851FDF850D81A44EE29F4AFA82C17BFF94F80C3947C68D47657C0C3927BC677 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
10:54:32.0025 0x140c  NvNetworkService - ok
10:54:32.0025 0x140c  [ 8F1C3A1020EE98422A903F0B6A71BF43, 3E33E21B2D1ABF50D0CAEDD47892A0A08B460E620072C0DF1E5D91422EC512EF ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
10:54:32.0041 0x140c  nvpciflt - ok
10:54:32.0057 0x140c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:54:32.0072 0x140c  nvraid - ok
10:54:32.0072 0x140c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:54:32.0088 0x140c  nvstor - ok
10:54:32.0088 0x140c  [ EAEFCA23772313EDECEAE7BBC923940F, BB12E55D449EB55D4414F0AF7658E5484A3688DBA65EC14EA100A62D7B4F76D5 ] NvStreamKms    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
10:54:32.0103 0x140c  NvStreamKms - ok
10:54:32.0478 0x140c  [ 97AE451221EB748CBE409D238CB2B44E, B83587BB92F8D3D6A1E43BBEA4B917410B2782690E006281A7F3877FFBFE3FA7 ] NvStreamSvc    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
10:54:32.0946 0x140c  NvStreamSvc - ok
10:54:33.0024 0x140c  [ E51E82C7FAF2ED0F61CF901D28949ADB, 1CB209F61F26DD4A6D2DB2369B423BCA2848227B265C5809F9B2C411ACEE16F9 ] nvsvc          C:\Windows\system32\nvvsvc.exe
10:54:33.0055 0x140c  nvsvc - ok
10:54:33.0071 0x140c  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
10:54:33.0071 0x140c  nvvad_WaveExtensible - ok
10:54:33.0086 0x140c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:54:33.0102 0x140c  nv_agp - ok
10:54:33.0117 0x140c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:54:33.0133 0x140c  odserv - ok
10:54:33.0149 0x140c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:54:33.0164 0x140c  ohci1394 - ok
10:54:33.0164 0x140c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:54:33.0180 0x140c  ose - ok
10:54:33.0195 0x140c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:54:33.0211 0x140c  p2pimsvc - ok
10:54:33.0227 0x140c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:54:33.0242 0x140c  p2psvc - ok
10:54:33.0258 0x140c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\drivers\parport.sys
10:54:33.0273 0x140c  Parport - ok
10:54:33.0273 0x140c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
10:54:33.0289 0x140c  partmgr - ok
10:54:33.0289 0x140c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:54:33.0305 0x140c  PcaSvc - ok
10:54:33.0320 0x140c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
10:54:33.0336 0x140c  pci - ok
10:54:33.0336 0x140c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:54:33.0351 0x140c  pciide - ok
10:54:33.0351 0x140c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:54:33.0367 0x140c  pcmcia - ok
10:54:33.0383 0x140c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
10:54:33.0398 0x140c  pcw - ok
10:54:33.0414 0x140c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:54:33.0445 0x140c  PEAUTH - ok
10:54:33.0476 0x140c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
10:54:33.0523 0x140c  PeerDistSvc - ok
10:54:33.0539 0x140c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:54:33.0554 0x140c  PerfHost - ok
10:54:33.0585 0x140c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
10:54:33.0663 0x140c  pla - ok
10:54:33.0679 0x140c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:54:33.0710 0x140c  PlugPlay - ok
10:54:33.0710 0x140c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
10:54:33.0726 0x140c  PNRPAutoReg - ok
10:54:33.0741 0x140c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
10:54:33.0757 0x140c  PNRPsvc - ok
10:54:33.0773 0x140c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
10:54:33.0804 0x140c  PolicyAgent - ok
10:54:33.0819 0x140c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
10:54:33.0851 0x140c  Power - ok
10:54:33.0851 0x140c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:54:33.0882 0x140c  PptpMiniport - ok
10:54:33.0882 0x140c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\drivers\processr.sys
10:54:33.0897 0x140c  Processor - ok
10:54:33.0913 0x140c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc        C:\Windows\system32\profsvc.dll
10:54:33.0929 0x140c  ProfSvc - ok
10:54:33.0929 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:54:33.0944 0x140c  ProtectedStorage - ok
10:54:33.0944 0x140c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:54:33.0975 0x140c  Psched - ok
10:54:33.0975 0x140c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:54:33.0991 0x140c  PxHlpa64 - ok
10:54:33.0991 0x140c  [ 0928BD20273625622722FE1DE5BBDE57, 5313C222F8810D3A62CCE64482B5E50E58BBE2A2C298A23C84A454C34324AC52 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
10:54:34.0007 0x140c  qicflt - ok
10:54:34.0038 0x140c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:54:34.0085 0x140c  ql2300 - ok
10:54:34.0100 0x140c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:54:34.0116 0x140c  ql40xx - ok
10:54:34.0116 0x140c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
10:54:34.0147 0x140c  QWAVE - ok
10:54:34.0147 0x140c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:54:34.0163 0x140c  QWAVEdrv - ok
10:54:34.0163 0x140c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:54:34.0194 0x140c  RasAcd - ok
10:54:34.0209 0x140c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
10:54:34.0225 0x140c  RasAgileVpn - ok
10:54:34.0241 0x140c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
10:54:34.0272 0x140c  RasAuto - ok
10:54:34.0272 0x140c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
10:54:34.0303 0x140c  Rasl2tp - ok
10:54:34.0319 0x140c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:54:34.0350 0x140c  RasMan - ok
10:54:34.0365 0x140c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:54:34.0397 0x140c  RasPppoe - ok
10:54:34.0397 0x140c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
10:54:34.0428 0x140c  RasSstp - ok
10:54:34.0428 0x140c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
10:54:34.0475 0x140c  rdbss - ok
10:54:34.0475 0x140c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:54:34.0490 0x140c  rdpbus - ok
10:54:34.0490 0x140c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:54:34.0521 0x140c  RDPCDD - ok
10:54:34.0521 0x140c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
10:54:34.0537 0x140c  RDPDR - ok
10:54:34.0553 0x140c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:54:34.0568 0x140c  RDPENCDD - ok
10:54:34.0584 0x140c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:54:34.0599 0x140c  RDPREFMP - ok
10:54:34.0615 0x140c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
10:54:34.0631 0x140c  RDPWD - ok
10:54:34.0631 0x140c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:54:34.0662 0x140c  rdyboost - ok
10:54:34.0677 0x140c  [ B9A0810D16EA7935B10A5499ABA61DC3, 231D8E9E07FACC03D2E0A4AC97B1151DB942B0B297FFF20A703878EC3A20770D ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:54:34.0693 0x140c  RegSrvc - ok
10:54:34.0709 0x140c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:54:34.0740 0x140c  RemoteAccess - ok
10:54:34.0740 0x140c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:54:34.0787 0x140c  RemoteRegistry - ok
10:54:34.0787 0x140c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:54:34.0802 0x140c  RFCOMM - ok
10:54:34.0818 0x140c  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
10:54:34.0833 0x140c  rpcapd - ok
10:54:34.0833 0x140c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:54:34.0865 0x140c  RpcEptMapper - ok
10:54:34.0865 0x140c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:54:34.0880 0x140c  RpcLocator - ok
10:54:34.0896 0x140c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
10:54:34.0927 0x140c  RpcSs - ok
10:54:34.0943 0x140c  [ 8415D92661B147BA54BE05AD18B82186, EA1A31887332273D81CF0C1D4C1AD3D735A6EB24E80B838F6D7B501439BD49B5 ] RsFx0153        C:\Windows\system32\DRIVERS\RsFx0153.sys
10:54:34.0958 0x140c  RsFx0153 - ok
10:54:34.0974 0x140c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:54:34.0989 0x140c  rspndr - ok
10:54:35.0005 0x140c  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
10:54:35.0036 0x140c  RTL8167 - ok
10:54:35.0036 0x140c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
10:54:35.0052 0x140c  s3cap - ok
10:54:35.0052 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs          C:\Windows\system32\lsass.exe
10:54:35.0067 0x140c  SamSs - ok
10:54:35.0067 0x140c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:54:35.0083 0x140c  sbp2port - ok
10:54:35.0083 0x140c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:54:35.0130 0x140c  SCardSvr - ok
10:54:35.0130 0x140c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:54:35.0161 0x140c  scfilter - ok
10:54:35.0192 0x140c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:54:35.0255 0x140c  Schedule - ok
10:54:35.0255 0x140c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
10:54:35.0270 0x140c  SCPolicySvc - ok
10:54:35.0286 0x140c  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
10:54:35.0301 0x140c  sdbus - ok
10:54:35.0301 0x140c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:54:35.0333 0x140c  SDRSVC - ok
10:54:35.0333 0x140c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:54:35.0364 0x140c  secdrv - ok
10:54:35.0364 0x140c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:54:35.0395 0x140c  seclogon - ok
10:54:35.0395 0x140c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:54:35.0426 0x140c  SENS - ok
10:54:35.0442 0x140c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:54:35.0457 0x140c  SensrSvc - ok
10:54:35.0457 0x140c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\drivers\serenum.sys
10:54:35.0473 0x140c  Serenum - ok
10:54:35.0473 0x140c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
10:54:35.0489 0x140c  Serial - ok
10:54:35.0489 0x140c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:54:35.0504 0x140c  sermouse - ok
10:54:35.0520 0x140c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:54:35.0551 0x140c  SessionEnv - ok
10:54:35.0551 0x140c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
10:54:35.0567 0x140c  sffdisk - ok
10:54:35.0567 0x140c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:54:35.0582 0x140c  sffp_mmc - ok
10:54:35.0582 0x140c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
10:54:35.0598 0x140c  sffp_sd - ok
10:54:35.0598 0x140c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
10:54:35.0613 0x140c  sfloppy - ok
10:54:35.0629 0x140c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:54:35.0660 0x140c  SharedAccess - ok
10:54:35.0676 0x140c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:54:35.0723 0x140c  ShellHWDetection - ok
10:54:35.0723 0x140c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:54:35.0738 0x140c  SiSRaid2 - ok
10:54:35.0738 0x140c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:54:35.0754 0x140c  SiSRaid4 - ok
10:54:35.0769 0x140c  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
10:54:35.0769 0x140c  SkypeUpdate - ok
10:54:35.0785 0x140c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
10:54:35.0816 0x140c  Smb - ok
10:54:35.0816 0x140c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:54:35.0832 0x140c  SNMPTRAP - ok
10:54:35.0832 0x140c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
10:54:35.0847 0x140c  spldr - ok
10:54:35.0863 0x140c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
10:54:35.0894 0x140c  Spooler - ok
10:54:35.0972 0x140c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:54:36.0066 0x140c  sppsvc - ok
10:54:36.0081 0x140c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
10:54:36.0128 0x140c  sppuinotify - ok
10:54:36.0128 0x140c  [ F6057BCA087F571DE25267C7FC0FCB7E, 7D804277F3615CB759A62431906F5ABFC0C30DFD4AC42F3EE22735063B15E8AE ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:54:36.0159 0x140c  SQLAgent$SQLEXPRESS - ok
10:54:36.0159 0x140c  [ 8FD8EE71D7D639F85805EEE4ADB2AA15, 027E680BE49F705843B0117A72FAFC7681798B99685B91989928EF03767CD7A5 ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:54:36.0175 0x140c  SQLWriter - ok
10:54:36.0191 0x140c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
10:54:36.0222 0x140c  srv - ok
10:54:36.0237 0x140c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:54:36.0253 0x140c  srv2 - ok
10:54:36.0269 0x140c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:54:36.0284 0x140c  srvnet - ok
10:54:36.0284 0x140c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
10:54:36.0331 0x140c  SSDPSRV - ok
10:54:36.0331 0x140c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
10:54:36.0362 0x140c  SstpSvc - ok
10:54:36.0378 0x140c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
10:54:36.0393 0x140c  ssudmdm - ok
10:54:36.0409 0x140c  [ 75573D89D9DAE72F00F156EC9C963B71, F24A2DDE26046244E8A1C623A50F2730DDED5152A4E209BFD686F4A12A9CD0DE ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:54:36.0425 0x140c  Stereo Service - ok
10:54:36.0425 0x140c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:54:36.0440 0x140c  stexstor - ok
10:54:36.0456 0x140c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:54:36.0487 0x140c  stisvc - ok
10:54:36.0503 0x140c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
10:54:36.0503 0x140c  storflt - ok
10:54:36.0518 0x140c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc        C:\Windows\system32\storsvc.dll
10:54:36.0534 0x140c  StorSvc - ok
10:54:36.0534 0x140c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc        C:\Windows\system32\drivers\storvsc.sys
10:54:36.0549 0x140c  storvsc - ok
10:54:36.0549 0x140c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:54:36.0565 0x140c  swenum - ok
10:54:36.0581 0x140c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:54:36.0612 0x140c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
10:54:39.0435 0x140c  Detect skipped due to KSN trusted
10:54:39.0435 0x140c  SwitchBoard - ok
10:54:39.0451 0x140c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
10:54:39.0498 0x140c  swprv - ok
10:54:39.0529 0x140c  [ B0C7D4DCF4800DF2F2145B500D0161E8, 0E62B0143040C135CA3C09E6D8A5BD6FC0655C860C3BD000BE076EB1E69E7273 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
10:54:39.0576 0x140c  SynTP - ok
10:54:39.0607 0x140c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
10:54:39.0669 0x140c  SysMain - ok
10:54:39.0685 0x140c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:54:39.0701 0x140c  TabletInputService - ok
10:54:39.0716 0x140c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
10:54:39.0747 0x140c  TapiSrv - ok
10:54:39.0763 0x140c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
10:54:39.0779 0x140c  TBS - ok
10:54:39.0825 0x140c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
10:54:39.0888 0x140c  Tcpip - ok
10:54:39.0935 0x140c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:54:39.0981 0x140c  TCPIP6 - ok
10:54:39.0981 0x140c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:54:39.0997 0x140c  tcpipreg - ok
10:54:39.0997 0x140c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:54:40.0013 0x140c  TDPIPE - ok
10:54:40.0013 0x140c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
10:54:40.0028 0x140c  TDTCP - ok
10:54:40.0028 0x140c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
10:54:40.0044 0x140c  tdx - ok
10:54:40.0059 0x140c  [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service      C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
10:54:40.0059 0x140c  Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
10:54:42.0948 0x140c  Detect skipped due to KSN trusted
10:54:42.0948 0x140c  Te.Service - ok
10:54:42.0948 0x140c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:54:42.0964 0x140c  TermDD - ok
10:54:42.0995 0x140c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService    C:\Windows\System32\termsrv.dll
10:54:43.0042 0x140c  TermService - ok
10:54:43.0042 0x140c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:54:43.0058 0x140c  Themes - ok
10:54:43.0073 0x140c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
10:54:43.0089 0x140c  THREADORDER - ok
10:54:43.0104 0x140c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:54:43.0136 0x140c  TrkWks - ok
10:54:43.0136 0x140c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:54:43.0167 0x140c  TrustedInstaller - ok
10:54:43.0167 0x140c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:54:43.0182 0x140c  tssecsrv - ok
10:54:43.0182 0x140c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:54:43.0198 0x140c  TsUsbFlt - ok
10:54:43.0214 0x140c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
10:54:43.0214 0x140c  TsUsbGD - ok
10:54:43.0229 0x140c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:54:43.0260 0x140c  tunnel - ok
10:54:43.0260 0x140c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:54:43.0276 0x140c  uagp35 - ok
10:54:43.0276 0x140c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:54:43.0323 0x140c  udfs - ok
10:54:43.0338 0x140c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
10:54:43.0354 0x140c  UI0Detect - ok
10:54:43.0354 0x140c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:54:43.0370 0x140c  uliagpkx - ok
10:54:43.0370 0x140c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
10:54:43.0385 0x140c  umbus - ok
10:54:43.0401 0x140c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:54:43.0401 0x140c  UmPass - ok
10:54:43.0416 0x140c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:54:43.0432 0x140c  UmRdpService - ok
10:54:43.0494 0x140c  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:54:43.0557 0x140c  UNS - ok
10:54:43.0572 0x140c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:54:43.0604 0x140c  upnphost - ok
10:54:43.0604 0x140c  [ F720A06140072B31E43A96F123858AA5, CA94176F2B72247F920B2C041B36CEDE360BA19BF6A7F17149561FA39AAA4449 ] US800_01        C:\Windows\system32\DRIVERS\US800Wdm.sys
10:54:43.0619 0x140c  US800_01 - ok
10:54:43.0619 0x140c  [ A074A3491B023FB8EC826B1DF6716141, 90E898E3BEEC60A1170E93C56C03E97D5BA83D74613BBA13871D22E03918020B ] US800_AA        C:\Windows\system32\DRIVERS\US800Drv.sys
10:54:43.0635 0x140c  US800_AA - ok
10:54:43.0650 0x140c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:54:43.0666 0x140c  usbaudio - ok
10:54:43.0666 0x140c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
10:54:43.0682 0x140c  usbccgp - ok
10:54:43.0697 0x140c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:54:43.0713 0x140c  usbcir - ok
10:54:43.0713 0x140c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
10:54:43.0728 0x140c  usbehci - ok
10:54:43.0728 0x140c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:54:43.0760 0x140c  usbhub - ok
10:54:43.0760 0x140c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
10:54:43.0775 0x140c  usbohci - ok
10:54:43.0775 0x140c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:54:43.0791 0x140c  usbprint - ok
10:54:43.0791 0x140c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:54:43.0806 0x140c  USBSTOR - ok
10:54:43.0822 0x140c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
10:54:43.0822 0x140c  usbuhci - ok
10:54:43.0838 0x140c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:54:43.0853 0x140c  usbvideo - ok
10:54:43.0853 0x140c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
10:54:43.0869 0x140c  usb_rndisx - ok
10:54:43.0869 0x140c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
10:54:43.0900 0x140c  UxSms - ok
10:54:43.0900 0x140c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
10:54:43.0916 0x140c  VaultSvc - ok
10:54:43.0931 0x140c  [ D6C1F7B354C49A248BD897D4B7BA3C37, 90C9E8BED1AEB314636A7BC86E26E484EADE53C744D2E8A7A316459709760A5E ] VBoxDrv        C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:54:43.0962 0x140c  VBoxDrv - ok
10:54:43.0978 0x140c  [ 95717FCA60876284568B5CD476A59C41, 9A360985F072448A89890ACC5DD2155DDA0FD1EC2FFAC4697F0CFE60548CC980 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:54:43.0994 0x140c  VBoxNetAdp - ok
10:54:43.0994 0x140c  [ 15C038D331E2497DF81926A379D87FEC, C56208F4F6D1FD2E6CB6ECB6B258ABE71B22CC07136258C623FE42676E6F26AF ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:54:44.0009 0x140c  VBoxNetFlt - ok
10:54:44.0009 0x140c  [ 93B031F740A2E1BB8B6C713DD09A897F, 22AF911DD4C1C1E256F0CA086CF32F222E1040056C859A2E97AA1D39A0A4B0AB ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:54:44.0040 0x140c  VBoxUSBMon - ok
10:54:44.0040 0x140c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:54:44.0056 0x140c  vdrvroot - ok
10:54:44.0056 0x140c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
10:54:44.0103 0x140c  vds - ok
10:54:44.0103 0x140c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
10:54:44.0118 0x140c  vga - ok
10:54:44.0134 0x140c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
10:54:44.0150 0x140c  VgaSave - ok
10:54:44.0165 0x140c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
10:54:44.0181 0x140c  vhdmp - ok
10:54:44.0181 0x140c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:54:44.0196 0x140c  viaide - ok
10:54:44.0196 0x140c  [ D07589E4434BD14E192ACED6C398B0CB, 08E15EBB91CCC67175614EA814DDD0A4864934358E06AC4718EE12BFC4D2B9AE ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
10:54:44.0212 0x140c  VMAuthdService - ok
10:54:44.0212 0x140c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
10:54:44.0243 0x140c  vmbus - ok
10:54:44.0243 0x140c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:54:44.0259 0x140c  VMBusHID - ok
10:54:44.0259 0x140c  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
10:54:44.0274 0x140c  vmci - ok
10:54:44.0274 0x140c  [ C3775FAA7CA359E9512DEDFF54DE7C1C, F47226459EB55FDFD7201B9D7389F118609E9298B5D1087662FA3484DAB19068 ] vmkbd          C:\Windows\system32\drivers\VMkbd.sys
10:54:44.0290 0x140c  vmkbd - ok
10:54:44.0290 0x140c  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:54:44.0306 0x140c  VMnetAdapter - ok
10:54:44.0306 0x140c  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge    C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:54:44.0321 0x140c  VMnetBridge - ok
10:54:44.0321 0x140c  VMnetDHCP - ok
10:54:44.0321 0x140c  [ 50160AC31D1820C10BEE0D26707298E0, B59CB319503D3BFFAAD4B019E8EF19D0FEA62E2D29D4CC5B3C0E647A86390E7A ] VMnetuserif    C:\Windows\system32\drivers\vmnetuserif.sys
10:54:44.0337 0x140c  VMnetuserif - ok
10:54:44.0352 0x140c  [ 41FAE6618768DC93D98DDAF3F8282D3E, 95995542026CC111B8FFAA01AC9E55B2F942A9108F5F00502A35339C13BBF20D ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:54:44.0384 0x140c  VMUSBArbService - ok
10:54:44.0384 0x140c  VMware NAT Service - ok
10:54:44.0384 0x140c  [ 11CAB5305913D3510854A2BD6D5ED1FB, EDD1909820CAB0EDF0BA52CB685F2D33F5162415DAD3F369A06E2D88F8102393 ] vmx86          C:\Windows\system32\drivers\vmx86.sys
10:54:44.0399 0x140c  vmx86 - ok
10:54:44.0399 0x140c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:54:44.0415 0x140c  volmgr - ok
10:54:44.0430 0x140c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
10:54:44.0446 0x140c  volmgrx - ok
10:54:44.0462 0x140c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
10:54:44.0477 0x140c  volsnap - ok
10:54:44.0477 0x140c  [ ED1F4BDF68C649C6F79A02502BB6C9BC, 3D2830822D4A2C7B3676100B27DEC7B1C2EF640DA36C6543365A9CF2A61BF68E ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
10:54:44.0493 0x140c  VsEtwService120 - ok
10:54:44.0508 0x140c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
10:54:44.0524 0x140c  vsmraid - ok
10:54:44.0524 0x140c  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock          C:\Windows\system32\drivers\vsock.sys
10:54:44.0540 0x140c  vsock - ok
10:54:44.0571 0x140c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
10:54:44.0633 0x140c  VSS - ok
10:54:44.0649 0x140c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:54:44.0664 0x140c  vwifibus - ok
10:54:44.0664 0x140c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:54:44.0680 0x140c  vwififlt - ok
10:54:44.0680 0x140c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
10:54:44.0696 0x140c  vwifimp - ok
10:54:44.0711 0x140c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
10:54:44.0758 0x140c  W32Time - ok
10:54:44.0774 0x140c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC          C:\Windows\system32\inetsrv\iisw3adm.dll
10:54:44.0805 0x140c  W3SVC - ok
10:54:44.0805 0x140c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:54:44.0820 0x140c  WacomPen - ok
10:54:44.0820 0x140c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:54:44.0852 0x140c  WANARP - ok
10:54:44.0852 0x140c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:54:44.0883 0x140c  Wanarpv6 - ok
10:54:44.0898 0x140c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
10:54:44.0914 0x140c  WAS - ok
10:54:44.0945 0x140c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:54:44.0992 0x140c  wbengine - ok
10:54:45.0008 0x140c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:54:45.0023 0x140c  WbioSrvc - ok
10:54:45.0039 0x140c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
10:54:45.0070 0x140c  wcncsvc - ok
10:54:45.0070 0x140c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:54:45.0086 0x140c  WcsPlugInService - ok
10:54:45.0086 0x140c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
10:54:45.0101 0x140c  Wd - ok
10:54:45.0117 0x140c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:54:45.0164 0x140c  Wdf01000 - ok
10:54:45.0164 0x140c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:54:45.0179 0x140c  WdiServiceHost - ok
10:54:45.0179 0x140c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost  C:\Windows\system32\wdi.dll
10:54:45.0195 0x140c  WdiSystemHost - ok
10:54:45.0195 0x140c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
10:54:45.0226 0x140c  WebClient - ok
10:54:45.0226 0x140c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:54:45.0273 0x140c  Wecsvc - ok
10:54:45.0273 0x140c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
10:54:45.0304 0x140c  wercplsupport - ok
10:54:45.0304 0x140c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:54:45.0335 0x140c  WerSvc - ok
10:54:45.0335 0x140c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:54:45.0366 0x140c  WfpLwf - ok
10:54:45.0366 0x140c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:54:45.0382 0x140c  WIMMount - ok
10:54:45.0382 0x140c  WinDefend - ok
10:54:45.0398 0x140c  WinHttpAutoProxySvc - ok
10:54:45.0398 0x140c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
10:54:45.0444 0x140c  Winmgmt - ok
10:54:45.0476 0x140c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM          C:\Windows\system32\WsmSvc.dll
10:54:45.0554 0x140c  WinRM - ok
10:54:45.0554 0x140c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
10:54:45.0569 0x140c  WinUsb - ok
10:54:45.0600 0x140c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
10:54:45.0632 0x140c  Wlansvc - ok
10:54:45.0632 0x140c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
10:54:45.0647 0x140c  WmiAcpi - ok
10:54:45.0663 0x140c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:54:45.0678 0x140c  wmiApSrv - ok
10:54:45.0678 0x140c  WMPNetworkSvc - ok
10:54:45.0678 0x140c  [ B5BD872122A2CE82D196ABF2D5D8D80A, 06FD527BA98261905DF6C1D752843DE45987D776EAA075EBBFCFCA4652D6664A ] WMSVC          C:\Windows\system32\inetsrv\wmsvc.exe
10:54:45.0694 0x140c  WMSVC - ok
10:54:45.0694 0x140c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:54:45.0710 0x140c  WPCSvc - ok
10:54:45.0725 0x140c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:54:45.0741 0x140c  WPDBusEnum - ok
10:54:45.0741 0x140c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
10:54:45.0772 0x140c  ws2ifsl - ok
10:54:45.0772 0x140c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:54:45.0788 0x140c  wscsvc - ok
10:54:45.0803 0x140c  WSearch - ok
10:54:45.0850 0x140c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:54:45.0928 0x140c  wuauserv - ok
10:54:45.0944 0x140c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:54:45.0944 0x140c  WudfPf - ok
10:54:45.0959 0x140c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
10:54:45.0975 0x140c  WUDFRd - ok
10:54:45.0975 0x140c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
10:54:45.0990 0x140c  wudfsvc - ok
10:54:46.0006 0x140c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
10:54:46.0022 0x140c  WwanSvc - ok
10:54:46.0053 0x140c  [ 7EB06617A7F2F280D58CF62776FDDDC2, F994D0F837E65141EBFCA673DC15ACEDFDBB999E032F59079308E0F81726BD47 ] ZcfgSvc7        C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
10:54:46.0100 0x140c  ZcfgSvc7 - ok
10:54:46.0115 0x140c  ================ Scan global ===============================
10:54:46.0115 0x140c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:54:46.0131 0x140c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:54:46.0146 0x140c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:54:46.0146 0x140c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:54:46.0162 0x140c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:54:46.0178 0x140c  [ Global ] - ok
10:54:46.0178 0x140c  ================ Scan MBR ==================================
10:54:46.0178 0x140c  [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
10:54:46.0209 0x140c  \Device\Harddisk0\DR0 - ok
10:54:46.0209 0x140c  ================ Scan VBR ==================================
10:54:46.0209 0x140c  [ 767BE6D2073F9D4064C814405503A876 ] \Device\Harddisk0\DR0\Partition1
10:54:46.0209 0x140c  \Device\Harddisk0\DR0\Partition1 - ok
10:54:46.0209 0x140c  [ D419F3238E0AC4D422EC4BB8883A086E ] \Device\Harddisk0\DR0\Partition2
10:54:46.0209 0x140c  \Device\Harddisk0\DR0\Partition2 - ok
10:54:46.0209 0x140c  ================ Scan generic autorun ======================
10:54:46.0349 0x140c  [ 29A1AA60BEB49F0D270817F138618647, 0581DEB23E721938F96D8DD3BCAF2E83E0B35E7A36821CE9C216CFF1B578A849 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
10:54:46.0490 0x140c  RTHDVCPL - ok
10:54:46.0552 0x140c  [ 495B01F44E917CCDF79005CC0EC56F5A, F9FE6E5EC0C40B8877F846568BA4DC23EEBCC0CCA1F43364C65079F7B77F19F9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:54:46.0599 0x140c  RtHDVBg - ok
10:54:46.0614 0x140c  SynTPEnh - ok
10:54:46.0708 0x140c  [ 2C3FB0759319FE11AC5940E8C2F037CE, 8C44CFD0E47207D62B3746438280A648BAD7A0779AEE6E73E6EFDD213BD51F63 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
10:54:46.0817 0x140c  QuickSet - detected UnsignedFile.Multi.Generic ( 1 )
10:54:49.0719 0x140c  Detect skipped due to KSN trusted
10:54:49.0719 0x140c  QuickSet - ok
10:54:49.0734 0x140c  [ 774DB458ADE586B56BBC8E61D974C52A, 93F9FED7D07BBAA9C45AEB8F38AAD6EE3AACA32D982A2A0DE072D86E12DF7125 ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
10:54:49.0734 0x140c  BLEServicesCtrl - ok
10:54:49.0734 0x140c  BTMTrayAgent - ok
10:54:49.0750 0x140c  [ 844A67882C52C717A9A393FC93AB7C9D, FE0249C967D2E38AF4D29FF61FAE7D05A79A8C413B785605F993667FD3249412 ] C:\Windows\system32\igfxtray.exe
10:54:49.0750 0x140c  IgfxTray - ok
10:54:49.0766 0x140c  [ AD0119DF1702BE01FE74C1E5980B3E8B, 8ED3E7797F482796100DBE5E9A425F8DB07EE8F15E874D99954DFD15375C5F25 ] C:\Windows\system32\hkcmd.exe
10:54:49.0781 0x140c  HotKeysCmds - ok
10:54:49.0797 0x140c  [ FC1C7A950FAFF5536889ED6F03AC8DAF, 9DFC82BDEBA803C446CAE21ECCF825663C40EF3A571F2CD0AE24B3238EB23E30 ] C:\Windows\system32\igfxpers.exe
10:54:49.0812 0x140c  Persistence - ok
10:54:49.0859 0x140c  [ 522E613FAE006005515F89F122358221, 3D33595D2A9D369966E859583854B0ACA5CC3ECB7F29DA7955FCE4DB0E2F25A9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
10:54:49.0906 0x140c  NvBackend - ok
10:54:49.0922 0x140c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
10:54:49.0922 0x140c  ShadowPlay - ok
10:54:49.0953 0x140c  [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:54:49.0968 0x140c  avgnt - ok
10:54:50.0000 0x140c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0062 0x140c  Sidebar - ok
10:54:50.0062 0x140c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0093 0x140c  mctadmin - ok
10:54:50.0109 0x140c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0140 0x140c  Sidebar - ok
10:54:50.0156 0x140c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0156 0x140c  mctadmin - ok
10:54:50.0187 0x140c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0218 0x140c  Sidebar - ok
10:54:50.0234 0x140c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0234 0x140c  mctadmin - ok
10:54:50.0265 0x140c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0296 0x140c  Sidebar - ok
10:54:50.0312 0x140c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0327 0x140c  mctadmin - ok
10:54:50.0343 0x140c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0374 0x140c  Sidebar - ok
10:54:50.0390 0x140c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0405 0x140c  mctadmin - ok
10:54:50.0405 0x140c  Waiting for KSN requests completion. In queue: 199
10:54:51.0419 0x140c  Waiting for KSN requests completion. In queue: 199
10:54:52.0433 0x140c  Waiting for KSN requests completion. In queue: 199
10:54:53.0463 0x140c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x40000 ( disabled : updated )
10:54:53.0478 0x140c  Win FW state via NFP2: enabled
10:54:56.0304 0x140c  ============================================================
10:54:56.0304 0x140c  Scan finished
10:54:56.0304 0x140c  ============================================================
10:54:56.0304 0x1c64  Detected object count: 0
10:54:56.0304 0x1c64  Actual detected object count: 0
Ja habe ich gelesen,
du warst nur so schnell, dass deine Antwort schneller kam als meine Logs oben waren :D

M-K-D-B 24.05.2015 10:01
Servus,


Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Adobe Photoshop CS5 / Adobe Premiere Elements 9

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

rootofallevi 24.05.2015 10:57
Premiere Elements 9 war im Softwarepakte von Dell enthalten, Photoshop habe ich von einem Freund abgekauft, kann ich aber vorübergehend entfernen wenn dies notwendig ist.


soooo um Missverständnisse zu vermeiden habe ich jetzt einfach mal die ganze Adobe Software deinstalliert ;)
Sind Logs als Beweis notwendig? Wenn ja welche?


Grüße

Log von FRST nach dem entfernen der Software (habe noch mehr entfernt, musste mal aufgeräumt werden.)
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Michael (administrator) on MICHAEL-LAPTOP on 24-05-2015 11:51:26
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM-x32\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172016 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399856 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [442352 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2014-01-23] ((주)마크애니)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: E - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-09-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-09-10] (NVIDIA Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\abs@avira.com [2015-04-29]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Firebug - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-11]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: ProxTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Selenium IDE - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-18]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-14]
FF Extension: Fox!Box - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-10-27]

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-20]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) []
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18955552 2014-07-24] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) []
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S4 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-09-15] (Intel(R) Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64 (1).exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300352 2014-09-10] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 US800_01; C:\Windows\System32\DRIVERS\US800Wdm.sys [36440 2011-01-08] ()
S3 US800_AA; C:\Windows\System32\DRIVERS\US800Drv.sys [90200 2011-01-08] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 15:59 - 2015-05-10 22:16 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-06-07 09:38 - 2015-06-07 09:39 - 00524288 _____ (Simon Tatham) C:\Users\Michael\Desktop\putty.exe
2015-06-06 17:11 - 2015-06-06 17:11 - 00689051 _____ () C:\Users\Michael\Documents\VisualBoyAdvance-1.8.0-beta3.zip
2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D () C:\Users\Michael\Desktop\gbx
2015-06-06 17:09 - 2015-06-06 17:09 - 00303558 _____ () C:\Users\Michael\Documents\Zelda - Links Awakening (D).zip
2015-05-24 11:10 - 2015-05-24 11:10 - 00000000 ____D () C:\Windows\SysWOW64\syncdb
2015-05-24 10:51 - 2015-05-24 10:51 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe
2015-05-23 17:52 - 2015-05-23 17:52 - 00001209 _____ () C:\Users\Michael\Desktop\mbam.txt
2015-05-23 17:47 - 2015-05-23 17:47 - 00117220 _____ () C:\Users\Michael\Desktop\gmer.txt
2015-05-23 17:25 - 2015-05-23 17:25 - 00380416 _____ () C:\Users\Michael\Desktop\oxqoiqu8.exe
2015-05-23 17:21 - 2015-05-23 17:24 - 00073028 _____ () C:\Users\Michael\Desktop\Addition.txt
2015-05-23 17:20 - 2015-05-24 11:51 - 00028418 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-23 17:20 - 2015-05-24 11:51 - 00000000 ____D () C:\FRST
2015-05-23 17:19 - 2015-05-23 17:19 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00050477 _____ () C:\Users\Michael\Documents\Defogger.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00000546 _____ () C:\Users\Michael\Desktop\defogger_disable.log
2015-05-23 17:18 - 2015-05-23 17:18 - 00000168 _____ () C:\Users\Michael\defogger_reenable
2015-05-23 16:46 - 2015-05-23 16:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-23 16:46 - 2015-05-23 16:46 - 00004908 _____ () C:\Windows\system32\.crusader
2015-05-23 16:37 - 2015-05-23 16:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 00:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 00:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 23:41 - 2015-05-18 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 23:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 23:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 23:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 23:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 23:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 23:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-18 23:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 23:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-18 23:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 23:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-18 23:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 23:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 23:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 23:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 23:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 23:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 23:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 23:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 23:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 23:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 23:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 23:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 23:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 23:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-18 22:59 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-18 22:59 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-18 22:59 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 22:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 22:59 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-18 22:59 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-18 22:59 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 22:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 22:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 22:59 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-18 22:59 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-18 22:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 22:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 22:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-18 22:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-18 22:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 22:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-03 13:50 - 2015-05-03 13:50 - 00000000 __SHD () C:\found.000
2015-04-29 21:46 - 2015-04-29 21:52 - 136308332 _____ () C:\Users\Michael\Documents\ClappLend_MicrosoftAvi_720x480.avi
2015-04-29 21:43 - 2015-04-29 21:44 - 102627328 _____ () C:\Users\Michael\Documents\ClappLend720p25.mpg
2015-04-29 20:59 - 2015-04-29 21:02 - 438235520 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t
2015-04-29 20:59 - 2015-04-29 21:02 - 00106196 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t.xmpses
2015-04-29 19:30 - 2015-04-29 19:33 - 438235520 _____ () C:\Users\Michael\Documents\Unbenannt.m2t
2015-04-29 19:30 - 2015-04-29 19:33 - 00106196 _____ () C:\Users\Michael\Documents\Unbenannt.m2t.xmpses
2015-04-29 19:18 - 2015-04-29 19:18 - 00285487 _____ () C:\Users\Michael\Downloads\H264_presets.zip
2015-04-29 19:18 - 2015-04-29 19:18 - 00000000 ____D () C:\Users\Michael\Downloads\H264_presets
2015-04-29 19:11 - 2015-04-29 19:13 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller(1).exe
2015-04-29 18:53 - 2015-04-29 18:56 - 00000000 _____ () C:\Users\Michael\Documents\Unbenannt.avi
2015-04-29 18:05 - 2015-04-29 18:06 - 608648700 _____ () C:\Users\Michael\Documents\ClappLend720x576DVPAL25.avi
2015-04-29 17:42 - 2015-04-29 17:48 - 136554112 _____ () C:\Users\Michael\Documents\ClappLend720x480MicrosoftAvi.avi
2015-04-29 11:47 - 2015-04-29 11:48 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller.exe
2015-04-29 11:43 - 2015-04-29 11:45 - 25716682 _____ () C:\Users\Michael\Documents\ClappLend720x480avi2997.avi
2015-04-28 22:42 - 2015-04-28 22:43 - 103688192 _____ () C:\Users\Michael\Documents\Preview.mpg
2015-04-28 22:07 - 2015-04-28 22:08 - 103694336 _____ () C:\Users\Michael\Documents\OhneLogoTausch.mpg
2015-04-28 18:40 - 2015-04-28 18:40 - 00000000 ____D () C:\Users\Michael\Documents\Promovideo
2015-04-28 18:29 - 2015-04-28 18:30 - 101259264 _____ () C:\Users\Michael\Documents\Unbenannt.mpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 12:14 - 2014-03-10 17:55 - 00001029 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2015-06-07 12:14 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-24 11:32 - 2014-05-13 02:29 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2015-05-24 11:31 - 2014-03-08 11:38 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2015-05-24 11:31 - 2014-03-08 11:33 - 00000000 ____D () C:\ProgramData\Samsung
2015-05-24 11:31 - 2014-03-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-24 11:31 - 2013-10-14 15:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-24 11:30 - 2015-01-25 20:57 - 00000000 ____D () C:\Program Files (x86)\Compona
2015-05-24 11:22 - 2013-10-14 17:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-24 11:18 - 2014-07-24 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2015-05-24 11:09 - 2013-10-14 18:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 11:09 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2015-05-24 11:07 - 2014-01-24 14:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 11:07 - 2013-10-14 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-24 10:28 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-05-24 10:26 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:26 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:22 - 2013-10-14 15:51 - 01730584 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-24 10:19 - 2014-01-06 12:32 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-05-24 10:18 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\VMware
2015-05-24 10:18 - 2014-03-10 17:55 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-24 10:18 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-24 10:18 - 2014-01-24 14:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 10:18 - 2013-11-05 17:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\TSVNCache
2015-05-24 10:18 - 2013-10-14 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 10:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 10:18 - 2009-07-14 06:51 - 00029630 _____ () C:\Windows\setupact.log
2015-05-23 17:51 - 2014-06-10 10:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:18 - 2013-10-14 15:51 - 00000000 ____D () C:\Users\Michael
2015-05-23 17:04 - 2015-01-20 08:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 15:47 - 2013-10-14 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 11:12 - 2013-10-14 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-22 10:09 - 2014-01-24 14:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 19:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-21 18:30 - 2013-10-14 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:38 - 2009-07-14 06:45 - 04892952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 07:37 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 07:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-19 00:51 - 2013-10-29 02:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 00:51 - 2013-10-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-19 00:44 - 2013-10-29 02:26 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 00:43 - 2013-11-10 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 23:02 - 2014-01-24 14:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 23:02 - 2014-01-24 14:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 22:55 - 2015-04-02 18:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\aacs
2015-05-05 11:16 - 2013-10-14 16:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 21:21 - 2013-10-15 10:49 - 00035997 _____ () C:\Windows\system32\DICoInst64.log
2015-04-28 18:36 - 2013-10-14 18:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2013-11-22 14:02 - 2013-11-22 14:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-06-20 11:31 - 2014-08-19 12:16 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-03 09:52 - 2013-12-03 09:52 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\pref.ga
2014-03-05 13:42 - 2014-05-28 12:06 - 0005120 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-07 15:59 - 2015-05-10 22:16 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-02 18:36 - 2015-04-02 18:36 - 0001829 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2013-10-14 18:27 - 2014-11-09 20:20 - 0007660 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxvkr8y.dll
C:\Users\Michael\AppData\Local\Temp\GLF10B5.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFA99D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFCA05.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFD702.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFDA0F.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFF107.tmp.exe
C:\Users\Michael\AppData\Local\Temp\JavaRa.exe
C:\Users\Michael\AppData\Local\Temp\jli.dll
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-i586.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-x64.exe
C:\Users\Michael\AppData\Local\Temp\msvcr100.dll
C:\Users\Michael\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Michael\AppData\Local\Temp\node.exe
C:\Users\Michael\AppData\Local\Temp\ose00000.exe
C:\Users\Michael\AppData\Local\Temp\SIntf16.dll
C:\Users\Michael\AppData\Local\Temp\SIntf32.dll
C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 01:54

==================== End of log ============================

M-K-D-B 24.05.2015 11:03
Also auf diesem Rechner (Win 7) sehe ich bisher keinen Zeus.
Nur ein paar andere Reste, die wir noch entfernen.



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\system32\Drivers\etc\hosts
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
Hosts:
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

rootofallevi 24.05.2015 12:10
Kann ich während ESET auf dem Laptop läuft schon einmal FRST und TDSS auf den anderen Rechnern ausführen und die Logs posten?
Oder wie sieht das weiter vorgehen mit den anderen Rechnern aus?
Kann eigentlich auch eines meiner Lubuntu Systeme von diesem Schädling befallen sein oder ist dieser Schädling ausschließlich auf Windows Systemen?

Achja und vielen vielen Dank für die Hilfe :)

M-K-D-B 24.05.2015 12:43
Servus,


auf Ubuntu ist der Schädling nicht.


Klar kannst du auf deinem Windows 8 Rechner FRST und TDSS-Killer ausführen, aber bitte für die zwei Themen immer getrennte Posts verwenden, nicht, dass wir da durcheinander kommen. ;)

rootofallevi 24.05.2015 13:00
Ok Super, dann leg ich mal los :D
Ich fange mit meinem Desktop (win 8.1) an:
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Michael (administrator) on BLACKTOWER on 24-05-2015 13:31:19
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
() C:\Windows\System32\US800Pan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [US800Pane] => C:\Windows\system32\US800Pan.exe [1796696 2015-04-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1261568 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3440640 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\MountPoints2: {585dddbe-aadf-11e4-8250-001a92dae90a} - "G:\pushinst.exe"
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Touchpad Server.lnk [2015-02-03]
ShortcutTarget: Touchpad Server.lnk -> C:\Program Files (x86)\Things & Stuff\Touchpad Server\TouchpadServer.exe (Things & Stuff)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-02-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] ()
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Avast SafePrice) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-16]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (ScriptSafe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-02-10]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [89088 2007-06-07] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-09] (Avast Software)
S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) []
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-09] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2015-02-02] ()
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                          )
R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 US800_01; C:\Windows\system32\DRIVERS\US800Wdm.sys [36440 2015-04-12] ()
S3 US800_AA; C:\Windows\system32\DRIVERS\US800Drv.sys [90200 2015-04-12] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:31 - 2015-05-24 13:31 - 00013429 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-24 13:31 - 2015-05-24 13:31 - 00000000 ____D () C:\FRST
2015-05-24 13:15 - 2015-05-24 13:17 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:02 - 2015-05-23 17:02 - 00002047 _____ () C:\Users\Michael\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-05-23 17:02 - 2015-05-23 17:02 - 00001991 _____ () C:\Users\Michael\Desktop\Avira EU-Cleaner.lnk
2015-05-23 15:49 - 2015-05-23 15:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-23 15:42 - 2015-05-23 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 16:05 - 2015-05-19 16:06 - 00000197 _____ () C:\Windows\system32\2015-05-19-14-05-43.080-AvastVBoxSVC.exe-1640.log
2015-05-19 15:56 - 2015-05-19 15:56 - 00000197 _____ () C:\Windows\system32\2015-05-19-13-56-34.011-AvastVBoxSVC.exe-2428.log
2015-05-18 17:26 - 2015-05-18 17:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job
2015-05-09 20:17 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive
2015-04-28 14:27 - 2015-04-28 14:27 - 00279760 _____ () C:\Windows\Minidump\042815-23703-01.dmp
2015-04-28 14:07 - 2015-04-28 14:07 - 00279760 _____ () C:\Windows\Minidump\042815-19859-01.dmp
2015-04-28 10:39 - 2015-04-28 10:39 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-39-38.035-AvastVBoxSVC.exe-2352.log
2015-04-28 10:32 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive (5).old
2015-04-28 10:24 - 2015-04-28 10:24 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-24-32.022-AvastVBoxSVC.exe-2400.log
2015-04-28 10:19 - 2015-04-28 10:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (4).old
2015-04-28 10:19 - 2015-04-28 10:19 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-19-26.095-AvastVBoxSVC.exe-2372.log
2015-04-28 10:11 - 2015-04-28 10:11 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-11-53.013-AvastVBoxSVC.exe-2384.log
2015-04-28 10:10 - 2015-04-28 10:10 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-25 21:32 - 2015-04-25 21:48 - 00000000 ____D () C:\os161
2015-04-25 21:28 - 2015-04-26 01:25 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-25 17:55 - 2015-04-25 17:55 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-55-09.029-AvastVBoxSVC.exe-2388.log
2015-04-25 17:51 - 2015-04-25 17:51 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-51-05.037-AvastVBoxSVC.exe-2384.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-23 17:08 - 2015-02-09 20:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:06 - 2015-02-09 20:51 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 17:06 - 2015-02-09 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 17:06 - 2015-02-09 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 15:47 - 2015-02-02 14:54 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 15:47 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 15:47 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 15:32 - 2015-04-12 10:38 - 00064346 _____ () C:\Windows\system32\DICoInst64.log
2015-05-23 15:32 - 2015-02-02 16:30 - 00647236 _____ () C:\Windows\avmfwlanci.log
2015-05-23 15:32 - 2015-02-01 19:07 - 01074270 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 15:27 - 2015-02-09 20:48 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 15:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-23 15:13 - 2015-04-12 10:38 - 00131214 _____ () C:\Windows\system32\DICoInst64.bak
2015-05-23 15:13 - 2015-02-10 17:26 - 00000000 ___DO () C:\Users\Michael\SkyDrive
2015-05-20 21:48 - 2015-02-16 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-20 21:48 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 16:07 - 2015-02-09 20:44 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 16:07 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 16:03 - 2013-08-22 16:46 - 00028481 _____ () C:\Windows\setupact.log
2015-05-19 16:02 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-19 15:56 - 2015-02-09 20:44 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 20:21 - 2015-02-09 21:49 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-09 20:21 - 2015-02-09 21:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-09 20:17 - 2015-02-01 19:07 - 00000000 ____D () C:\Users\Michael
2015-04-29 22:05 - 2015-04-02 17:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\dvdcss
2015-04-29 22:05 - 2015-02-03 20:10 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-28 17:57 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-28 14:33 - 2015-02-02 15:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001
2015-04-28 14:27 - 2015-02-02 16:23 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 10:19 - 2015-04-13 18:48 - 00000000 ___RD () C:\Users\Michael\OneDrive (3).old
2015-04-28 10:11 - 2015-02-17 18:28 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-28 10:11 - 2015-02-17 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 10:09 - 2015-02-01 19:02 - 00024492 _____ () C:\Windows\PFRO.log
2015-04-25 17:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

==================== Files in the root of some directories =======

2015-04-25 21:28 - 2015-04-26 01:25 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-03-31 20:37 - 2015-03-31 20:37 - 0000218 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-02-09 21:25 - 2015-03-03 14:31 - 0007627 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\GLF255D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLF9770.tmp.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 21:36

==================== End of log ============================
und die Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Michael at 2015-05-24 13:32:20
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2705135437-1520576403-3312034090-500 - Administrator - Disabled)
Gast (S-1-5-21-2705135437-1520576403-3312034090-501 - Limited - Disabled)
Michael (S-1-5-21-2705135437-1520576403-3312034090-1001 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1165 - Steinberg Media Technologies GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
RollerCoaster Tycoon (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6260 - Analog Devices)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-03-2015 12:10:07 Geplanter Prüfpunkt
30-03-2015 12:46:47 Geplanter Prüfpunkt
10-04-2015 21:36:18 Windows Update
12-04-2015 10:47:21 Windows Modules Installer
09-05-2015 20:17:54 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {091CCA98-CFD0-4668-816F-FDE30641D621} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1588799C-4460-41C0-AA69-FF77F32E3381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {25D3BFD7-0A4F-4BC6-B291-8B1C18A4D77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {44E0C120-F662-4486-92FE-F3E65B0819F1} - System32\Tasks\{F11BBD6E-B477-4B35-95EE-89F16075F125} => pcalua.exe -a E:\S3\Autorun.exe -d E:\
Task: {5AE49BDE-A780-4138-9F2D-7E9A0F4EA6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {5BFFBCE8-BED4-46D8-9116-9FCAC4414459} - System32\Tasks\MalwareScan => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2015-04-14] (Malwarebytes Corporation)
Task: {7BFBE983-69DD-4525-8DE1-26DBAFFB4B65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-09] (Microsoft Corporation)
Task: {8CCEC2F7-8D00-4D80-99D1-C94B977D5B9F} - System32\Tasks\{74D79551-C8A4-4047-B788-89735DC425A5} => pcalua.exe -a "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64\AsusSetup.exe" -d "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64"
Task: {9767B787-CE1C-4A13-B1BD-B7A19AC736A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B0D8A2D7-7D68-456A-9761-E462073237E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-09] (AVAST Software)
Task: {BA1C29FA-CAB8-462C-BAA0-7A5C76D6755C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BE3560FE-A816-4757-B5FF-17E0EA6B513A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-09 20:43 - 2015-02-09 20:43 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-09 20:43 - 2015-02-09 20:43 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-01-08 05:44 - 2015-04-12 10:36 - 01796696 _____ () C:\Windows\System32\US800Pan.exe
2015-05-19 15:56 - 2015-05-19 15:56 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051900\algo.dll
2015-02-09 20:44 - 2015-02-09 20:44 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-05-20 23:08 - 2015-05-20 23:08 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052000\algo.dll
2015-03-13 21:06 - 2015-03-13 21:06 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Michael\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\StartupApproved\StartupFolder: => "Touchpad Server.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{AAB8A8D3-CA72-49D4-8E20-B5F79820D6DF}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{7ACB1CC4-9D9A-4196-96E9-3BB7ADEFF15C}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{0A4270A5-2AE3-40EC-B4DF-A3078AA225FA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E88398C1-C9BB-429D-A194-C9A5D82C3EC8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{8F792302-9964-4FD1-8689-8C96C290C6DD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{9939554D-8E8F-416F-8E27-EE7ECAC23FAD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{F930095C-CF05-4655-B911-28714319CEFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5C5F221-2B1B-4D2D-9A7F-32373DFD30FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EACDBECC-7E95-402B-AADF-13C3FAD92F11}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B7D48A1B-2CA4-42EF-9DA7-7227A4759BDF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4E89C4D8-799E-4F08-A0C6-8D49E16BC966}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D179C17E-73EA-4CC1-B480-08B9F98E175B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{14D4C7D2-5D15-4E49-9AFD-EB236DC9D5F3}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{C77E243B-4DFC-47F3-BB1E-B41D9FA1C02C}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [{7FCB0EF7-2955-4FC1-99F2-C07B347486EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:32:36Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:32:06Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:31:36Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:31:06Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:30:36Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:30:06Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:29:36Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:29:06Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:28:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:28:36Z. Fehlercode: 0x80040154.

Error: (05/24/2015 01:28:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:28:06Z. Fehlercode: 0x80040154.


System errors:
=============
Error: (05/23/2015 05:47:09 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (05/23/2015 03:34:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Anmelde-Assistent für Microsoft-Konten" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Server" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IP-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office:
=========================
Error: (05/24/2015 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:32:36Z

Error: (05/24/2015 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:32:06Z

Error: (05/24/2015 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:31:36Z

Error: (05/24/2015 01:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:31:06Z

Error: (05/24/2015 01:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:30:36Z

Error: (05/24/2015 01:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:30:06Z

Error: (05/24/2015 01:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:29:36Z

Error: (05/24/2015 01:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:29:06Z

Error: (05/24/2015 01:28:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:28:36Z

Error: (05/24/2015 01:28:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:28:06Z


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 4094.55 MB
Available physical RAM: 2571.03 MB
Total Pagefile: 8190.55 MB
Available Pagefile: 6082.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.02 GB) (Free:16.7 GB) NTFS
Drive d: () (Fixed) (Total:698.63 GB) (Free:256.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: E19F6F61)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.8 GB) - (Type=82)
Partition 4: (Not Active) - (Size=76.9 GB) - (Type=83)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of log ============================

rootofallevi 24.05.2015 13:00
Log von tdss auf meinem Desktop:
Code:
13:39:29.0498 0x0b5c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:39:31.0792 0x0b5c  ============================================================
13:39:31.0792 0x0b5c  Current date / time: 2015/05/24 13:39:31.0792
13:39:31.0792 0x0b5c  SystemInfo:
13:39:31.0792 0x0b5c 
13:39:31.0792 0x0b5c  OS Version: 6.3.9600 ServicePack: 0.0
13:39:31.0792 0x0b5c  Product type: Workstation
13:39:31.0792 0x0b5c  ComputerName: BLACKTOWER
13:39:31.0793 0x0b5c  UserName: Michael
13:39:31.0793 0x0b5c  Windows directory: C:\Windows
13:39:31.0793 0x0b5c  System windows directory: C:\Windows
13:39:31.0793 0x0b5c  Running under WOW64
13:39:31.0793 0x0b5c  Processor architecture: Intel x64
13:39:31.0793 0x0b5c  Number of processors: 2
13:39:31.0793 0x0b5c  Page size: 0x1000
13:39:31.0793 0x0b5c  Boot type: Normal boot
13:39:31.0793 0x0b5c  ============================================================
13:39:32.0517 0x0b5c  KLMD registered as C:\Windows\system32\drivers\75673909.sys
13:39:32.0766 0x0b5c  System UUID: {3D6BD311-D095-7645-115A-3EBCE90700B5}
13:39:33.0257 0x0b5c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:39:33.0300 0x0b5c  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:33.0309 0x0b5c  ============================================================
13:39:33.0309 0x0b5c  \Device\Harddisk0\DR0:
13:39:33.0325 0x0b5c  MBR partitions:
13:39:33.0325 0x0b5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
13:39:33.0326 0x0b5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x8809000
13:39:33.0326 0x0b5c  \Device\Harddisk1\DR1:
13:39:33.0326 0x0b5c  MBR partitions:
13:39:33.0326 0x0b5c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
13:39:33.0326 0x0b5c  ============================================================
13:39:33.0348 0x0b5c  C: <-> \Device\Harddisk0\DR0\Partition2
13:39:33.0363 0x0b5c  D: <-> \Device\Harddisk1\DR1\Partition1
13:39:33.0363 0x0b5c  ============================================================
13:39:33.0363 0x0b5c  Initialize success
13:39:33.0363 0x0b5c  ============================================================
13:39:51.0040 0x1404  ============================================================
13:39:51.0040 0x1404  Scan started
13:39:51.0040 0x1404  Mode: Manual; SigCheck; TDLFS;
13:39:51.0040 0x1404  ============================================================
13:39:51.0040 0x1404  KSN ping started
13:39:53.0458 0x1404  KSN ping finished: true
13:39:54.0710 0x1404  ================ Scan system memory ========================
13:39:54.0710 0x1404  System memory - ok
13:39:54.0711 0x1404  ================ Scan services =============================
13:39:55.0402 0x1404  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
13:39:55.0478 0x1404  1394ohci - ok
13:39:55.0537 0x1404  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
13:39:55.0558 0x1404  3ware - ok
13:39:55.0714 0x1404  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:39:55.0746 0x1404  ACPI - ok
13:39:55.0763 0x1404  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
13:39:55.0779 0x1404  acpiex - ok
13:39:55.0823 0x1404  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
13:39:55.0841 0x1404  acpipagr - ok
13:39:55.0873 0x1404  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
13:39:55.0891 0x1404  AcpiPmi - ok
13:39:55.0899 0x1404  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
13:39:55.0916 0x1404  acpitime - ok
13:39:55.0998 0x1404  [ 9C2430847D0D7DF0CB60EFACE1AA453A, 792CF51D9264E7ADD1F4A1720ECECE3C9D13E7AFFCD0C1A238F247293EC8297A ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:39:56.0021 0x1404  ADIHdAudAddService - ok
13:39:56.0976 0x1404  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:56.0994 0x1404  AdobeFlashPlayerUpdateSvc - ok
13:39:57.0151 0x1404  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
13:39:57.0192 0x1404  ADP80XX - ok
13:39:57.0248 0x1404  [ C084FC3139509297586357CB8B2D3EDB, 5003723166E0972089C2D715D92CA81EB0DA2802D49E8D5D3C486E3D22C4F4A7 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
13:39:57.0275 0x1404  AEADIFilters - ok
13:39:57.0311 0x1404  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
13:39:57.0357 0x1404  AeLookupSvc - ok
13:39:57.0409 0x1404  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
13:39:57.0469 0x1404  AFD - ok
13:39:57.0486 0x1404  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:39:57.0500 0x1404  agp440 - ok
13:39:57.0525 0x1404  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
13:39:57.0567 0x1404  ahcache - ok
13:39:57.0593 0x1404  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG            C:\Windows\System32\alg.exe
13:39:57.0644 0x1404  ALG - ok
13:39:57.0677 0x1404  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:39:57.0756 0x1404  AMD External Events Utility - ok
13:39:57.0781 0x1404  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
13:39:57.0820 0x1404  AmdK8 - ok
13:39:57.0838 0x1404  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
13:39:57.0856 0x1404  amdkmafd - ok
13:40:00.0323 0x1404  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:40:01.0235 0x1404  amdkmdag - ok
13:40:01.0324 0x1404  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:40:01.0370 0x1404  amdkmdap - ok
13:40:01.0415 0x1404  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
13:40:01.0459 0x1404  AmdPPM - ok
13:40:01.0492 0x1404  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
13:40:01.0507 0x1404  amdsata - ok
13:40:01.0531 0x1404  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:40:01.0553 0x1404  amdsbs - ok
13:40:01.0559 0x1404  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
13:40:01.0571 0x1404  amdxata - ok
13:40:01.0609 0x1404  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID          C:\Windows\system32\drivers\appid.sys
13:40:01.0655 0x1404  AppID - ok
13:40:01.0695 0x1404  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:40:01.0728 0x1404  AppIDSvc - ok
13:40:01.0760 0x1404  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo        C:\Windows\System32\appinfo.dll
13:40:01.0789 0x1404  Appinfo - ok
13:40:01.0800 0x1404  [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt        C:\Windows\System32\appmgmts.dll
13:40:01.0845 0x1404  AppMgmt - ok
13:40:01.0917 0x1404  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
13:40:01.0978 0x1404  AppReadiness - ok
13:40:02.0071 0x1404  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
13:40:02.0163 0x1404  AppXSvc - ok
13:40:02.0192 0x1404  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:40:02.0210 0x1404  arcsas - ok
13:40:02.0244 0x1404  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid        C:\Windows\system32\drivers\aswHwid.sys
13:40:02.0257 0x1404  aswHwid - ok
13:40:02.0279 0x1404  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
13:40:02.0293 0x1404  aswMonFlt - ok
13:40:02.0312 0x1404  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:40:02.0326 0x1404  aswRdr - ok
13:40:02.0344 0x1404  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt        C:\Windows\system32\drivers\aswRvrt.sys
13:40:02.0356 0x1404  aswRvrt - ok
13:40:02.0432 0x1404  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:40:02.0488 0x1404  aswSnx - ok
13:40:02.0532 0x1404  [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
13:40:02.0556 0x1404  aswSP - ok
13:40:02.0586 0x1404  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:40:02.0601 0x1404  aswStm - ok
13:40:02.0625 0x1404  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:40:02.0644 0x1404  aswVmm - ok
13:40:02.0659 0x1404  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
13:40:02.0672 0x1404  atapi - ok
13:40:02.0703 0x1404  [ 8523AA8BD207F937E8C047F8713D4788, EB131C38F51DEDCE2445648CAAE7B7F04F0009EB823A77D1D08B2E9CA8EC9B7D ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
13:40:02.0753 0x1404  AtiHDAudioService - ok
13:40:02.0794 0x1404  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:40:02.0842 0x1404  AudioEndpointBuilder - ok
13:40:02.0938 0x1404  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:40:03.0050 0x1404  Audiosrv - ok
13:40:03.0187 0x1404  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:40:03.0209 0x1404  avast! Antivirus - ok
13:40:03.0903 0x1404  [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:40:04.0102 0x1404  AvastVBoxSvc - ok
13:40:04.0267 0x1404  [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
13:40:04.0347 0x1404  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
13:40:06.0922 0x1404  Detect skipped due to KSN trusted
13:40:06.0923 0x1404  AVM WLAN Connection Service - ok
13:40:06.0964 0x1404  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
13:40:06.0985 0x1404  avmeject - ok
13:40:07.0020 0x1404  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:40:07.0069 0x1404  AxInstSV - ok
13:40:07.0120 0x1404  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
13:40:07.0159 0x1404  b06bdrv - ok
13:40:07.0199 0x1404  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
13:40:07.0244 0x1404  BasicDisplay - ok
13:40:07.0279 0x1404  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
13:40:07.0313 0x1404  BasicRender - ok
13:40:07.0332 0x1404  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
13:40:07.0343 0x1404  bcmfn2 - ok
13:40:07.0383 0x1404  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:40:07.0440 0x1404  BDESVC - ok
13:40:07.0459 0x1404  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
13:40:07.0499 0x1404  Beep - ok
13:40:07.0589 0x1404  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE            C:\Windows\System32\bfe.dll
13:40:07.0668 0x1404  BFE - ok
13:40:07.0738 0x1404  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
13:40:07.0831 0x1404  BITS - ok
13:40:07.0860 0x1404  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:40:07.0916 0x1404  bowser - ok
13:40:07.0954 0x1404  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:40:07.0991 0x1404  BrokerInfrastructure - ok
13:40:08.0025 0x1404  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser        C:\Windows\System32\browser.dll
13:40:08.0073 0x1404  Browser - ok
13:40:08.0090 0x1404  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
13:40:08.0137 0x1404  BthAvrcpTg - ok
13:40:08.0150 0x1404  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
13:40:08.0178 0x1404  BthHFEnum - ok
13:40:08.0185 0x1404  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
13:40:08.0213 0x1404  bthhfhid - ok
13:40:08.0224 0x1404  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
13:40:08.0246 0x1404  BTHMODEM - ok
13:40:08.0283 0x1404  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv        C:\Windows\system32\bthserv.dll
13:40:08.0304 0x1404  bthserv - ok
13:40:08.0320 0x1404  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:40:08.0359 0x1404  cdfs - ok
13:40:08.0378 0x1404  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
13:40:08.0400 0x1404  cdrom - ok
13:40:08.0426 0x1404  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc    C:\Windows\System32\certprop.dll
13:40:08.0481 0x1404  CertPropSvc - ok
13:40:08.0488 0x1404  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
13:40:08.0518 0x1404  circlass - ok
13:40:08.0564 0x1404  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
13:40:08.0601 0x1404  CLFS - ok
13:40:08.0631 0x1404  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
13:40:08.0700 0x1404  CmBatt - ok
13:40:08.0771 0x1404  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG            C:\Windows\system32\Drivers\cng.sys
13:40:08.0805 0x1404  CNG - ok
13:40:08.0833 0x1404  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
13:40:08.0866 0x1404  CompositeBus - ok
13:40:08.0872 0x1404  COMSysApp - ok
13:40:08.0891 0x1404  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
13:40:08.0923 0x1404  condrv - ok
13:40:08.0950 0x1404  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:40:08.0995 0x1404  CryptSvc - ok
13:40:09.0041 0x1404  [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC            C:\Windows\system32\drivers\csc.sys
13:40:09.0090 0x1404  CSC - ok
13:40:09.0179 0x1404  [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService      C:\Windows\System32\cscsvc.dll
13:40:09.0238 0x1404  CscService - ok
13:40:09.0264 0x1404  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam            C:\Windows\system32\drivers\dam.sys
13:40:09.0280 0x1404  dam - ok
13:40:09.0382 0x1404  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:40:09.0456 0x1404  DcomLaunch - ok
13:40:09.0508 0x1404  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc      C:\Windows\System32\defragsvc.dll
13:40:09.0572 0x1404  defragsvc - ok
13:40:09.0614 0x1404  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
13:40:09.0667 0x1404  DeviceAssociationService - ok
13:40:09.0707 0x1404  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
13:40:09.0748 0x1404  DeviceInstall - ok
13:40:09.0786 0x1404  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
13:40:09.0835 0x1404  Dfsc - ok
13:40:09.0865 0x1404  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:40:09.0880 0x1404  dg_ssudbus - ok
13:40:09.0931 0x1404  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:40:09.0980 0x1404  Dhcp - ok
13:40:10.0007 0x1404  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
13:40:10.0023 0x1404  disk - ok
13:40:10.0043 0x1404  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
13:40:10.0069 0x1404  dmvsc - ok
13:40:10.0105 0x1404  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:40:10.0148 0x1404  Dnscache - ok
13:40:10.0181 0x1404  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc        C:\Windows\System32\dot3svc.dll
13:40:10.0223 0x1404  dot3svc - ok
13:40:10.0243 0x1404  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS            C:\Windows\system32\dps.dll
13:40:10.0330 0x1404  DPS - ok
13:40:10.0360 0x1404  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
13:40:10.0372 0x1404  drmkaud - ok
13:40:10.0399 0x1404  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
13:40:10.0442 0x1404  DsmSvc - ok
13:40:10.0656 0x1404  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
13:40:10.0729 0x1404  DXGKrnl - ok
13:40:10.0789 0x1404  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost        C:\Windows\System32\eapsvc.dll
13:40:10.0832 0x1404  Eaphost - ok
13:40:11.0378 0x1404  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
13:40:11.0565 0x1404  ebdrv - ok
13:40:11.0608 0x1404  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS            C:\Windows\System32\lsass.exe
13:40:11.0634 0x1404  EFS - ok
13:40:11.0654 0x1404  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
13:40:11.0670 0x1404  EhStorClass - ok
13:40:11.0693 0x1404  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:40:11.0710 0x1404  EhStorTcgDrv - ok
13:40:11.0725 0x1404  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
13:40:11.0759 0x1404  ErrDev - ok
13:40:11.0812 0x1404  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem    C:\Windows\system32\es.dll
13:40:11.0879 0x1404  EventSystem - ok
13:40:11.0915 0x1404  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
13:40:11.0954 0x1404  exfat - ok
13:40:11.0979 0x1404  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
13:40:11.0998 0x1404  fastfat - ok
13:40:12.0047 0x1404  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax            C:\Windows\system32\fxssvc.exe
13:40:12.0117 0x1404  Fax - ok
13:40:12.0133 0x1404  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
13:40:12.0166 0x1404  fdc - ok
13:40:12.0189 0x1404  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost        C:\Windows\system32\fdPHost.dll
13:40:12.0223 0x1404  fdPHost - ok
13:40:12.0247 0x1404  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
13:40:12.0285 0x1404  FDResPub - ok
13:40:12.0308 0x1404  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc          C:\Windows\system32\fhsvc.dll
13:40:12.0351 0x1404  fhsvc - ok
13:40:12.0386 0x1404  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:40:12.0401 0x1404  FileInfo - ok
13:40:12.0414 0x1404  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
13:40:12.0444 0x1404  Filetrace - ok
13:40:12.0465 0x1404  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
13:40:12.0490 0x1404  flpydisk - ok
13:40:12.0532 0x1404  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:40:12.0558 0x1404  FltMgr - ok
13:40:12.0645 0x1404  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache      C:\Windows\system32\FntCache.dll
13:40:12.0739 0x1404  FontCache - ok
13:40:12.0864 0x1404  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:12.0887 0x1404  FontCache3.0.0.0 - ok
13:40:12.0906 0x1404  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
13:40:12.0921 0x1404  FsDepends - ok
13:40:12.0936 0x1404  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:40:12.0950 0x1404  Fs_Rec - ok
13:40:12.0994 0x1404  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:40:13.0044 0x1404  fvevol - ok
13:40:13.0130 0x1404  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
13:40:13.0175 0x1404  FWLANUSB - ok
13:40:13.0188 0x1404  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
13:40:13.0218 0x1404  FxPPM - ok
13:40:13.0227 0x1404  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:40:13.0242 0x1404  gagp30kx - ok
13:40:13.0268 0x1404  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
13:40:13.0297 0x1404  gencounter - ok
13:40:13.0322 0x1404  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
13:40:13.0340 0x1404  GPIOClx0101 - ok
13:40:13.0535 0x1404  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc          C:\Windows\System32\gpsvc.dll
13:40:13.0622 0x1404  gpsvc - ok
13:40:13.0683 0x1404  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:13.0705 0x1404  gupdate - ok
13:40:13.0712 0x1404  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:13.0722 0x1404  gupdatem - ok
13:40:13.0871 0x1404  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:40:13.0916 0x1404  HdAudAddService - ok
13:40:13.0945 0x1404  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
13:40:13.0985 0x1404  HDAudBus - ok
13:40:14.0008 0x1404  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
13:40:14.0025 0x1404  HidBatt - ok
13:40:14.0056 0x1404  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
13:40:14.0123 0x1404  HidBth - ok
13:40:14.0130 0x1404  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
13:40:14.0148 0x1404  hidi2c - ok
13:40:14.0155 0x1404  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
13:40:14.0183 0x1404  HidIr - ok
13:40:14.0220 0x1404  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv        C:\Windows\system32\hidserv.dll
13:40:14.0240 0x1404  hidserv - ok
13:40:14.0275 0x1404  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
13:40:14.0317 0x1404  HidUsb - ok
13:40:14.0343 0x1404  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:40:14.0367 0x1404  hkmsvc - ok
13:40:14.0387 0x1404  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:40:14.0433 0x1404  HomeGroupListener - ok
13:40:14.0477 0x1404  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:40:14.0533 0x1404  HomeGroupProvider - ok
13:40:14.0552 0x1404  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:40:14.0567 0x1404  HpSAMD - ok
13:40:14.0631 0x1404  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:40:14.0694 0x1404  HTTP - ok
13:40:14.0711 0x1404  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:40:14.0724 0x1404  hwpolicy - ok
13:40:14.0729 0x1404  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
13:40:14.0755 0x1404  hyperkbd - ok
13:40:14.0761 0x1404  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
13:40:14.0777 0x1404  HyperVideo - ok
13:40:14.0793 0x1404  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
13:40:14.0814 0x1404  i8042prt - ok
13:40:14.0822 0x1404  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
13:40:14.0834 0x1404  iaLPSSi_GPIO - ok
13:40:14.0853 0x1404  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
13:40:14.0867 0x1404  iaLPSSi_I2C - ok
13:40:14.0931 0x1404  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
13:40:14.0961 0x1404  iaStorAV - ok
13:40:14.0989 0x1404  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
13:40:15.0034 0x1404  iaStorV - ok
13:40:15.0039 0x1404  IEEtwCollectorService - ok
13:40:15.0227 0x1404  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:40:15.0297 0x1404  IKEEXT - ok
13:40:15.0309 0x1404  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:40:15.0322 0x1404  intelide - ok
13:40:15.0349 0x1404  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
13:40:15.0362 0x1404  intelpep - ok
13:40:15.0375 0x1404  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
13:40:15.0404 0x1404  intelppm - ok
13:40:15.0423 0x1404  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:15.0445 0x1404  IpFilterDriver - ok
13:40:15.0619 0x1404  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:40:15.0680 0x1404  iphlpsvc - ok
13:40:15.0716 0x1404  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
13:40:15.0751 0x1404  IPMIDRV - ok
13:40:15.0782 0x1404  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
13:40:15.0823 0x1404  IPNAT - ok
13:40:15.0842 0x1404  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:40:15.0861 0x1404  IRENUM - ok
13:40:15.0893 0x1404  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:40:15.0919 0x1404  isapnp - ok
13:40:15.0951 0x1404  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
13:40:15.0975 0x1404  iScsiPrt - ok
13:40:15.0990 0x1404  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
13:40:16.0016 0x1404  kbdclass - ok
13:40:16.0040 0x1404  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
13:40:16.0069 0x1404  kbdhid - ok
13:40:16.0087 0x1404  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
13:40:16.0100 0x1404  kbldfltr - ok
13:40:16.0114 0x1404  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
13:40:16.0156 0x1404  kdnic - ok
13:40:16.0172 0x1404  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
13:40:16.0188 0x1404  KeyIso - ok
13:40:16.0220 0x1404  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:40:16.0250 0x1404  KSecDD - ok
13:40:16.0312 0x1404  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
13:40:16.0331 0x1404  KSecPkg - ok
13:40:16.0346 0x1404  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
13:40:16.0372 0x1404  ksthunk - ok
13:40:16.0414 0x1404  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm          C:\Windows\system32\msdtckrm.dll
13:40:16.0459 0x1404  KtmRm - ok
13:40:16.0517 0x1404  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:40:16.0560 0x1404  LanmanServer - ok
13:40:16.0591 0x1404  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:40:16.0620 0x1404  LanmanWorkstation - ok
13:40:16.0678 0x1404  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
13:40:16.0719 0x1404  lfsvc - ok
13:40:16.0743 0x1404  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:40:16.0775 0x1404  lltdio - ok
13:40:16.0853 0x1404  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
13:40:16.0943 0x1404  lltdsvc - ok
13:40:16.0964 0x1404  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts        C:\Windows\System32\lmhsvc.dll
13:40:17.0015 0x1404  lmhosts - ok
13:40:17.0042 0x1404  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
13:40:17.0059 0x1404  LSI_SAS - ok
13:40:17.0068 0x1404  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:40:17.0084 0x1404  LSI_SAS2 - ok
13:40:17.0104 0x1404  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
13:40:17.0119 0x1404  LSI_SAS3 - ok
13:40:17.0130 0x1404  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
13:40:17.0147 0x1404  LSI_SSS - ok
13:40:17.0206 0x1404  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM            C:\Windows\System32\lsm.dll
13:40:17.0274 0x1404  LSM - ok
13:40:17.0316 0x1404  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
13:40:17.0345 0x1404  luafv - ok
13:40:17.0391 0x1404  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
13:40:17.0402 0x1404  MBAMProtector - ok
13:40:17.0489 0x1404  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:40:17.0547 0x1404  MBAMService - ok
13:40:17.0568 0x1404  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:40:17.0580 0x1404  MBAMWebAccessControl - ok
13:40:17.0598 0x1404  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
13:40:17.0612 0x1404  megasas - ok
13:40:17.0660 0x1404  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
13:40:17.0696 0x1404  megasr - ok
13:40:17.0726 0x1404  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS          C:\Windows\system32\mmcss.dll
13:40:17.0770 0x1404  MMCSS - ok
13:40:17.0789 0x1404  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
13:40:17.0811 0x1404  Modem - ok
13:40:17.0834 0x1404  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
13:40:17.0873 0x1404  monitor - ok
13:40:17.0891 0x1404  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
13:40:17.0905 0x1404  mouclass - ok
13:40:17.0915 0x1404  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
13:40:17.0946 0x1404  mouhid - ok
13:40:17.0966 0x1404  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:40:17.0982 0x1404  mountmgr - ok
13:40:18.0021 0x1404  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:18.0035 0x1404  MozillaMaintenance - ok
13:40:18.0055 0x1404  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:40:18.0076 0x1404  mpsdrv - ok
13:40:18.0129 0x1404  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:40:18.0197 0x1404  MpsSvc - ok
13:40:18.0228 0x1404  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:40:18.0273 0x1404  MRxDAV - ok
13:40:18.0316 0x1404  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:18.0361 0x1404  mrxsmb - ok
13:40:18.0404 0x1404  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:18.0448 0x1404  mrxsmb10 - ok
13:40:18.0479 0x1404  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:18.0508 0x1404  mrxsmb20 - ok
13:40:18.0537 0x1404  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
13:40:18.0577 0x1404  MsBridge - ok
13:40:18.0612 0x1404  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC          C:\Windows\System32\msdtc.exe
13:40:18.0649 0x1404  MSDTC - ok
13:40:18.0679 0x1404  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:40:18.0712 0x1404  Msfs - ok
13:40:18.0730 0x1404  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
13:40:18.0744 0x1404  msgpiowin32 - ok
13:40:18.0752 0x1404  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
13:40:18.0769 0x1404  mshidkmdf - ok
13:40:18.0787 0x1404  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
13:40:18.0814 0x1404  mshidumdf - ok
13:40:18.0838 0x1404  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:40:18.0851 0x1404  msisadrv - ok
13:40:18.0878 0x1404  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
13:40:18.0905 0x1404  MSiSCSI - ok
13:40:18.0914 0x1404  msiserver - ok
13:40:18.0957 0x1404  [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
13:40:18.0977 0x1404  MsKeyboardFilter - ok
13:40:18.0983 0x1404  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
13:40:19.0010 0x1404  MSKSSRV - ok
13:40:19.0028 0x1404  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
13:40:19.0058 0x1404  MsLldp - ok
13:40:19.0065 0x1404  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:19.0081 0x1404  MSPCLOCK - ok
13:40:19.0088 0x1404  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
13:40:19.0110 0x1404  MSPQM - ok
13:40:19.0139 0x1404  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
13:40:19.0164 0x1404  MsRPC - ok
13:40:19.0180 0x1404  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
13:40:19.0194 0x1404  mssmbios - ok
13:40:19.0213 0x1404  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
13:40:19.0230 0x1404  MSTEE - ok
13:40:19.0238 0x1404  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
13:40:19.0266 0x1404  MTConfig - ok
13:40:19.0292 0x1404  [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
13:40:19.0301 0x1404  MTsensor - ok
13:40:19.0314 0x1404  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
13:40:19.0329 0x1404  Mup - ok
13:40:19.0344 0x1404  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
13:40:19.0359 0x1404  mvumis - ok
13:40:19.0412 0x1404  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
13:40:19.0462 0x1404  napagent - ok
13:40:19.0516 0x1404  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
13:40:19.0553 0x1404  NativeWifiP - ok
13:40:19.0587 0x1404  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
13:40:19.0624 0x1404  NcaSvc - ok
13:40:19.0644 0x1404  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
13:40:19.0680 0x1404  NcbService - ok
13:40:19.0700 0x1404  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
13:40:19.0742 0x1404  NcdAutoSetup - ok
13:40:19.0808 0x1404  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:40:19.0873 0x1404  NDIS - ok
13:40:19.0888 0x1404  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:19.0909 0x1404  NdisCap - ok
13:40:19.0928 0x1404  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:40:19.0959 0x1404  NdisImPlatform - ok
13:40:19.0990 0x1404  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:20.0019 0x1404  NdisTapi - ok
13:40:20.0039 0x1404  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:20.0071 0x1404  Ndisuio - ok
13:40:20.0091 0x1404  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
13:40:20.0125 0x1404  NdisVirtualBus - ok
13:40:20.0144 0x1404  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:20.0183 0x1404  NdisWan - ok
13:40:20.0193 0x1404  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:20.0216 0x1404  NdisWanLegacy - ok
13:40:20.0233 0x1404  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
13:40:20.0273 0x1404  NDProxy - ok
13:40:20.0290 0x1404  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
13:40:20.0320 0x1404  Ndu - ok
13:40:20.0336 0x1404  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
13:40:20.0369 0x1404  NetBIOS - ok
13:40:20.0398 0x1404  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
13:40:20.0447 0x1404  NetBT - ok
13:40:20.0463 0x1404  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
13:40:20.0478 0x1404  Netlogon - ok
13:40:20.0558 0x1404  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
13:40:20.0586 0x1404  Netman - ok
13:40:20.0651 0x1404  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
13:40:20.0700 0x1404  netprofm - ok
13:40:20.0744 0x1404  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:20.0760 0x1404  NetTcpPortSharing - ok
13:40:20.0780 0x1404  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
13:40:20.0798 0x1404  netvsc - ok
13:40:20.0840 0x1404  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:40:20.0918 0x1404  NlaSvc - ok
13:40:20.0947 0x1404  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:40:20.0981 0x1404  Npfs - ok
13:40:20.0999 0x1404  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
13:40:21.0025 0x1404  npsvctrig - ok
13:40:21.0047 0x1404  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi            C:\Windows\system32\nsisvc.dll
13:40:21.0077 0x1404  nsi - ok
13:40:21.0083 0x1404  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:40:21.0112 0x1404  nsiproxy - ok
13:40:21.0369 0x1404  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:40:21.0456 0x1404  Ntfs - ok
13:40:21.0473 0x1404  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
13:40:21.0506 0x1404  Null - ok
13:40:21.0541 0x1404  [ C42C32BF90A78D72D4B7C144FF907FB6, 4BAD5469CE035E0D9989F3EDB5B7CA1118FB895B013FB16FEC2788C85265FC71 ] NVNET          C:\Windows\system32\DRIVERS\nvmf6264.sys
13:40:21.0561 0x1404  NVNET - ok
13:40:21.0582 0x1404  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:40:21.0600 0x1404  nvraid - ok
13:40:21.0670 0x1404  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:40:21.0702 0x1404  nvstor - ok
13:40:21.0813 0x1404  [ 71B6ECD3C56FBF12FB1968DA3953B703, 47E39FBC336C9BFC159AA0FF9D8DEE950724ABB782102858E397A7EF87112584 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
13:40:21.0827 0x1404  nvstor64 - ok
13:40:21.0844 0x1404  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:40:21.0861 0x1404  nv_agp - ok
13:40:21.0896 0x1404  [ E47C13E2DEC4244836D6728C36CDA1A6, 851FA9894918D515D1B49E847F0789ECBA6CC3C8BBF3EA491D7F6AB6E7205FB6 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
13:40:21.0907 0x1404  OpenVPNService - ok
13:40:21.0965 0x1404  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:40:22.0076 0x1404  p2pimsvc - ok
13:40:22.0121 0x1404  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:40:22.0175 0x1404  p2psvc - ok
13:40:22.0211 0x1404  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
13:40:22.0240 0x1404  Parport - ok
13:40:22.0261 0x1404  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
13:40:22.0276 0x1404  partmgr - ok
13:40:22.0339 0x1404  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:40:22.0378 0x1404  PcaSvc - ok
13:40:22.0425 0x1404  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
13:40:22.0456 0x1404  pci - ok
13:40:22.0472 0x1404  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:40:22.0485 0x1404  pciide - ok
13:40:22.0504 0x1404  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:40:22.0520 0x1404  pcmcia - ok
13:40:22.0539 0x1404  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
13:40:22.0553 0x1404  pcw - ok
13:40:22.0568 0x1404  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc            C:\Windows\system32\drivers\pdc.sys
13:40:22.0584 0x1404  pdc - ok
13:40:22.0634 0x1404  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:40:22.0695 0x1404  PEAUTH - ok
13:40:22.0838 0x1404  [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
13:40:22.0975 0x1404  PeerDistSvc - ok
13:40:23.0500 0x1404  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:40:23.0541 0x1404  PerfHost - ok
13:40:23.0704 0x1404  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla            C:\Windows\system32\pla.dll
13:40:23.0806 0x1404  pla - ok
13:40:23.0844 0x1404  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:40:23.0865 0x1404  PlugPlay - ok
13:40:23.0887 0x1404  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
13:40:23.0923 0x1404  PNRPAutoReg - ok
13:40:23.0950 0x1404  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
13:40:23.0976 0x1404  PNRPsvc - ok
13:40:24.0060 0x1404  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
13:40:24.0111 0x1404  PolicyAgent - ok
13:40:24.0149 0x1404  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power          C:\Windows\system32\umpo.dll
13:40:24.0197 0x1404  Power - ok
13:40:24.0637 0x1404  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
13:40:24.0760 0x1404  PrintNotify - ok
13:40:24.0795 0x1404  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
13:40:24.0823 0x1404  Processor - ok
13:40:24.0857 0x1404  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc        C:\Windows\system32\profsvc.dll
13:40:24.0906 0x1404  ProfSvc - ok
13:40:24.0927 0x1404  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:40:24.0962 0x1404  Psched - ok
13:40:24.0996 0x1404  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE          C:\Windows\system32\qwave.dll
13:40:25.0034 0x1404  QWAVE - ok
13:40:25.0055 0x1404  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:40:25.0099 0x1404  QWAVEdrv - ok
13:40:25.0118 0x1404  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:40:25.0137 0x1404  RasAcd - ok
13:40:25.0147 0x1404  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto        C:\Windows\System32\rasauto.dll
13:40:25.0171 0x1404  RasAuto - ok
13:40:25.0267 0x1404  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
13:40:25.0325 0x1404  RasMan - ok
13:40:25.0355 0x1404  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:25.0387 0x1404  RasPppoe - ok
13:40:25.0465 0x1404  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
13:40:25.0519 0x1404  rdbss - ok
13:40:25.0539 0x1404  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
13:40:25.0578 0x1404  rdpbus - ok
13:40:25.0598 0x1404  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
13:40:25.0642 0x1404  RDPDR - ok
13:40:25.0678 0x1404  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:25.0690 0x1404  RdpVideoMiniport - ok
13:40:25.0722 0x1404  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:40:25.0743 0x1404  rdyboost - ok
13:40:25.0898 0x1404  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
13:40:25.0949 0x1404  ReFS - ok
13:40:26.0032 0x1404  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:40:26.0065 0x1404  RemoteAccess - ok
13:40:26.0096 0x1404  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:40:26.0127 0x1404  RemoteRegistry - ok
13:40:26.0151 0x1404  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:40:26.0183 0x1404  RpcEptMapper - ok
13:40:26.0210 0x1404  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
13:40:26.0248 0x1404  RpcLocator - ok
13:40:26.0317 0x1404  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs          C:\Windows\system32\rpcss.dll
13:40:26.0353 0x1404  RpcSs - ok
13:40:26.0370 0x1404  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:40:26.0400 0x1404  rspndr - ok
13:40:26.0503 0x1404  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
13:40:26.0587 0x1404  RtlWlanu - ok
13:40:26.0614 0x1404  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
13:40:26.0637 0x1404  s3cap - ok
13:40:26.0668 0x1404  [ 476BAA3EEBE9DB94BF6BDFAF46747E5D, 6E8FB06225341989B88C1F554800724F5DFE16A359C3E019CA63D6C2FAA22F72 ] SaiK0728        C:\Windows\system32\DRIVERS\SaiK0728.sys
13:40:26.0730 0x1404  SaiK0728 - ok
13:40:26.0760 0x1404  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs          C:\Windows\system32\lsass.exe
13:40:26.0776 0x1404  SamSs - ok
13:40:26.0837 0x1404  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:40:26.0857 0x1404  sbp2port - ok
13:40:26.0888 0x1404  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:40:26.0934 0x1404  SCardSvr - ok
13:40:26.0942 0x1404  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
13:40:26.0969 0x1404  ScDeviceEnum - ok
13:40:26.0993 0x1404  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:40:27.0012 0x1404  scfilter - ok
13:40:27.0197 0x1404  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
13:40:27.0293 0x1404  Schedule - ok
13:40:27.0328 0x1404  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc    C:\Windows\System32\certprop.dll
13:40:27.0350 0x1404  SCPolicySvc - ok
13:40:27.0464 0x1404  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus          C:\Windows\System32\drivers\sdbus.sys
13:40:27.0492 0x1404  sdbus - ok
13:40:27.0544 0x1404  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
13:40:27.0565 0x1404  sdstor - ok
13:40:27.0589 0x1404  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:40:27.0613 0x1404  secdrv - ok
13:40:27.0642 0x1404  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
13:40:27.0678 0x1404  seclogon - ok
13:40:27.0695 0x1404  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
13:40:27.0737 0x1404  SENS - ok
13:40:27.0761 0x1404  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:40:27.0806 0x1404  SensrSvc - ok
13:40:27.0827 0x1404  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
13:40:27.0842 0x1404  SerCx - ok
13:40:27.0871 0x1404  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
13:40:27.0888 0x1404  SerCx2 - ok
13:40:27.0895 0x1404  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
13:40:27.0911 0x1404  Serenum - ok
13:40:27.0928 0x1404  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
13:40:27.0956 0x1404  Serial - ok
13:40:27.0964 0x1404  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
13:40:27.0981 0x1404  sermouse - ok
13:40:28.0063 0x1404  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:40:28.0126 0x1404  SessionEnv - ok
13:40:28.0136 0x1404  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
13:40:28.0164 0x1404  sfloppy - ok
13:40:28.0228 0x1404  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:40:28.0286 0x1404  SharedAccess - ok
13:40:28.0353 0x1404  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:40:28.0418 0x1404  ShellHWDetection - ok
13:40:28.0448 0x1404  [ 0F498DEE92FD73DD999BAE4D506367F5, F85EC9A0D4A20D02B4DD30B489BA67E5C677B1DFD67EC7346083DAFB61B834C3 ] SI3132          C:\Windows\system32\DRIVERS\SI3132.sys
13:40:28.0474 0x1404  SI3132 - ok
13:40:28.0493 0x1404  [ 127CE10E01F53F2EDACA7FE42E5631EA, 665632BB4CCCEC92824F78985302588E09855B560E2D35273EAE36F45582B1F2 ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
13:40:28.0502 0x1404  SiFilter - ok
13:40:28.0511 0x1404  [ B742C37002B8EBEF6E230DF9B4B28546, E7DAF42E4C2A5E01218790AFDB54317448B9301FD8F874FDED853E5088E751CD ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
13:40:28.0520 0x1404  SiRemFil - ok
13:40:28.0533 0x1404  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:40:28.0547 0x1404  SiSRaid2 - ok
13:40:28.0557 0x1404  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:40:28.0572 0x1404  SiSRaid4 - ok
13:40:28.0677 0x1404  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
13:40:28.0713 0x1404  SkypeUpdate - ok
13:40:28.0745 0x1404  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost        C:\Windows\System32\smphost.dll
13:40:28.0775 0x1404  smphost - ok
13:40:28.0793 0x1404  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:40:28.0826 0x1404  SNMPTRAP - ok
13:40:28.0871 0x1404  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport      C:\Windows\system32\drivers\spaceport.sys
13:40:28.0910 0x1404  spaceport - ok
13:40:28.0929 0x1404  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
13:40:28.0944 0x1404  SpbCx - ok
13:40:28.0982 0x1404  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler        C:\Windows\System32\spoolsv.exe
13:40:29.0058 0x1404  Spooler - ok
13:40:29.0771 0x1404  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
13:40:30.0098 0x1404  sppsvc - ok
13:40:30.0151 0x1404  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
13:40:30.0214 0x1404  srv - ok
13:40:30.0399 0x1404  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:40:30.0439 0x1404  srv2 - ok
13:40:30.0492 0x1404  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:40:30.0524 0x1404  srvnet - ok
13:40:30.0560 0x1404  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
13:40:30.0600 0x1404  SSDPSRV - ok
13:40:30.0635 0x1404  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
13:40:30.0669 0x1404  SstpSvc - ok
13:40:30.0731 0x1404  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
13:40:30.0759 0x1404  ssudmdm - ok
13:40:30.0777 0x1404  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:40:30.0790 0x1404  stexstor - ok
13:40:30.0838 0x1404  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
13:40:30.0909 0x1404  stisvc - ok
13:40:30.0930 0x1404  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
13:40:30.0946 0x1404  storahci - ok
13:40:30.0962 0x1404  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
13:40:30.0976 0x1404  storflt - ok
13:40:31.0003 0x1404  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
13:40:31.0017 0x1404  stornvme - ok
13:40:31.0038 0x1404  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc        C:\Windows\system32\storsvc.dll
13:40:31.0065 0x1404  StorSvc - ok
13:40:31.0075 0x1404  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
13:40:31.0089 0x1404  storvsc - ok
13:40:31.0103 0x1404  [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp        C:\Windows\System32\drivers\storvsp.sys
13:40:31.0122 0x1404  storvsp - ok
13:40:31.0132 0x1404  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc          C:\Windows\system32\svsvc.dll
13:40:31.0172 0x1404  svsvc - ok
13:40:31.0190 0x1404  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
13:40:31.0219 0x1404  swenum - ok
13:40:31.0312 0x1404  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv          C:\Windows\System32\swprv.dll
13:40:31.0394 0x1404  swprv - ok
13:40:31.0561 0x1404  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain        C:\Windows\system32\sysmain.dll
13:40:31.0625 0x1404  SysMain - ok
13:40:31.0665 0x1404  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:40:31.0700 0x1404  SystemEventsBroker - ok
13:40:31.0725 0x1404  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
13:40:31.0749 0x1404  TabletInputService - ok
13:40:31.0781 0x1404  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
13:40:31.0793 0x1404  tap0901 - ok
13:40:31.0817 0x1404  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv        C:\Windows\System32\tapisrv.dll
13:40:31.0867 0x1404  TapiSrv - ok
13:40:32.0235 0x1404  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
13:40:32.0397 0x1404  Tcpip - ok
13:40:32.0636 0x1404  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:40:32.0717 0x1404  TCPIP6 - ok
13:40:32.0759 0x1404  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:40:32.0802 0x1404  tcpipreg - ok
13:40:32.0831 0x1404  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
13:40:32.0862 0x1404  tdx - ok
13:40:32.0879 0x1404  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
13:40:32.0893 0x1404  terminpt - ok
13:40:32.0979 0x1404  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService    C:\Windows\System32\termsrv.dll
13:40:33.0065 0x1404  TermService - ok
13:40:33.0087 0x1404  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
13:40:33.0128 0x1404  Themes - ok
13:40:33.0155 0x1404  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER    C:\Windows\system32\mmcss.dll
13:40:33.0177 0x1404  THREADORDER - ok
13:40:33.0262 0x1404  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
13:40:33.0303 0x1404  TimeBroker - ok
13:40:33.0345 0x1404  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
13:40:33.0363 0x1404  TPM - ok
13:40:33.0379 0x1404  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
13:40:33.0419 0x1404  TrkWks - ok
13:40:33.0462 0x1404  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:40:33.0502 0x1404  TrustedInstaller - ok
13:40:33.0523 0x1404  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:40:33.0563 0x1404  TsUsbFlt - ok
13:40:33.0571 0x1404  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
13:40:33.0609 0x1404  TsUsbGD - ok
13:40:33.0636 0x1404  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:40:33.0660 0x1404  tunnel - ok
13:40:33.0678 0x1404  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:40:33.0692 0x1404  uagp35 - ok
13:40:33.0707 0x1404  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
13:40:33.0722 0x1404  UASPStor - ok
13:40:33.0762 0x1404  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
13:40:33.0794 0x1404  UCX01000 - ok
13:40:33.0821 0x1404  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:40:33.0853 0x1404  udfs - ok
13:40:33.0859 0x1404  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
13:40:33.0872 0x1404  UEFI - ok
13:40:33.0902 0x1404  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
13:40:33.0945 0x1404  UI0Detect - ok
13:40:33.0969 0x1404  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:40:33.0983 0x1404  uliagpkx - ok
13:40:34.0000 0x1404  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
13:40:34.0030 0x1404  umbus - ok
13:40:34.0048 0x1404  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
13:40:34.0064 0x1404  UmPass - ok
13:40:34.0088 0x1404  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:40:34.0128 0x1404  UmRdpService - ok
13:40:34.0168 0x1404  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
13:40:34.0217 0x1404  upnphost - ok
13:40:34.0240 0x1404  [ F720A06140072B31E43A96F123858AA5, CA94176F2B72247F920B2C041B36CEDE360BA19BF6A7F17149561FA39AAA4449 ] US800_01        C:\Windows\system32\DRIVERS\US800Wdm.sys
13:40:34.0250 0x1404  US800_01 - ok
13:40:34.0268 0x1404  [ A074A3491B023FB8EC826B1DF6716141, 90E898E3BEEC60A1170E93C56C03E97D5BA83D74613BBA13871D22E03918020B ] US800_AA        C:\Windows\system32\DRIVERS\US800Drv.sys
13:40:34.0280 0x1404  US800_AA - ok
13:40:34.0306 0x1404  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
13:40:34.0324 0x1404  usbccgp - ok
13:40:34.0345 0x1404  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
13:40:34.0374 0x1404  usbcir - ok
13:40:34.0411 0x1404  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
13:40:34.0438 0x1404  usbehci - ok
13:40:34.0475 0x1404  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
13:40:34.0510 0x1404  usbhub - ok
13:40:34.0561 0x1404  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
13:40:34.0592 0x1404  USBHUB3 - ok
13:40:34.0631 0x1404  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
13:40:34.0679 0x1404  usbohci - ok
13:40:34.0698 0x1404  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
13:40:34.0739 0x1404  usbprint - ok
13:40:34.0771 0x1404  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
13:40:34.0790 0x1404  USBSTOR - ok
13:40:34.0807 0x1404  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
13:40:34.0842 0x1404  usbuhci - ok
13:40:34.0882 0x1404  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
13:40:34.0908 0x1404  USBXHCI - ok
13:40:34.0924 0x1404  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:40:34.0941 0x1404  VaultSvc - ok
13:40:35.0319 0x1404  [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:40:35.0348 0x1404  VBoxAswDrv - ok
13:40:35.0378 0x1404  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:40:35.0392 0x1404  vdrvroot - ok
13:40:35.0561 0x1404  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds            C:\Windows\System32\vds.exe
13:40:35.0652 0x1404  vds - ok
13:40:35.0692 0x1404  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
13:40:35.0711 0x1404  VerifierExt - ok
13:40:35.0755 0x1404  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
13:40:35.0794 0x1404  vhdmp - ok
13:40:35.0808 0x1404  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:40:35.0821 0x1404  viaide - ok
13:40:35.0854 0x1404  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid            C:\Windows\System32\drivers\Vid.sys
13:40:35.0883 0x1404  Vid - ok
13:40:35.0904 0x1404  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus          C:\Windows\system32\drivers\vmbus.sys
13:40:35.0920 0x1404  vmbus - ok
13:40:35.0935 0x1404  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
13:40:35.0952 0x1404  VMBusHID - ok
13:40:35.0971 0x1404  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
13:40:36.0004 0x1404  vmbusr - ok
13:40:36.0074 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
13:40:36.0111 0x1404  vmicguestinterface - ok
13:40:36.0133 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
13:40:36.0163 0x1404  vmicheartbeat - ok
13:40:36.0197 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:40:36.0226 0x1404  vmickvpexchange - ok
13:40:36.0255 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv        C:\Windows\System32\ICSvc.dll
13:40:36.0284 0x1404  vmicrdv - ok
13:40:36.0317 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
13:40:36.0346 0x1404  vmicshutdown - ok
13:40:36.0382 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
13:40:36.0411 0x1404  vmictimesync - ok
13:40:36.0458 0x1404  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss        C:\Windows\System32\ICSvc.dll
13:40:36.0487 0x1404  vmicvss - ok
13:40:36.0522 0x1404  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:40:36.0537 0x1404  volmgr - ok
13:40:36.0572 0x1404  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
13:40:36.0598 0x1404  volmgrx - ok
13:40:36.0701 0x1404  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
13:40:36.0735 0x1404  volsnap - ok
13:40:36.0750 0x1404  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
13:40:36.0765 0x1404  vpci - ok
13:40:36.0779 0x1404  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp        C:\Windows\System32\drivers\vpcivsp.sys
13:40:36.0811 0x1404  vpcivsp - ok
13:40:36.0835 0x1404  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
13:40:36.0854 0x1404  vsmraid - ok
13:40:37.0114 0x1404  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS            C:\Windows\system32\vssvc.exe
13:40:37.0201 0x1404  VSS - ok
13:40:37.0232 0x1404  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
13:40:37.0255 0x1404  VSTXRAID - ok
13:40:37.0277 0x1404  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:40:37.0312 0x1404  vwifibus - ok
13:40:37.0373 0x1404  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:37.0474 0x1404  vwififlt - ok
13:40:37.0505 0x1404  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
13:40:37.0543 0x1404  vwifimp - ok
13:40:37.0584 0x1404  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time        C:\Windows\system32\w32time.dll
13:40:37.0629 0x1404  W32Time - ok
13:40:37.0675 0x1404  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
13:40:37.0705 0x1404  WacomPen - ok
13:40:37.0882 0x1404  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
13:40:37.0996 0x1404  wbengine - ok
13:40:38.0068 0x1404  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:40:38.0126 0x1404  WbioSrvc - ok
13:40:38.0170 0x1404  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
13:40:38.0217 0x1404  Wcmsvc - ok
13:40:38.0280 0x1404  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
13:40:38.0334 0x1404  wcncsvc - ok
13:40:38.0360 0x1404  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:40:38.0402 0x1404  WcsPlugInService - ok
13:40:38.0428 0x1404  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
13:40:38.0442 0x1404  WdBoot - ok
13:40:38.0472 0x1404  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM        C:\Windows\System32\drivers\wdcsam64.sys
13:40:38.0494 0x1404  WDC_SAM - ok
13:40:38.0558 0x1404  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:40:38.0615 0x1404  Wdf01000 - ok
13:40:38.0641 0x1404  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
13:40:38.0669 0x1404  WdFilter - ok
13:40:38.0685 0x1404  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:40:38.0721 0x1404  WdiServiceHost - ok
13:40:38.0729 0x1404  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
13:40:38.0756 0x1404  WdiSystemHost - ok
13:40:38.0794 0x1404  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
13:40:38.0822 0x1404  WdNisDrv - ok
13:40:38.0847 0x1404  WdNisSvc - ok
13:40:38.0918 0x1404  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient      C:\Windows\System32\webclnt.dll
13:40:38.0966 0x1404  WebClient - ok
13:40:38.0990 0x1404  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:40:39.0030 0x1404  Wecsvc - ok
13:40:39.0046 0x1404  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
13:40:39.0080 0x1404  WEPHOSTSVC - ok
13:40:39.0116 0x1404  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
13:40:39.0161 0x1404  wercplsupport - ok
13:40:39.0197 0x1404  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:40:39.0236 0x1404  WerSvc - ok
13:40:39.0265 0x1404  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
13:40:39.0282 0x1404  WFPLWFS - ok
13:40:39.0301 0x1404  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
13:40:39.0322 0x1404  WiaRpc - ok
13:40:39.0343 0x1404  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:40:39.0356 0x1404  WIMMount - ok
13:40:39.0362 0x1404  WinDefend - ok
13:40:39.0429 0x1404  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:40:39.0490 0x1404  WinHttpAutoProxySvc - ok
13:40:39.0543 0x1404  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
13:40:39.0572 0x1404  Winmgmt - ok
13:40:39.0811 0x1404  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM          C:\Windows\system32\WsmSvc.dll
13:40:39.0931 0x1404  WinRM - ok
13:40:39.0964 0x1404  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:39.0990 0x1404  WinUsb - ok
13:40:40.0099 0x1404  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc        C:\Windows\System32\wlansvc.dll
13:40:40.0170 0x1404  WlanSvc - ok
13:40:40.0375 0x1404  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
13:40:40.0489 0x1404  wlidsvc - ok
13:40:40.0518 0x1404  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
13:40:40.0540 0x1404  WmiAcpi - ok
13:40:40.0593 0x1404  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:40:40.0636 0x1404  wmiApSrv - ok
13:40:40.0656 0x1404  WMPNetworkSvc - ok
13:40:40.0693 0x1404  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
13:40:40.0725 0x1404  Wof - ok
13:40:40.0929 0x1404  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
13:40:41.0063 0x1404  workfolderssvc - ok
13:40:41.0092 0x1404  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
13:40:41.0108 0x1404  wpcfltr - ok
13:40:41.0133 0x1404  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:40:41.0163 0x1404  WPCSvc - ok
13:40:41.0195 0x1404  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:40:41.0247 0x1404  WPDBusEnum - ok
13:40:41.0270 0x1404  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
13:40:41.0283 0x1404  WpdUpFltr - ok
13:40:41.0295 0x1404  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
13:40:41.0314 0x1404  ws2ifsl - ok
13:40:41.0364 0x1404  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:40:41.0404 0x1404  wscsvc - ok
13:40:41.0410 0x1404  WSearch - ok
13:40:41.0691 0x1404  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService      C:\Windows\System32\WSService.dll
13:40:41.0901 0x1404  WSService - ok
13:40:42.0273 0x1404  [ D24002EB2F4A8A04897703067E81CC5D, 03806198D26DD7BA3E27EFE0911B49E5B48CAD8A05EC4F56AF45CF1E3FAD6916 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:40:42.0467 0x1404  wuauserv - ok
13:40:42.0515 0x1404  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:40:42.0572 0x1404  WudfPf - ok
13:40:42.0621 0x1404  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
13:40:42.0652 0x1404  WUDFRd - ok
13:40:42.0668 0x1404  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
13:40:42.0690 0x1404  WUDFSensorLP - ok
13:40:42.0724 0x1404  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
13:40:42.0758 0x1404  wudfsvc - ok
13:40:42.0775 0x1404  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs      C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:42.0801 0x1404  WUDFWpdFs - ok
13:40:42.0813 0x1404  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:42.0833 0x1404  WUDFWpdMtp - ok
13:40:42.0923 0x1404  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc        C:\Windows\System32\wwansvc.dll
13:40:42.0967 0x1404  WwanSvc - ok
13:40:43.0019 0x1404  ================ Scan global ===============================
13:40:43.0137 0x1404  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
13:40:43.0171 0x1404  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
13:40:43.0204 0x1404  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
13:40:43.0251 0x1404  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
13:40:43.0267 0x1404  [ Global ] - ok
13:40:43.0267 0x1404  ================ Scan MBR ==================================
13:40:43.0275 0x1404  [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
13:40:43.0560 0x1404  \Device\Harddisk0\DR0 - ok
13:40:43.0854 0x1404  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:40:44.0052 0x1404  \Device\Harddisk1\DR1 - ok
13:40:44.0052 0x1404  ================ Scan VBR ==================================
13:40:44.0066 0x1404  [ CD3A218AC7D0A0298D1570351A66DF90 ] \Device\Harddisk0\DR0\Partition1
13:40:44.0093 0x1404  \Device\Harddisk0\DR0\Partition1 - ok
13:40:44.0110 0x1404  [ D27603B4B0F44DFC93F1B2583F8EBE4D ] \Device\Harddisk0\DR0\Partition2
13:40:44.0146 0x1404  \Device\Harddisk0\DR0\Partition2 - ok
13:40:44.0151 0x1404  [ BF16C15BFF29C1185600170DB54813C8 ] \Device\Harddisk1\DR1\Partition1
13:40:44.0168 0x1404  \Device\Harddisk1\DR1\Partition1 - ok
13:40:44.0169 0x1404  ================ Scan generic autorun ======================
13:40:44.0329 0x1404  [ 7FB2571A596467166E240D00C10690F0, 81912C242ABEF16BA68CDFD3F53714D9D8AD6A1C243CD2C47C1C30A424AF3D15 ] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
13:40:44.0358 0x1404  NVRaidService - ok
13:40:44.0503 0x1404  [ A69D1E03FC1067321768E4B7A305CF6B, 6337827467B6390FFCB57A12ACE21C292BD0331A7E797C659B4B4291D88D8A2B ] C:\Windows\system32\US800Pan.exe
13:40:44.0599 0x1404  US800Pane - ok
13:40:44.0928 0x1404  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
13:40:44.0975 0x1404  StartCCC - ok
13:40:45.0105 0x1404  [ D95924A87EE5ACF033BA832AA03F0875, 5C8DC0D9668390C33B85683FB6E2DC1C7FF8EEB35B5999B88DE8C26DBEB290FF ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
13:40:45.0162 0x1404  SoundMAXPnP - ok
13:40:45.0673 0x1404  [ 1C2CC2F54DCA024601989E956B7AF213, 5E30A1D0907CBB1C73D44B068C612DA1DCC0013E0A12919850CF97971B819322 ] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe
13:40:45.0805 0x1404  SoundMAX - detected UnsignedFile.Multi.Generic ( 1 )
13:40:48.0358 0x1404  Detect skipped due to KSN trusted
13:40:48.0358 0x1404  SoundMAX - ok
13:40:48.0606 0x1404  [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
13:40:48.0716 0x1404  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
13:40:51.0254 0x1404  Detect skipped due to KSN trusted
13:40:51.0254 0x1404  AVMWlanClient - ok
13:40:51.0880 0x1404  [ 695BE0A3D240FFF4B876D9289110634A, C4F4A2D0E09DCA92C74C805FB77C0710213CD9DD8B6D62499373F8E56B83C8A9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:40:52.0010 0x1404  AvastUI.exe - ok
13:40:52.0113 0x1404  [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:40:52.0144 0x1404  SunJavaUpdateSched - ok
13:40:52.0145 0x1404  Waiting for KSN requests completion. In queue: 2
13:40:53.0146 0x1404  Waiting for KSN requests completion. In queue: 2
13:40:54.0154 0x1404  Waiting for KSN requests completion. In queue: 2
13:40:55.0208 0x1404  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
13:40:55.0210 0x1404  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:40:55.0214 0x1404  Win FW state via NFP2: enabled
13:40:57.0655 0x1404  ============================================================
13:40:57.0655 0x1404  Scan finished
13:40:57.0655 0x1404  ============================================================
13:40:57.0666 0x15cc  Detected object count: 0
13:40:57.0666 0x15cc  Actual detected object count: 0

rootofallevi 24.05.2015 13:06
sooo Dann die Ergebnisse vom Scan beim ersten Laptop meiner Mitbewohner (ich nenne ihn hier einfach mal Laptop2)
Laptop2 FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Doppel D (administrator) on DEISSLER on 24-05-2015 13:58:25
Running from C:\Users\Doppel D\Desktop
Loaded Profiles: Doppel D (Available Profiles: Doppel D)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Expansion Programs International, Inc.) C:\SIMULIA\Documentation\monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Expansion Programs International, Inc.) C:\SIMULIA\Documentation\monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
() C:\Program Files (x86)\MP4 Player\Mp4Player.exe
(Dropbox, Inc.) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] => C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe [503808 2009-01-30] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [MP4 Player] => C:\Program Files (x86)\MP4 Player\mp4Player.exe [772096 2008-11-06] ()
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar286.lnk [2015-05-24]
ShortcutTarget: Sidebar286.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{18EF1542-630C-4621-A51B-04F11DFE9BD4}: [NameServer] 129.13.64.5,129.13.96.2

FireFox:
========
FF ProfilePath: C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default
FF Homepage: hxxp://www.bvb.de/News/Uebersicht/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\abs@avira.com [2015-04-28]
FF Extension: Adblock Plus - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-02-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) []
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) []
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-10] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-22] (Synaptics Incorporated)
R2 Texis Monitor; C:\SIMULIA\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks)
S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-08-20] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-02-11] (Realtek Semiconductor Corporation                          )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-22] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\swsetup\sp70137\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:58 - 2015-05-24 13:58 - 00023038 _____ () C:\Users\Doppel D\Desktop\FRST.txt
2015-05-24 13:58 - 2015-05-24 13:58 - 00000000 ____D () C:\FRST
2015-05-24 13:48 - 2015-05-24 13:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Doppel D\Desktop\tdsskiller.exe
2015-05-24 13:47 - 2015-05-24 13:47 - 02108416 _____ (Farbar) C:\Users\Doppel D\Desktop\FRST64.exe
2015-05-23 16:05 - 2015-05-23 16:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-22 14:23 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-22 14:23 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-05-22 14:23 - 2015-04-09 00:07 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-22 14:23 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-22 14:23 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-22 14:23 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-22 14:23 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-22 14:23 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-22 14:23 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-22 14:23 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-22 14:23 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-22 14:23 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-22 14:23 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-22 14:23 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-22 14:23 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-05-22 14:23 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-22 14:23 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-05-22 14:23 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-05-22 14:22 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-22 14:22 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-20 15:41 - 2015-05-21 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\PDF Writer
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:26 - 00000000 ____D () C:\ProgramData\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\Common Files\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\7-PDF
2015-05-18 19:25 - 2015-05-04 11:33 - 06967260 ____N (7-PDF, Germany - Th. Hodes ) C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.exe
2015-05-18 19:25 - 2014-11-19 17:38 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2015-05-18 19:25 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-05-18 19:25 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-05-18 19:25 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-05-18 19:25 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-05-18 19:25 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-05-18 19:25 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-05-18 19:25 - 2008-07-09 17:38 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2015-05-18 19:25 - 1999-05-07 01:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX
2015-05-18 19:24 - 2015-05-18 19:24 - 06889574 _____ () C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.zip
2015-05-18 17:17 - 2015-05-21 07:33 - 00000000 ____D () C:\Program Files\paint.net
2015-05-18 17:17 - 2015-05-18 17:19 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\paint.net
2015-05-18 17:16 - 2015-05-18 17:16 - 06528454 _____ () C:\Users\Doppel D\Downloads\paint.net.4.0.5.install.zip
2015-05-18 17:10 - 2015-05-18 17:10 - 01203488 _____ () C:\Users\Doppel D\Downloads\Paint NET - CHIP-Installer.exe
2015-05-17 08:49 - 2015-05-17 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 22:20 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:20 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:03 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 22:03 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 22:03 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 22:03 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 22:03 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 22:03 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 22:03 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 22:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 22:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 22:03 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 22:03 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 22:03 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 22:03 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 22:03 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 22:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 22:03 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 22:03 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 22:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 22:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 22:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 22:03 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 22:03 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 22:03 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 22:03 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 22:03 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 22:03 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 22:03 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 09:51 - 2015-05-12 09:51 - 00776278 _____ () C:\Users\Doppel D\Downloads\Semcon Standort Sindelfingen Anfahrtsskizze.pptx
2015-05-07 13:25 - 2015-05-07 13:25 - 00000000 ____D () C:\Users\Doppel D\Downloads\Windows 8.1 (multiple editions) (x86) - DVD (German)
2015-05-07 11:45 - 2015-05-07 13:25 - 00010759 _____ () C:\Users\Doppel D\Downloads\SecureDownloadManager.log
2015-05-07 11:45 - 2015-05-07 11:45 - 00000184 _____ () C:\Users\Doppel D\Downloads\100381076748.sdx
2015-05-07 11:44 - 2015-05-07 11:44 - 00720384 _____ () C:\Users\Doppel D\Downloads\SDM_DE.msi
2015-05-07 08:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-07 08:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-05 15:28 - 2015-05-05 15:28 - 00000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\Program Files (x86)\MP4 Player
2015-05-05 15:27 - 2015-05-05 15:27 - 01203488 _____ () C:\Users\Doppel D\Downloads\MP4 Player - CHIP-Installer.exe
2015-05-04 08:27 - 2015-05-04 08:28 - 00000000 ____D () C:\Users\Doppel D\Desktop\skripte
2015-05-01 19:48 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-01 19:48 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-01 19:48 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-01 19:48 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-01 19:48 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:48 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:47 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-04-24 16:19 - 2015-04-24 16:19 - 00002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:46 - 2015-01-19 12:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Pokki
2015-05-24 13:28 - 2015-01-19 16:34 - 00000000 ___RD () C:\Users\Doppel D\Desktop\Programme
2015-05-24 13:03 - 2015-03-31 20:21 - 00005148 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler
2015-05-24 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 12:46 - 2015-01-20 08:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 11:44 - 2015-01-19 12:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002
2015-05-24 11:07 - 2015-01-19 12:45 - 01951662 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:47 - 2015-01-19 12:53 - 00000000 ____D () C:\Users\Doppel D\Documents\Youcam
2015-05-24 10:46 - 2014-05-01 00:10 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 10:46 - 2014-05-01 00:10 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 10:46 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 10:43 - 2015-01-20 10:53 - 00000000 ___RD () C:\Users\Doppel D\Dropbox
2015-05-24 10:42 - 2015-01-20 10:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Dropbox
2015-05-24 10:39 - 2013-08-22 16:46 - 00053276 _____ () C:\Windows\setupact.log
2015-05-24 10:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 16:26 - 2015-03-08 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 16:24 - 2015-03-08 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 16:24 - 2015-03-08 12:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 15:52 - 2015-01-19 16:22 - 00000000 ____D () C:\Users\Doppel D\Documents\Bewerbung Job
2015-05-23 15:15 - 2015-03-17 11:17 - 00000362 _____ () C:\Windows\Tasks\HPCeeScheduleForDoppel D.job
2015-05-23 07:47 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-23 07:28 - 2014-08-05 21:39 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-23 07:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-23 07:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-23 07:22 - 2015-01-19 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 07:22 - 2014-03-18 11:44 - 00373540 _____ () C:\Windows\PFRO.log
2015-05-22 20:26 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\vlc
2015-05-22 14:19 - 2015-02-10 22:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-22 08:42 - 2015-02-14 16:50 - 00000000 ____D () C:\Temp
2015-05-21 07:34 - 2015-01-20 15:31 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\CrashDumps
2015-05-21 07:23 - 2015-01-21 21:44 - 00313344 ___SH () C:\Users\Doppel D\Desktop\Thumbs.db
2015-05-19 07:51 - 2015-03-21 15:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 20:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 17:02 - 2015-01-19 14:24 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Adobe
2015-05-17 16:59 - 2015-01-20 08:32 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 16:59 - 2014-08-05 21:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-17 11:18 - 2015-01-19 13:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 08:00 - 2013-08-22 16:44 - 00521792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 22:21 - 2015-01-25 14:51 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-05-12 22:21 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 22:20 - 2015-01-22 18:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 22:14 - 2015-01-22 18:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:10 - 2015-01-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:07 - 2014-03-18 11:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 21:15 - 2015-03-17 11:17 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDoppel D
2015-05-12 08:49 - 2015-01-19 13:16 - 00002326 _____ () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-11 15:28 - 2015-01-19 14:35 - 00010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-09 10:17 - 2015-01-19 12:50 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Packages
2015-05-09 08:46 - 2015-01-20 10:51 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-08 08:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-06 09:14 - 2015-03-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-05 19:59 - 2015-01-22 21:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-01-22 21:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 11:15 - 2015-02-15 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:14 - 2015-02-15 17:28 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:14 - 2015-02-15 17:28 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-30 13:10 - 2014-08-05 21:47 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-30 12:06 - 2015-01-19 14:08 - 00002244 ____H () C:\Users\Doppel D\Documents\Default.rdp
2015-04-28 09:48 - 2015-01-19 13:22 - 00000000 ____D () C:\Users\Doppel D\Documents\WG
2015-04-27 12:30 - 2015-01-19 15:34 - 00000000 ____D () C:\Users\Doppel D\Documents\Citavi 4

==================== Files in the root of some directories =======

2015-01-19 14:35 - 2015-05-11 15:28 - 0010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-05 15:28 - 2015-05-05 15:28 - 0000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-04-24 16:19 - 2015-04-24 16:19 - 0002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel
2015-02-03 21:35 - 2015-02-03 21:35 - 0007606 _____ () C:\Users\Doppel D\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Doppel D\AppData\Local\Temp\avgnt.exe
C:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7vhkr.dll
C:\Users\Doppel D\AppData\Local\Temp\Extract.exe
C:\Users\Doppel D\AppData\Local\Temp\i4jdel0.exe
C:\Users\Doppel D\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Doppel D\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Doppel D\AppData\Local\Temp\oct2574.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct32CD.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct525A.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct5BA0.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct7CDF.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA187.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA561.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octB3AC.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC461.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC9B2.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octEB09.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\scipy-0.14.0-sse3.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67280.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67743.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69229.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69393.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69401.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69404.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69411.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69555.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69559.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69718.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69738.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69846.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70137.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70439.exe
C:\Users\Doppel D\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 18:31

==================== End of log ============================
Laptop2 Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Doppel D at 2015-05-24 13:59:13
Running from C:\Users\Doppel D\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1312067100-3160384092-1139304428-500 - Administrator - Disabled)
Doppel D (S-1-5-21-1312067100-3160384092-1139304428-1002 - Administrator - Enabled) => C:\Users\Doppel D
Gast (S-1-5-21-1312067100-3160384092-1139304428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1312067100-3160384092-1139304428-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 10.11.0.2342 (HKLM\...\7-PDF Printer_is1) (Version: 10.11.0.2342 - 7-PDF, Germany - Th. Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki) (Version: 0.269.7.638 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.50111 - Ihr Firmenname) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.50111 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MP4 Player  (HKLM-x32\...\MP4 Player) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Python 2.7 scipy-0.14.0 (HKLM-x32\...\scipy-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version:  - Samsung Electronics CO.,LTD)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Start Menu (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki_Start_Menu) (Version: 0.269.7.638 - Pokki)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
yEd Graph Editor 3.14 (HKLM\...\3309-7404-0599-8908) (Version: 3.14 - yWorks GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-05-2015 17:42:42 Geplanter Prüfpunkt
21-05-2015 07:32:36 Removed paint.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-02-16 09:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0990C75E-EEE2-4B86-8272-EDA7079CE817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1123A072-1BCD-4AF2-BBF1-37CC14219C22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {2B55C425-F3A3-41D4-BDDB-323B0B29D0CC} - System32\Tasks\HPCeeScheduleForDoppel D => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B4E5D9E-FB40-4851-B770-7CC81249BC24} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard)
Task: {3CA217AF-8BE5-4D18-A55D-E34AB3AA7B15} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard)
Task: {40A1ECC5-6AC6-4B58-B6EF-FC7F95D49975} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {4A8E0D25-B728-4D11-9C3B-D5677A58D476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {5745C80F-E79B-4527-A735-677C3C95D324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E33AB4F-A509-457D-9105-F165B3A35099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {6AE3F81E-FF5D-4FB3-947E-E47F26664DD7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {7552A293-1545-495B-BB57-6BAF739F41CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {80A420C9-4AA9-4506-9EE0-B0C0A8A71CA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-06] (Microsoft Corporation)
Task: {872EEC8A-4540-4C84-A5E2-BB507ED799BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {87FD31D7-ADC0-4FD4-9C9A-24A08D998A9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {895DE694-D487-47FB-B416-4A012ACB2F76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {946D500B-08CE-4039-8D57-4B35C8894C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A4F6685F-D842-4381-BA79-ACE13CFE0211} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard)
Task: {B0D271CB-EFB6-43F3-A39F-1DEC597FD215} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C2F0E930-53DD-4D5F-9881-79994912ADBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C698FEA9-4053-437F-9E22-D26EFA73F12A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C9300309-2256-41D0-B6A6-FB723A098A52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {D28A0CE1-FFFA-42CD-8934-BCBEAC933A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E32BAE91-F6ED-4A31-A84B-3BEF3F188CF2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDoppel D.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-27 14:40 - 2014-09-27 14:40 - 02150400 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00420432 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-19 14:34 - 2007-12-27 17:44 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2015-01-19 14:31 - 2007-08-14 03:03 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
2014-04-06 22:38 - 2014-04-06 22:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-05 21:36 - 2014-10-11 11:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-03-21 15:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-09-27 14:42 - 2014-09-27 14:42 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2008-11-06 19:23 - 2008-11-06 19:23 - 00772096 _____ () C:\Program Files (x86)\MP4 Player\Mp4Player.exe
2015-01-19 14:35 - 2009-02-27 06:03 - 00552960 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-01-19 14:35 - 2009-01-30 13:41 - 00503808 _____ () C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
2015-01-19 14:35 - 2007-08-13 09:18 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-08-05 22:02 - 2013-02-01 11:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-08-05 22:02 - 2013-02-01 11:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2015-02-11 10:04 - 2014-07-24 05:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-02-11 10:04 - 2013-12-30 03:20 - 01355224 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2015-02-11 10:04 - 2014-07-24 05:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-05-24 10:42 - 2015-05-24 10:42 - 00043008 _____ () c:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7vhkr.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-19 14:35 - 2008-06-26 04:45 - 00155648 _____ () C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
2015-01-19 14:35 - 2008-06-26 04:46 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3170\ssole.dll
2015-01-19 14:35 - 2008-06-26 04:45 - 00367104 _____ () C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00569856 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 01400846 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00151054 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00222734 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16AD78DD-65F2-47F6-8CDF-CAF8D355BB32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D98FA805-30BC-47AA-90C8-4F6D608AA674}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070CB099-7A71-44FC-8410-7062B6F7E165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90CB1EC0-7D89-402F-8372-A4399B92751A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1742ECAD-D58F-43A2-A3AD-DA7A6E47458F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27B451F7-8A22-4418-8BF0-12082A446104}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{75F4BDB8-2A9E-4903-9BD7-155A8A99C88A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E779D34-D883-4059-8D0A-1480CF531C17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61C5AA0-59F0-4F7E-A1CB-01FA24E98745}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{A170C4FD-9AD1-44FC-A0BB-12074CA67675}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{B066D0F2-9EED-4981-9FD3-8DFA25BBE09F}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{5395966C-550B-4A1D-8650-7197EB973A6D}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{022A1CF6-4E7C-4283-95F3-4D065580586C}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{8F619BAA-F9A6-4549-9978-43E3888AEF69}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{09ACE5EA-0B83-43A5-83AF-6A981068FBCE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{842FBF91-D0DE-4479-9C11-E68C9E4868CE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D0E8A705-1DAB-41D4-9947-25B624AF5747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{942348C0-30B5-4CDD-B691-48940D5B9B90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{169D1166-8C45-4F70-ACC9-85750662CA30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A161EE38-2B21-4162-BF14-17DC9803882A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{4A971199-06BA-4E38-B49D-C8D6B054ECA9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D6A08F9-926F-4CDC-9641-9D0307D6F56E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DC48C7CC-8C7C-4184-88AB-965555AD6D42}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{C34CD7B8-CCA8-4B1F-BC60-E7BFB9C4D642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73FB4A7A-346F-490B-9591-722E1BBAE5F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B3540C81-C0CD-4F4B-8087-9D36FD30D1D3}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5D7F82B1-2281-4C83-A276-BF776EC41961}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{328C5761-B521-4747-93ED-7EFBDAAD7B5C}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{F02E9BE4-F2B9-4060-866C-C2A7E507E975}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{4226FA3C-C310-4DD6-994F-54F5F87F903E}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{9783FEBE-D1EB-48F1-AFA4-6885C888B7ED}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{D5CFF259-6A4B-46A0-AF54-01A77DB1F732}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EB2897EE-AB63-4D50-88B3-004039E2E740}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CA588A6D-25BF-4CD6-92E0-4CB978107FCA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{16ABB144-DF68-4171-8412-A290AC6F1CF4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{F9397BE3-58B2-41BE-8753-335D2EBF8B49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{199F35C6-1460-4C14-9D21-6803BFAA2260}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5838AB6F-FD65-4111-8A95-28E44BC3A797}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{99476814-A160-4CC9-83A6-BB2F40F0CCC2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6250

Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6250

Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1422

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1422

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 635109

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 635109

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531


System errors:
=============
Error: (05/24/2015 00:33:32 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 00:33:02 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2015 00:09:50 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 00:09:20 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2015 11:45:43 AM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 11:45:13 AM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2015 10:40:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 10:39:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (05/24/2015 10:38:47 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841131952

Error: (05/24/2015 10:39:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎05.‎2015 um 17:40:46 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6250

Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6250

Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1422

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1422

Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 635109

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 635109

Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531


==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 22%
Total physical RAM: 11460.65 MB
Available physical RAM: 8913.84 MB
Total Pagefile: 13188.65 MB
Available Pagefile: 10298.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.06 GB) (Free:728.23 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.43 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CA7DA791)

Partition: GPT Partition Type.

==================== End of log ============================

rootofallevi 24.05.2015 13:07
und noch die interessanten Ergebnisse von tdss auf dem Laptop2:
Code:
14:01:26.0680 0x18ac  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:01:26.0680 0x18ac  UEFI system
14:01:30.0317 0x18ac  ============================================================
14:01:30.0317 0x18ac  Current date / time: 2015/05/24 14:01:30.0317
14:01:30.0317 0x18ac  SystemInfo:
14:01:30.0317 0x18ac 
14:01:30.0317 0x18ac  OS Version: 6.3.9600 ServicePack: 0.0
14:01:30.0317 0x18ac  Product type: Workstation
14:01:30.0317 0x18ac  ComputerName: DEISSLER
14:01:30.0317 0x18ac  UserName: Doppel D
14:01:30.0317 0x18ac  Windows directory: C:\Windows
14:01:30.0317 0x18ac  System windows directory: C:\Windows
14:01:30.0317 0x18ac  Running under WOW64
14:01:30.0317 0x18ac  Processor architecture: Intel x64
14:01:30.0317 0x18ac  Number of processors: 4
14:01:30.0317 0x18ac  Page size: 0x1000
14:01:30.0317 0x18ac  Boot type: Normal boot
14:01:30.0317 0x18ac  ============================================================
14:01:30.0920 0x18ac  KLMD registered as C:\Windows\system32\drivers\76061655.sys
14:01:31.0359 0x18ac  System UUID: {0BE498D0-3960-8FAE-394F-81A7A26EAD36}
14:01:31.0827 0x18ac  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:31.0835 0x18ac  ============================================================
14:01:31.0835 0x18ac  \Device\Harddisk0\DR0:
14:01:31.0835 0x18ac  GPT partitions:
14:01:31.0836 0x18ac  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2BFBEAF5-E6C8-42DE-A3E9-5260D5C6C5BD}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
14:01:31.0836 0x18ac  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {54680D2D-08D4-4490-B58B-6336579B40FD}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
14:01:31.0836 0x18ac  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C7B94240-5977-4E3A-B8DB-BA4D0E35B11B}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
14:01:31.0836 0x18ac  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6D550D50-5370-464E-B6D0-5521F7A8E333}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x7161F800
14:01:31.0836 0x18ac  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {407945CF-CF86-4A85-A8CC-1E169E1B5509}, Name: Basic data partition, StartLBA 0x71827000, BlocksNum 0x2EDD000
14:01:31.0836 0x18ac  MBR partitions:
14:01:31.0836 0x18ac  ============================================================
14:01:31.0857 0x18ac  C: <-> \Device\Harddisk0\DR0\Partition4
14:01:31.0907 0x18ac  D: <-> \Device\Harddisk0\DR0\Partition5
14:01:31.0907 0x18ac  ============================================================
14:01:31.0907 0x18ac  Initialize success
14:01:31.0907 0x18ac  ============================================================
14:01:41.0742 0x1264  ============================================================
14:01:41.0742 0x1264  Scan started
14:01:41.0742 0x1264  Mode: Manual; SigCheck; TDLFS;
14:01:41.0742 0x1264  ============================================================
14:01:41.0742 0x1264  KSN ping started
14:01:44.0153 0x1264  KSN ping finished: true
14:01:45.0887 0x1264  ================ Scan system memory ========================
14:01:45.0888 0x1264  System memory - ok
14:01:45.0890 0x1264  ================ Scan services =============================
14:01:46.0067 0x1264  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
14:01:46.0115 0x1264  1394ohci - ok
14:01:46.0148 0x1264  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
14:01:46.0164 0x1264  3ware - ok
14:01:46.0190 0x1264  [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer  C:\Windows\system32\DRIVERS\Accelerometer.sys
14:01:46.0201 0x1264  Accelerometer - ok
14:01:46.0252 0x1264  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:01:46.0286 0x1264  ACPI - ok
14:01:46.0303 0x1264  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
14:01:46.0318 0x1264  acpiex - ok
14:01:46.0325 0x1264  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
14:01:46.0339 0x1264  acpipagr - ok
14:01:46.0348 0x1264  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
14:01:46.0362 0x1264  AcpiPmi - ok
14:01:46.0369 0x1264  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
14:01:46.0384 0x1264  acpitime - ok
14:01:46.0472 0x1264  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:46.0483 0x1264  AdobeARMservice - ok
14:01:46.0588 0x1264  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:46.0603 0x1264  AdobeFlashPlayerUpdateSvc - ok
14:01:46.0666 0x1264  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
14:01:46.0705 0x1264  ADP80XX - ok
14:01:46.0741 0x1264  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:01:46.0778 0x1264  AeLookupSvc - ok
14:01:46.0824 0x1264  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
14:01:46.0853 0x1264  AFD - ok
14:01:46.0880 0x1264  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:01:46.0895 0x1264  agp440 - ok
14:01:46.0937 0x1264  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
14:01:46.0953 0x1264  ahcache - ok
14:01:46.0995 0x1264  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG            C:\Windows\System32\alg.exe
14:01:47.0010 0x1264  ALG - ok
14:01:47.0042 0x1264  [ 6EF9DB99793BC3494EDA6C2B1DA7FA32, 5EDA9068E84070445A0585D27727D1ED74E17E87584A6661D08E394544E14E34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:01:47.0064 0x1264  AMD External Events Utility - ok
14:01:47.0141 0x1264  AMD FUEL Service - ok
14:01:47.0181 0x1264  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
14:01:47.0203 0x1264  AmdK8 - ok
14:01:47.0685 0x1264  [ EA20992B6D899437F844F796325F42D7, A7671D1154841BE8D9B6E59C527F64D5790ACBE18F1CE033CC58C080AC7D8BC2 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:48.0124 0x1264  amdkmdag - ok
14:01:48.0224 0x1264  [ 3FC5DEC11E6B595EAF80537B3A7827AA, 5AEE9D8931BA9D0C2D9FAB66874501B7138CAACB5588D7D08349AE9CA0D66D35 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:01:48.0255 0x1264  amdkmdap - ok
14:01:48.0295 0x1264  [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd        C:\Windows\system32\drivers\amdkmpfd.sys
14:01:48.0312 0x1264  amdkmpfd - ok
14:01:48.0327 0x1264  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
14:01:48.0342 0x1264  AmdPPM - ok
14:01:48.0356 0x1264  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
14:01:48.0371 0x1264  amdsata - ok
14:01:48.0410 0x1264  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:01:48.0431 0x1264  amdsbs - ok
14:01:48.0453 0x1264  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
14:01:48.0465 0x1264  amdxata - ok
14:01:48.0577 0x1264  [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
14:01:48.0609 0x1264  AntiVirMailService - ok
14:01:48.0657 0x1264  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:01:48.0680 0x1264  AntiVirSchedulerService - ok
14:01:48.0730 0x1264  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:01:48.0751 0x1264  AntiVirService - ok
14:01:48.0806 0x1264  [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
14:01:48.0848 0x1264  AntiVirWebService - ok
14:01:48.0888 0x1264  [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:01:48.0898 0x1264  AODDriver4.3 - ok
14:01:48.0953 0x1264  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
14:01:48.0969 0x1264  AppHostSvc - ok
14:01:48.0997 0x1264  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID          C:\Windows\system32\drivers\appid.sys
14:01:49.0013 0x1264  AppID - ok
14:01:49.0050 0x1264  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:01:49.0065 0x1264  AppIDSvc - ok
14:01:49.0107 0x1264  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo        C:\Windows\System32\appinfo.dll
14:01:49.0124 0x1264  Appinfo - ok
14:01:49.0171 0x1264  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
14:01:49.0201 0x1264  AppReadiness - ok
14:01:49.0267 0x1264  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
14:01:49.0318 0x1264  AppXSvc - ok
14:01:49.0347 0x1264  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:01:49.0363 0x1264  arcsas - ok
14:01:49.0476 0x1264  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:01:49.0490 0x1264  aspnet_state - ok
14:01:49.0509 0x1264  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:49.0527 0x1264  AsyncMac - ok
14:01:49.0553 0x1264  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
14:01:49.0566 0x1264  atapi - ok
14:01:49.0611 0x1264  [ 8645A198090288F4C5FD998903736216, 720B37BEE126E708E70ECA51770670E5DE389C0E48AEA191DCBCB08A8A1655F1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
14:01:49.0633 0x1264  AtiHDAudioService - ok
14:01:49.0679 0x1264  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:01:49.0712 0x1264  AudioEndpointBuilder - ok
14:01:49.0781 0x1264  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:01:49.0828 0x1264  Audiosrv - ok
14:01:49.0861 0x1264  [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:01:49.0875 0x1264  avgntflt - ok
14:01:49.0913 0x1264  [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:01:49.0926 0x1264  avipbb - ok
14:01:49.0984 0x1264  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:01:49.0996 0x1264  Avira.OE.ServiceHost - ok
14:01:50.0010 0x1264  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:01:50.0019 0x1264  avkmgr - ok
14:01:50.0051 0x1264  [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
14:01:50.0061 0x1264  avnetflt - ok
14:01:50.0105 0x1264  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:01:50.0122 0x1264  AxInstSV - ok
14:01:50.0170 0x1264  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
14:01:50.0204 0x1264  b06bdrv - ok
14:01:50.0229 0x1264  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
14:01:50.0243 0x1264  BasicDisplay - ok
14:01:50.0251 0x1264  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
14:01:50.0266 0x1264  BasicRender - ok
14:01:50.0294 0x1264  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
14:01:50.0306 0x1264  bcmfn2 - ok
14:01:50.0353 0x1264  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
14:01:50.0377 0x1264  BDESVC - ok
14:01:50.0396 0x1264  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
14:01:50.0421 0x1264  Beep - ok
14:01:50.0487 0x1264  [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE            C:\Windows\System32\bfe.dll
14:01:50.0529 0x1264  BFE - ok
14:01:50.0599 0x1264  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
14:01:50.0644 0x1264  BITS - ok
14:01:50.0689 0x1264  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:01:50.0712 0x1264  Bonjour Service - ok
14:01:50.0742 0x1264  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:01:50.0757 0x1264  bowser - ok
14:01:50.0807 0x1264  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:01:50.0829 0x1264  BrokerInfrastructure - ok
14:01:50.0861 0x1264  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser        C:\Windows\System32\browser.dll
14:01:50.0879 0x1264  Browser - ok
14:01:50.0936 0x1264  [ 8930614CCA26B8AEE8B8160C44DC2458, F687C1B7EBAAB1127D03436BBDBE9964D7385E7BBC921B8DF44B9C62E2B99D25 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
14:01:50.0952 0x1264  BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
14:01:53.0416 0x1264  Detect skipped due to KSN trusted
14:01:53.0416 0x1264  BTDevManager - ok
14:01:53.0483 0x1264  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
14:01:53.0503 0x1264  BthAvrcpTg - ok
14:01:53.0550 0x1264  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum        C:\Windows\System32\drivers\BthEnum.sys
14:01:53.0566 0x1264  BthEnum - ok
14:01:53.0610 0x1264  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
14:01:53.0625 0x1264  BthHFEnum - ok
14:01:53.0633 0x1264  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
14:01:53.0647 0x1264  bthhfhid - ok
14:01:53.0687 0x1264  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
14:01:53.0710 0x1264  BthHFSrv - ok
14:01:53.0744 0x1264  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum      C:\Windows\system32\DRIVERS\BthLEEnum.sys
14:01:53.0765 0x1264  BthLEEnum - ok
14:01:53.0795 0x1264  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
14:01:53.0810 0x1264  BTHMODEM - ok
14:01:53.0844 0x1264  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
14:01:53.0861 0x1264  BthPan - ok
14:01:53.0954 0x1264  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
14:01:54.0002 0x1264  BTHPORT - ok
14:01:54.0040 0x1264  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv        C:\Windows\system32\bthserv.dll
14:01:54.0056 0x1264  bthserv - ok
14:01:54.0110 0x1264  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:01:54.0133 0x1264  BTHUSB - ok
14:01:54.0150 0x1264  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:01:54.0167 0x1264  cdfs - ok
14:01:54.0190 0x1264  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
14:01:54.0208 0x1264  cdrom - ok
14:01:54.0252 0x1264  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc    C:\Windows\System32\certprop.dll
14:01:54.0270 0x1264  CertPropSvc - ok
14:01:54.0297 0x1264  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
14:01:54.0311 0x1264  circlass - ok
14:01:54.0356 0x1264  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
14:01:54.0380 0x1264  CLFS - ok
14:01:54.0531 0x1264  [ 42C5B8010D47EF3F4BAE6D1B427E80F4, 721C24522C43D50081EA01FD521D68EB365B91561CCF2E7AD1F091FBD61E67FB ] ClickToRunSvc  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
14:01:54.0617 0x1264  ClickToRunSvc - ok
14:01:54.0669 0x1264  [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
14:01:54.0680 0x1264  CLVirtualDrive - ok
14:01:54.0712 0x1264  [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
14:01:54.0721 0x1264  clwvd - ok
14:01:54.0748 0x1264  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
14:01:54.0763 0x1264  CmBatt - ok
14:01:54.0820 0x1264  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG            C:\Windows\system32\Drivers\cng.sys
14:01:54.0855 0x1264  CNG - ok
14:01:54.0881 0x1264  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
14:01:54.0895 0x1264  CompositeBus - ok
14:01:54.0901 0x1264  COMSysApp - ok
14:01:54.0919 0x1264  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
14:01:54.0934 0x1264  condrv - ok
14:01:54.0976 0x1264  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:01:55.0003 0x1264  CryptSvc - ok
14:01:55.0091 0x1264  [ F016D182507CD4671B6D6672CD71C54B, 392382207B76B313895D9BDF48AFDF3B0E11EDF9381059EF757817FE60BE077D ] DACoreService  C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
14:01:55.0112 0x1264  DACoreService - ok
14:01:55.0145 0x1264  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam            C:\Windows\system32\drivers\dam.sys
14:01:55.0158 0x1264  dam - ok
14:01:55.0215 0x1264  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:01:55.0255 0x1264  DcomLaunch - ok
14:01:55.0322 0x1264  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc      C:\Windows\System32\defragsvc.dll
14:01:55.0351 0x1264  defragsvc - ok
14:01:55.0416 0x1264  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
14:01:55.0443 0x1264  DeviceAssociationService - ok
14:01:55.0507 0x1264  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
14:01:55.0524 0x1264  DeviceInstall - ok
14:01:55.0554 0x1264  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
14:01:55.0569 0x1264  Dfsc - ok
14:01:55.0596 0x1264  [ CFBB4907C7542180B5E0282301240006, 6E4732842F6526559F511D8053194159FFB78BB8F42FB167E7663ECEE257CF97 ] DgiVecp        C:\Windows\system32\Drivers\DgiVecp.sys
14:01:55.0606 0x1264  DgiVecp - ok
14:01:55.0651 0x1264  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:01:55.0691 0x1264  Dhcp - ok
14:01:55.0769 0x1264  [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack      C:\Windows\system32\diagtrack.dll
14:01:55.0825 0x1264  DiagTrack - ok
14:01:55.0860 0x1264  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
14:01:55.0875 0x1264  disk - ok
14:01:55.0884 0x1264  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
14:01:55.0898 0x1264  dmvsc - ok
14:01:55.0945 0x1264  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:01:55.0966 0x1264  Dnscache - ok
14:01:56.0004 0x1264  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:01:56.0024 0x1264  dot3svc - ok
14:01:56.0062 0x1264  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS            C:\Windows\system32\dps.dll
14:01:56.0082 0x1264  DPS - ok
14:01:56.0104 0x1264  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:01:56.0116 0x1264  drmkaud - ok
14:01:56.0152 0x1264  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
14:01:56.0171 0x1264  DsmSvc - ok
14:01:56.0257 0x1264  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:01:56.0320 0x1264  DXGKrnl - ok
14:01:56.0351 0x1264  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost        C:\Windows\System32\eapsvc.dll
14:01:56.0368 0x1264  Eaphost - ok
14:01:56.0505 0x1264  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
14:01:56.0635 0x1264  ebdrv - ok
14:01:56.0685 0x1264  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS            C:\Windows\System32\lsass.exe
14:01:56.0716 0x1264  EFS - ok
14:01:56.0750 0x1264  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
14:01:56.0767 0x1264  EhStorClass - ok
14:01:56.0793 0x1264  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:01:56.0808 0x1264  EhStorTcgDrv - ok
14:01:56.0829 0x1264  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
14:01:56.0842 0x1264  ErrDev - ok
14:01:56.0906 0x1264  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem    C:\Windows\system32\es.dll
14:01:56.0936 0x1264  EventSystem - ok
14:01:56.0949 0x1264  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
14:01:56.0974 0x1264  exfat - ok
14:01:56.0999 0x1264  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:01:57.0019 0x1264  fastfat - ok
14:01:57.0077 0x1264  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax            C:\Windows\system32\fxssvc.exe
14:01:57.0108 0x1264  Fax - ok
14:01:57.0135 0x1264  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
14:01:57.0149 0x1264  fdc - ok
14:01:57.0177 0x1264  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost        C:\Windows\system32\fdPHost.dll
14:01:57.0191 0x1264  fdPHost - ok
14:01:57.0235 0x1264  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:01:57.0248 0x1264  FDResPub - ok
14:01:57.0282 0x1264  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc          C:\Windows\system32\fhsvc.dll
14:01:57.0299 0x1264  fhsvc - ok
14:01:57.0327 0x1264  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:01:57.0343 0x1264  FileInfo - ok
14:01:57.0364 0x1264  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:01:57.0385 0x1264  Filetrace - ok
14:01:57.0406 0x1264  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
14:01:57.0419 0x1264  flpydisk - ok
14:01:57.0457 0x1264  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:01:57.0482 0x1264  FltMgr - ok
14:01:57.0558 0x1264  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache      C:\Windows\system32\FntCache.dll
14:01:57.0610 0x1264  FontCache - ok
14:01:57.0666 0x1264  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:57.0676 0x1264  FontCache3.0.0.0 - ok
14:01:57.0710 0x1264  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
14:01:57.0724 0x1264  FsDepends - ok
14:01:57.0743 0x1264  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:01:57.0756 0x1264  Fs_Rec - ok
14:01:57.0806 0x1264  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:01:57.0869 0x1264  fvevol - ok
14:01:57.0910 0x1264  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
14:01:57.0924 0x1264  FxPPM - ok
14:01:57.0932 0x1264  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:01:57.0947 0x1264  gagp30kx - ok
14:01:58.0021 0x1264  [ E6CE7A89183D1840F0FF63694292FFA2, 8907ADCF9967026CD1A9D545E2274569F840F1DFF0E407CC77B6A662267AAC4B ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
14:01:58.0036 0x1264  GamesAppIntegrationService - ok
14:01:58.0055 0x1264  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:01:58.0068 0x1264  GamesAppService - ok
14:01:58.0087 0x1264  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
14:01:58.0101 0x1264  gencounter - ok
14:01:58.0145 0x1264  GENERICDRV - ok
14:01:58.0177 0x1264  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
14:01:58.0193 0x1264  GPIOClx0101 - ok
14:01:58.0265 0x1264  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc          C:\Windows\System32\gpsvc.dll
14:01:58.0320 0x1264  gpsvc - ok
14:01:58.0376 0x1264  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:01:58.0400 0x1264  HdAudAddService - ok
14:01:58.0437 0x1264  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
14:01:58.0452 0x1264  HDAudBus - ok
14:01:58.0476 0x1264  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
14:01:58.0489 0x1264  HidBatt - ok
14:01:58.0525 0x1264  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
14:01:58.0540 0x1264  HidBth - ok
14:01:58.0548 0x1264  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
14:01:58.0564 0x1264  hidi2c - ok
14:01:58.0572 0x1264  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
14:01:58.0586 0x1264  HidIr - ok
14:01:58.0622 0x1264  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv        C:\Windows\system32\hidserv.dll
14:01:58.0636 0x1264  hidserv - ok
14:01:58.0668 0x1264  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
14:01:58.0681 0x1264  HidUsb - ok
14:01:58.0718 0x1264  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:01:58.0734 0x1264  hkmsvc - ok
14:01:58.0774 0x1264  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:01:58.0794 0x1264  HomeGroupListener - ok
14:01:58.0846 0x1264  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:01:58.0888 0x1264  HomeGroupProvider - ok
14:01:58.0987 0x1264  [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:01:59.0000 0x1264  HP Support Assistant Service - ok
14:01:59.0029 0x1264  [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
14:01:59.0037 0x1264  hpdskflt - ok
14:01:59.0114 0x1264  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:01:59.0153 0x1264  hpqwmiex - ok
14:01:59.0191 0x1264  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:01:59.0205 0x1264  HpSAMD - ok
14:01:59.0229 0x1264  [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv          C:\Windows\system32\Hpservice.exe
14:01:59.0238 0x1264  hpsrv - ok
14:01:59.0323 0x1264  [ 28C5E3C59B130D1C9932AB3A588BD4E5, EED44E0364C75BC09FFB7CF842D3F3A5FCE269F1F8DC8CE541EB3B95BAB93AB4 ] HPWMISVC        c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
14:01:59.0347 0x1264  HPWMISVC - ok
14:01:59.0399 0x1264  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:01:59.0442 0x1264  HTTP - ok
14:01:59.0460 0x1264  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:01:59.0473 0x1264  hwpolicy - ok
14:01:59.0501 0x1264  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
14:01:59.0513 0x1264  hyperkbd - ok
14:01:59.0519 0x1264  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
14:01:59.0533 0x1264  HyperVideo - ok
14:01:59.0565 0x1264  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
14:01:59.0581 0x1264  i8042prt - ok
14:01:59.0588 0x1264  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
14:01:59.0598 0x1264  iaLPSSi_GPIO - ok
14:01:59.0607 0x1264  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
14:01:59.0620 0x1264  iaLPSSi_I2C - ok
14:01:59.0657 0x1264  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
14:01:59.0683 0x1264  iaStorAV - ok
14:01:59.0702 0x1264  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
14:01:59.0729 0x1264  iaStorV - ok
14:01:59.0737 0x1264  IEEtwCollectorService - ok
14:01:59.0810 0x1264  [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:01:59.0856 0x1264  IKEEXT - ok
14:02:00.0059 0x1264  [ CC279B89A16615B8DD13422544F6B478, DFC6AF05670CA79D8CC2C89FB5FBD8EECC4FB159CD8EFE422F06BE2A272608B6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:02:00.0189 0x1264  IntcAzAudAddService - ok
14:02:00.0278 0x1264  [ 50672DB7AF32CD9D5AB829731256642C, 5CE27D075C4C2E837A885A931B7000BC881FF3D93960A41013F2580D913C3F71 ] Intel(R) TechnologyAccessService C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
14:02:00.0307 0x1264  Intel(R) TechnologyAccessService - ok
14:02:00.0325 0x1264  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:02:00.0339 0x1264  intelide - ok
14:02:00.0374 0x1264  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
14:02:00.0388 0x1264  intelpep - ok
14:02:00.0429 0x1264  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
14:02:00.0445 0x1264  intelppm - ok
14:02:00.0454 0x1264  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:00.0472 0x1264  IpFilterDriver - ok
14:02:00.0529 0x1264  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:02:00.0570 0x1264  iphlpsvc - ok
14:02:00.0614 0x1264  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
14:02:00.0628 0x1264  IPMIDRV - ok
14:02:00.0646 0x1264  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
14:02:00.0661 0x1264  IPNAT - ok
14:02:00.0679 0x1264  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:02:00.0695 0x1264  IRENUM - ok
14:02:00.0702 0x1264  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:02:00.0714 0x1264  isapnp - ok
14:02:00.0756 0x1264  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
14:02:00.0778 0x1264  iScsiPrt - ok
14:02:00.0907 0x1264  [ 64700303BF6592C1D139F68C63EE597A, 1094057F109B322832F72E1C727F9717292750B0826AEDA7B940B78FCF3E0F17 ] iumsvc          C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
14:02:00.0936 0x1264  iumsvc - ok
14:02:00.0989 0x1264  [ FA3F365E5AC0595B80F255A04005F053, 299061C0BC6D21ABC666BA747DF1DD64E778A58599045F481B82E7033F0751DC ] jnprns          C:\Windows\system32\DRIVERS\jnprns.sys
14:02:01.0011 0x1264  jnprns - ok
14:02:01.0040 0x1264  [ B389392FC94D0E86A7D2914489B452AB, A4BC8BFD76ADCD3559704BA3BFDABDF31D1E6EC3EE6D6575C9B806FF9DB5A903 ] jnprTdi_807_50111 C:\Windows\system32\Drivers\jnprTdi_807_50111.sys
14:02:01.0051 0x1264  jnprTdi_807_50111 - ok
14:02:01.0073 0x1264  [ 44C9235408780F1F6299FA809A2C4FCE, 409E0A4212669A30E3EA14083668785C69D5F0028692F23419BCDAD00D15097A ] jnprva          C:\Windows\system32\DRIVERS\jnprva.sys
14:02:01.0083 0x1264  jnprva - ok
14:02:01.0098 0x1264  [ 43389A5F75966CB4715253F1B3EAD392, 68C61701DAC97EB21AFDD9457A71417C474F9EE0B0CEE6859B694266E601803C ] JnprVaMgr      C:\Windows\system32\DRIVERS\jnprvamgr.sys
14:02:01.0107 0x1264  JnprVaMgr - ok
14:02:01.0208 0x1264  [ 31288BE014E823EB97F4E35E82FCB886, 86ABDFC758A3FFB0A44052A680FF18272C82A65C2DE4554F6CAA836E132D2EA3 ] JuniperAccessService C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
14:02:01.0235 0x1264  JuniperAccessService - ok
14:02:01.0280 0x1264  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
14:02:01.0293 0x1264  kbdclass - ok
14:02:01.0322 0x1264  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
14:02:01.0335 0x1264  kbdhid - ok
14:02:01.0356 0x1264  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
14:02:01.0369 0x1264  kdnic - ok
14:02:01.0388 0x1264  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
14:02:01.0402 0x1264  KeyIso - ok
14:02:01.0442 0x1264  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:02:01.0456 0x1264  KSecDD - ok
14:02:01.0488 0x1264  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
14:02:01.0505 0x1264  KSecPkg - ok
14:02:01.0519 0x1264  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
14:02:01.0533 0x1264  ksthunk - ok
14:02:01.0577 0x1264  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:02:01.0602 0x1264  KtmRm - ok
14:02:01.0662 0x1264  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:02:01.0684 0x1264  LanmanServer - ok
14:02:01.0776 0x1264  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:02:01.0804 0x1264  LanmanWorkstation - ok
14:02:01.0853 0x1264  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
14:02:01.0882 0x1264  lfsvc - ok
14:02:01.0920 0x1264  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:02:01.0938 0x1264  lltdio - ok
14:02:01.0962 0x1264  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:02:01.0983 0x1264  lltdsvc - ok
14:02:02.0030 0x1264  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:02:02.0064 0x1264  lmhosts - ok
14:02:02.0101 0x1264  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
14:02:02.0117 0x1264  LSI_SAS - ok
14:02:02.0141 0x1264  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:02:02.0156 0x1264  LSI_SAS2 - ok
14:02:02.0165 0x1264  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
14:02:02.0180 0x1264  LSI_SAS3 - ok
14:02:02.0189 0x1264  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
14:02:02.0203 0x1264  LSI_SSS - ok
14:02:02.0261 0x1264  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM            C:\Windows\System32\lsm.dll
14:02:02.0297 0x1264  LSM - ok
14:02:02.0344 0x1264  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
14:02:02.0361 0x1264  luafv - ok
14:02:02.0405 0x1264  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
14:02:02.0414 0x1264  MBAMProtector - ok
14:02:02.0503 0x1264  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
14:02:02.0542 0x1264  MBAMService - ok
14:02:02.0565 0x1264  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:02:02.0575 0x1264  MBAMWebAccessControl - ok
14:02:02.0600 0x1264  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
14:02:02.0613 0x1264  megasas - ok
14:02:02.0658 0x1264  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
14:02:02.0688 0x1264  megasr - ok
14:02:02.0723 0x1264  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS          C:\Windows\system32\mmcss.dll
14:02:02.0749 0x1264  MMCSS - ok
14:02:02.0788 0x1264  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
14:02:02.0804 0x1264  Modem - ok
14:02:02.0829 0x1264  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
14:02:02.0842 0x1264  monitor - ok
14:02:02.0883 0x1264  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
14:02:02.0896 0x1264  mouclass - ok
14:02:02.0914 0x1264  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
14:02:02.0926 0x1264  mouhid - ok
14:02:02.0958 0x1264  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:02:02.0972 0x1264  mountmgr - ok
14:02:03.0003 0x1264  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:02:03.0016 0x1264  MozillaMaintenance - ok
14:02:03.0045 0x1264  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:02:03.0058 0x1264  mpsdrv - ok
14:02:03.0120 0x1264  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:02:03.0159 0x1264  MpsSvc - ok
14:02:03.0197 0x1264  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:02:03.0214 0x1264  MRxDAV - ok
14:02:03.0257 0x1264  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:03.0279 0x1264  mrxsmb - ok
14:02:03.0323 0x1264  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:03.0342 0x1264  mrxsmb10 - ok
14:02:03.0374 0x1264  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:03.0391 0x1264  mrxsmb20 - ok
14:02:03.0438 0x1264  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
14:02:03.0466 0x1264  MsBridge - ok
14:02:03.0498 0x1264  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC          C:\Windows\System32\msdtc.exe
14:02:03.0514 0x1264  MSDTC - ok
14:02:03.0546 0x1264  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:02:03.0576 0x1264  Msfs - ok
14:02:03.0596 0x1264  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
14:02:03.0608 0x1264  msgpiowin32 - ok
14:02:03.0628 0x1264  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
14:02:03.0642 0x1264  mshidkmdf - ok
14:02:03.0657 0x1264  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
14:02:03.0671 0x1264  mshidumdf - ok
14:02:03.0694 0x1264  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:02:03.0706 0x1264  msisadrv - ok
14:02:03.0746 0x1264  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:02:03.0762 0x1264  MSiSCSI - ok
14:02:03.0768 0x1264  msiserver - ok
14:02:03.0800 0x1264  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:02:03.0813 0x1264  MSKSSRV - ok
14:02:03.0850 0x1264  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
14:02:03.0863 0x1264  MsLldp - ok
14:02:03.0869 0x1264  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:03.0883 0x1264  MSPCLOCK - ok
14:02:03.0901 0x1264  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:02:03.0914 0x1264  MSPQM - ok
14:02:03.0939 0x1264  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:02:03.0963 0x1264  MsRPC - ok
14:02:03.0983 0x1264  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
14:02:03.0995 0x1264  mssmbios - ok
14:02:04.0023 0x1264  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:02:04.0036 0x1264  MSTEE - ok
14:02:04.0042 0x1264  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
14:02:04.0055 0x1264  MTConfig - ok
14:02:04.0072 0x1264  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
14:02:04.0086 0x1264  Mup - ok
14:02:04.0094 0x1264  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
14:02:04.0108 0x1264  mvumis - ok
14:02:04.0156 0x1264  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
14:02:04.0182 0x1264  napagent - ok
14:02:04.0228 0x1264  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:02:04.0253 0x1264  NativeWifiP - ok
14:02:04.0289 0x1264  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
14:02:04.0307 0x1264  NcaSvc - ok
14:02:04.0337 0x1264  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
14:02:04.0354 0x1264  NcbService - ok
14:02:04.0390 0x1264  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
14:02:04.0405 0x1264  NcdAutoSetup - ok
14:02:04.0471 0x1264  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:02:04.0520 0x1264  NDIS - ok
14:02:04.0551 0x1264  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
14:02:04.0565 0x1264  NdisCap - ok
14:02:04.0610 0x1264  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:02:04.0636 0x1264  NdisImPlatform - ok
14:02:04.0671 0x1264  [ 6AA7FB95A2E80428601438E83E2C2C70, 28FB4464FAA2371419FA38F484EFB9A05C28F99D554E321198BD4B9AD764B7F7 ] ndisrd          C:\Windows\system32\DRIVERS\ndisrfl.sys
14:02:04.0682 0x1264  ndisrd - ok
14:02:04.0715 0x1264  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:04.0727 0x1264  NdisTapi - ok
14:02:04.0762 0x1264  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:04.0775 0x1264  Ndisuio - ok
14:02:04.0791 0x1264  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
14:02:04.0807 0x1264  NdisVirtualBus - ok
14:02:04.0830 0x1264  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:04.0851 0x1264  NdisWan - ok
14:02:04.0862 0x1264  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:04.0884 0x1264  NdisWanLegacy - ok
14:02:04.0917 0x1264  [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:02:04.0930 0x1264  NDProxy - ok
14:02:04.0967 0x1264  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
14:02:04.0981 0x1264  Ndu - ok
14:02:05.0018 0x1264  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:02:05.0031 0x1264  NetBIOS - ok
14:02:05.0053 0x1264  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
14:02:05.0073 0x1264  NetBT - ok
14:02:05.0093 0x1264  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
14:02:05.0107 0x1264  Netlogon - ok
14:02:05.0150 0x1264  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
14:02:05.0171 0x1264  Netman - ok
14:02:05.0221 0x1264  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
14:02:05.0256 0x1264  netprofm - ok
14:02:05.0291 0x1264  [ 6D93008DAB18953F2BD3B7186385A511, 4AFD8126944F725C5D8AB93DCEA554515D944F5F34D5CADA6B22366DE55EA1FF ] NetTap630      C:\Windows\system32\DRIVERS\nettap630.sys
14:02:05.0303 0x1264  NetTap630 - ok
14:02:05.0358 0x1264  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:02:05.0373 0x1264  NetTcpPortSharing - ok
14:02:05.0405 0x1264  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
14:02:05.0419 0x1264  netvsc - ok
14:02:05.0469 0x1264  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:02:05.0494 0x1264  NlaSvc - ok
14:02:05.0516 0x1264  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:02:05.0548 0x1264  Npfs - ok
14:02:05.0567 0x1264  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
14:02:05.0580 0x1264  npsvctrig - ok
14:02:05.0606 0x1264  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi            C:\Windows\system32\nsisvc.dll
14:02:05.0620 0x1264  nsi - ok
14:02:05.0647 0x1264  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:02:05.0661 0x1264  nsiproxy - ok
14:02:05.0756 0x1264  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:02:05.0840 0x1264  Ntfs - ok
14:02:05.0861 0x1264  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
14:02:05.0874 0x1264  Null - ok
14:02:05.0896 0x1264  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:02:05.0914 0x1264  nvraid - ok
14:02:05.0925 0x1264  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:02:05.0943 0x1264  nvstor - ok
14:02:05.0952 0x1264  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:02:05.0968 0x1264  nv_agp - ok
14:02:06.0117 0x1264  [ 98060FFF86EA387F08BFDEFFB0C8E29C, 7F9963340A694ADEB3C9D5AE3A01F7D73A226147675F95DBA10A45E27C53C478 ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
14:02:06.0132 0x1264  omniserv - detected UnsignedFile.Multi.Generic ( 1 )
14:02:08.0668 0x1264  Detect skipped due to KSN trusted
14:02:08.0668 0x1264  omniserv - ok
14:02:08.0760 0x1264  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:08.0792 0x1264  ose - ok
14:02:09.0049 0x1264  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:02:09.0200 0x1264  osppsvc - ok
14:02:09.0255 0x1264  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:02:09.0285 0x1264  p2pimsvc - ok
14:02:09.0330 0x1264  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
14:02:09.0357 0x1264  p2psvc - ok
14:02:09.0384 0x1264  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
14:02:09.0399 0x1264  Parport - ok
14:02:09.0441 0x1264  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:02:09.0459 0x1264  partmgr - ok
14:02:09.0519 0x1264  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:02:09.0551 0x1264  PcaSvc - ok
14:02:09.0601 0x1264  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
14:02:09.0623 0x1264  pci - ok
14:02:09.0636 0x1264  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:02:09.0649 0x1264  pciide - ok
14:02:09.0687 0x1264  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:02:09.0703 0x1264  pcmcia - ok
14:02:09.0721 0x1264  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
14:02:09.0735 0x1264  pcw - ok
14:02:09.0760 0x1264  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc            C:\Windows\system32\drivers\pdc.sys
14:02:09.0774 0x1264  pdc - ok
14:02:09.0815 0x1264  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:02:09.0848 0x1264  PEAUTH - ok
14:02:09.0910 0x1264  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:02:09.0926 0x1264  PerfHost - ok
14:02:10.0017 0x1264  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla            C:\Windows\system32\pla.dll
14:02:10.0077 0x1264  pla - ok
14:02:10.0118 0x1264  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:02:10.0135 0x1264  PlugPlay - ok
14:02:10.0165 0x1264  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
14:02:10.0179 0x1264  PNRPAutoReg - ok
14:02:10.0209 0x1264  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
14:02:10.0234 0x1264  PNRPsvc - ok
14:02:10.0274 0x1264  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:02:10.0302 0x1264  PolicyAgent - ok
14:02:10.0347 0x1264  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power          C:\Windows\system32\umpo.dll
14:02:10.0368 0x1264  Power - ok
14:02:10.0398 0x1264  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:02:10.0423 0x1264  PptpMiniport - ok
14:02:10.0665 0x1264  [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
14:02:10.0766 0x1264  PrintNotify - ok
14:02:10.0811 0x1264  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
14:02:10.0828 0x1264  Processor - ok
14:02:10.0860 0x1264  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:02:10.0897 0x1264  ProfSvc - ok
14:02:10.0962 0x1264  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:02:10.0985 0x1264  Psched - ok
14:02:11.0035 0x1264  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE          C:\Windows\system32\qwave.dll
14:02:11.0060 0x1264  QWAVE - ok
14:02:11.0095 0x1264  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:02:11.0109 0x1264  QWAVEdrv - ok
14:02:11.0129 0x1264  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:02:11.0143 0x1264  RasAcd - ok
14:02:11.0182 0x1264  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
14:02:11.0196 0x1264  RasAgileVpn - ok
14:02:11.0227 0x1264  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto        C:\Windows\System32\rasauto.dll
14:02:11.0243 0x1264  RasAuto - ok
14:02:11.0282 0x1264  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:11.0306 0x1264  Rasl2tp - ok
14:02:11.0381 0x1264  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
14:02:11.0411 0x1264  RasMan - ok
14:02:11.0428 0x1264  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:11.0446 0x1264  RasPppoe - ok
14:02:11.0483 0x1264  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:02:11.0498 0x1264  RasSstp - ok
14:02:11.0540 0x1264  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:02:11.0569 0x1264  rdbss - ok
14:02:11.0594 0x1264  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
14:02:11.0607 0x1264  rdpbus - ok
14:02:11.0632 0x1264  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
14:02:11.0651 0x1264  RDPDR - ok
14:02:11.0691 0x1264  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:02:11.0704 0x1264  RdpVideoMiniport - ok
14:02:11.0738 0x1264  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:02:11.0759 0x1264  rdyboost - ok
14:02:11.0818 0x1264  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
14:02:11.0863 0x1264  ReFS - ok
14:02:11.0911 0x1264  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:02:11.0930 0x1264  RemoteAccess - ok
14:02:11.0969 0x1264  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:02:11.0989 0x1264  RemoteRegistry - ok
14:02:12.0026 0x1264  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
14:02:12.0042 0x1264  RFCOMM - ok
14:02:12.0075 0x1264  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:02:12.0092 0x1264  RpcEptMapper - ok
14:02:12.0125 0x1264  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
14:02:12.0139 0x1264  RpcLocator - ok
14:02:12.0200 0x1264  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs          C:\Windows\system32\rpcss.dll
14:02:12.0241 0x1264  RpcSs - ok
14:02:12.0286 0x1264  [ 6A940599A059C6C9D6E54D7A3EF356B8, 3C3B7706197CD4A43369C639BB8F4A101EC0B159ABADA91373824B06615D4411 ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
14:02:12.0302 0x1264  RSP2STOR - ok
14:02:12.0335 0x1264  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:02:12.0354 0x1264  rspndr - ok
14:02:12.0447 0x1264  [ B85642BE0761159B63CFFC137384E17F, ACB04AC581EE475543AEA3003E3643DC2A007C4D3F1831C120F1D07BDAFF2FA4 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:02:12.0475 0x1264  RtkAudioService - ok
14:02:12.0513 0x1264  [ B41F597FD3AFC48B22ACF614AB5A5267, F1E55A7D185CFB02EE3B7592C2D7965EB133085FEB060F7E0B34FB3F3D5E72E5 ] RtkBtFilter    C:\Windows\system32\DRIVERS\RtkBtfilter.sys
14:02:12.0537 0x1264  RtkBtFilter - ok
14:02:12.0601 0x1264  [ 7CC0D898D00675F14BA0C4BF056C1CF4, E9203DD2A201AEF206C1A4177FD564DDFC8E7468DC268BD99389626A2C6593D3 ] RTL8168        C:\Windows\system32\DRIVERS\Rt630x64.sys
14:02:12.0636 0x1264  RTL8168 - ok
14:02:12.0787 0x1264  [ C59466B2D16EB041525C3ADBA6B981BE, BA5B8CA9FB4790BF143F9B31FB9A8950AB51F6A708E4BE0B9D8B0432EC745B85 ] RTWlanE        C:\Windows\system32\DRIVERS\rtwlane.sys
14:02:12.0901 0x1264  RTWlanE - ok
14:02:12.0938 0x1264  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
14:02:12.0952 0x1264  s3cap - ok
14:02:12.0992 0x1264  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs          C:\Windows\system32\lsass.exe
14:02:13.0007 0x1264  SamSs - ok
14:02:13.0031 0x1264  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:02:13.0047 0x1264  sbp2port - ok
14:02:13.0082 0x1264  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:02:13.0103 0x1264  SCardSvr - ok
14:02:13.0134 0x1264  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
14:02:13.0152 0x1264  ScDeviceEnum - ok
14:02:13.0189 0x1264  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:02:13.0202 0x1264  scfilter - ok
14:02:13.0281 0x1264  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
14:02:13.0333 0x1264  Schedule - ok
14:02:13.0379 0x1264  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:02:13.0398 0x1264  SCPolicySvc - ok
14:02:13.0439 0x1264  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus          C:\Windows\System32\drivers\sdbus.sys
14:02:13.0459 0x1264  sdbus - ok
14:02:13.0509 0x1264  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
14:02:13.0526 0x1264  sdstor - ok
14:02:13.0545 0x1264  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:02:13.0559 0x1264  secdrv - ok
14:02:13.0587 0x1264  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
14:02:13.0605 0x1264  seclogon - ok
14:02:13.0642 0x1264  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
14:02:13.0670 0x1264  SENS - ok
14:02:13.0730 0x1264  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:02:13.0758 0x1264  SensrSvc - ok
14:02:13.0871 0x1264  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
14:02:13.0888 0x1264  SerCx - ok
14:02:13.0899 0x1264  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
14:02:13.0920 0x1264  SerCx2 - ok
14:02:13.0930 0x1264  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
14:02:13.0947 0x1264  Serenum - ok
14:02:13.0964 0x1264  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
14:02:13.0980 0x1264  Serial - ok
14:02:14.0019 0x1264  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
14:02:14.0033 0x1264  sermouse - ok
14:02:14.0088 0x1264  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
14:02:14.0115 0x1264  SessionEnv - ok
14:02:14.0137 0x1264  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
14:02:14.0155 0x1264  sfloppy - ok
14:02:14.0199 0x1264  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:02:14.0231 0x1264  SharedAccess - ok
14:02:14.0290 0x1264  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:02:14.0326 0x1264  ShellHWDetection - ok
14:02:14.0335 0x1264  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:02:14.0351 0x1264  SiSRaid2 - ok
14:02:14.0367 0x1264  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:02:14.0384 0x1264  SiSRaid4 - ok
14:02:14.0414 0x1264  [ 32B3FB238A26267D358D7159B9171505, 692470C2F8B77A5342A72DA7E384DA762DBEEEFAC25301242E23C20427DB7440 ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
14:02:14.0425 0x1264  SmbDrv - ok
14:02:14.0448 0x1264  [ B71EF473D8B90A2C4DC76B03E382DEE6, 1224488EB9C23FAB78252A09ED2A986F5A8263EB6F236B33A54DB777426BF636 ] SmbDrvI        C:\Windows\System32\drivers\Smb_driver_Intel.sys
14:02:14.0458 0x1264  SmbDrvI - ok
14:02:14.0492 0x1264  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost        C:\Windows\System32\smphost.dll
14:02:14.0510 0x1264  smphost - ok
14:02:14.0555 0x1264  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:02:14.0572 0x1264  SNMPTRAP - ok
14:02:14.0620 0x1264  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport      C:\Windows\system32\drivers\spaceport.sys
14:02:14.0647 0x1264  spaceport - ok
14:02:14.0664 0x1264  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
14:02:14.0680 0x1264  SpbCx - ok
14:02:14.0739 0x1264  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler        C:\Windows\System32\spoolsv.exe
14:02:14.0783 0x1264  Spooler - ok
14:02:15.0050 0x1264  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
14:02:15.0318 0x1264  sppsvc - ok
14:02:15.0380 0x1264  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:02:15.0406 0x1264  srv - ok
14:02:15.0467 0x1264  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:02:15.0502 0x1264  srv2 - ok
14:02:15.0543 0x1264  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:02:15.0568 0x1264  srvnet - ok
14:02:15.0680 0x1264  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:02:15.0705 0x1264  SSDPSRV - ok
14:02:15.0743 0x1264  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
14:02:15.0755 0x1264  SSPORT - ok
14:02:15.0802 0x1264  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:02:15.0823 0x1264  SstpSvc - ok
14:02:15.0848 0x1264  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:02:15.0863 0x1264  stexstor - ok
14:02:15.0921 0x1264  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
14:02:15.0957 0x1264  stisvc - ok
14:02:15.0968 0x1264  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
14:02:15.0986 0x1264  storahci - ok
14:02:16.0012 0x1264  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
14:02:16.0027 0x1264  storflt - ok
14:02:16.0036 0x1264  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
14:02:16.0052 0x1264  stornvme - ok
14:02:16.0084 0x1264  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc        C:\Windows\system32\storsvc.dll
14:02:16.0102 0x1264  StorSvc - ok
14:02:16.0111 0x1264  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
14:02:16.0125 0x1264  storvsc - ok
14:02:16.0155 0x1264  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc          C:\Windows\system32\svsvc.dll
14:02:16.0172 0x1264  svsvc - ok
14:02:16.0211 0x1264  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
14:02:16.0224 0x1264  swenum - ok
14:02:16.0283 0x1264  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv          C:\Windows\System32\swprv.dll
14:02:16.0323 0x1264  swprv - ok
14:02:16.0375 0x1264  [ CDA92383EFB52846B7894280A559C330, 8ACE4212AD4ABD29B06950F8CABBDF1B4813A311FAE3C0A999E60E711FD236CC ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
14:02:16.0401 0x1264  SynTP - ok
14:02:16.0431 0x1264  [ EE9F01B61899A4576AC09EE7DD200A34, 6990E332CD11ABBB535535EC9079D87BBD4D0BE37119EBC5878A7320F2689F64 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
14:02:16.0447 0x1264  SynTPEnhService - ok
14:02:16.0525 0x1264  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain        C:\Windows\system32\sysmain.dll
14:02:16.0579 0x1264  SysMain - ok
14:02:16.0628 0x1264  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:02:16.0650 0x1264  SystemEventsBroker - ok
14:02:16.0687 0x1264  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:02:16.0707 0x1264  TabletInputService - ok
14:02:16.0753 0x1264  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:02:16.0780 0x1264  TapiSrv - ok
14:02:16.0908 0x1264  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:02:17.0013 0x1264  Tcpip - ok
14:02:17.0096 0x1264  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:02:17.0199 0x1264  TCPIP6 - ok
14:02:17.0242 0x1264  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:02:17.0258 0x1264  tcpipreg - ok
14:02:17.0300 0x1264  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:02:17.0320 0x1264  tdx - ok
14:02:17.0343 0x1264  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
14:02:17.0358 0x1264  terminpt - ok
14:02:17.0431 0x1264  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService    C:\Windows\System32\termsrv.dll
14:02:17.0477 0x1264  TermService - ok
14:02:17.0678 0x1264  [ 407DB52B50C8C8154FF114DCEC1FB73C, 2C9C3B9E16ADDB0A03D0FDE96C680980F7D2BFFF9DFCAC36C5977087436DF5F7 ] Texis Monitor  C:\SIMULIA\Documentation\monitor.exe
14:02:17.0821 0x1264  Texis Monitor - detected UnsignedFile.Multi.Generic ( 1 )
14:02:20.0482 0x1264  Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
14:02:22.0988 0x1264  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
14:02:23.0008 0x1264  Themes - ok
14:02:23.0047 0x1264  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER    C:\Windows\system32\mmcss.dll
14:02:23.0066 0x1264  THREADORDER - ok
14:02:23.0114 0x1264  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
14:02:23.0141 0x1264  TimeBroker - ok
14:02:23.0185 0x1264  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
14:02:23.0204 0x1264  TPM - ok
14:02:23.0270 0x1264  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
14:02:23.0290 0x1264  TrkWks - ok
14:02:23.0359 0x1264  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:02:23.0376 0x1264  TrustedInstaller - ok
14:02:23.0401 0x1264  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:02:23.0418 0x1264  TsUsbFlt - ok
14:02:23.0454 0x1264  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
14:02:23.0467 0x1264  TsUsbGD - ok
14:02:23.0502 0x1264  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:02:23.0523 0x1264  tunnel - ok
14:02:23.0532 0x1264  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:02:23.0546 0x1264  uagp35 - ok
14:02:23.0565 0x1264  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
14:02:23.0580 0x1264  UASPStor - ok
14:02:23.0609 0x1264  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
14:02:23.0628 0x1264  UCX01000 - ok
14:02:23.0668 0x1264  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:02:23.0695 0x1264  udfs - ok
14:02:23.0723 0x1264  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
14:02:23.0744 0x1264  UEFI - ok
14:02:23.0784 0x1264  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:02:23.0802 0x1264  UI0Detect - ok
14:02:23.0836 0x1264  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:02:23.0854 0x1264  uliagpkx - ok
14:02:23.0878 0x1264  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
14:02:23.0895 0x1264  umbus - ok
14:02:23.0903 0x1264  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
14:02:23.0917 0x1264  UmPass - ok
14:02:23.0960 0x1264  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:02:23.0985 0x1264  UmRdpService - ok
14:02:24.0035 0x1264  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
14:02:24.0065 0x1264  upnphost - ok
14:02:24.0108 0x1264  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
14:02:24.0133 0x1264  usbccgp - ok
14:02:24.0171 0x1264  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
14:02:24.0189 0x1264  usbcir - ok
14:02:24.0221 0x1264  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
14:02:24.0238 0x1264  usbehci - ok
14:02:24.0266 0x1264  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
14:02:24.0277 0x1264  usbfilter - ok
14:02:24.0332 0x1264  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
14:02:24.0361 0x1264  usbhub - ok
14:02:24.0416 0x1264  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
14:02:24.0449 0x1264  USBHUB3 - ok
14:02:24.0494 0x1264  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
14:02:24.0508 0x1264  usbohci - ok
14:02:24.0528 0x1264  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
14:02:24.0542 0x1264  usbprint - ok
14:02:24.0578 0x1264  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan        C:\Windows\System32\drivers\usbscan.sys
14:02:24.0592 0x1264  usbscan - ok
14:02:24.0634 0x1264  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
14:02:24.0651 0x1264  USBSTOR - ok
14:02:24.0694 0x1264  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
14:02:24.0707 0x1264  usbuhci - ok
14:02:24.0739 0x1264  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:02:24.0758 0x1264  usbvideo - ok
14:02:24.0815 0x1264  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
14:02:24.0838 0x1264  USBXHCI - ok
14:02:24.0852 0x1264  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
14:02:24.0866 0x1264  VaultSvc - ok
14:02:24.0899 0x1264  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:02:24.0912 0x1264  vdrvroot - ok
14:02:24.0983 0x1264  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds            C:\Windows\System32\vds.exe
14:02:25.0036 0x1264  vds - ok
14:02:25.0068 0x1264  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
14:02:25.0086 0x1264  VerifierExt - ok
14:02:25.0143 0x1264  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
14:02:25.0174 0x1264  vhdmp - ok
14:02:25.0206 0x1264  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:02:25.0219 0x1264  viaide - ok
14:02:25.0248 0x1264  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
14:02:25.0263 0x1264  vmbus - ok
14:02:25.0270 0x1264  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
14:02:25.0283 0x1264  VMBusHID - ok
14:02:25.0336 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
14:02:25.0368 0x1264  vmicguestinterface - ok
14:02:25.0389 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
14:02:25.0423 0x1264  vmicheartbeat - ok
14:02:25.0445 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:02:25.0478 0x1264  vmickvpexchange - ok
14:02:25.0499 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv        C:\Windows\System32\ICSvc.dll
14:02:25.0531 0x1264  vmicrdv - ok
14:02:25.0552 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
14:02:25.0584 0x1264  vmicshutdown - ok
14:02:25.0605 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
14:02:25.0635 0x1264  vmictimesync - ok
14:02:25.0655 0x1264  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss        C:\Windows\System32\ICSvc.dll
14:02:25.0686 0x1264  vmicvss - ok
14:02:25.0711 0x1264  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:02:25.0728 0x1264  volmgr - ok
14:02:25.0756 0x1264  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:02:25.0785 0x1264  volmgrx - ok
14:02:25.0830 0x1264  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:02:25.0853 0x1264  volsnap - ok
14:02:25.0873 0x1264  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
14:02:25.0888 0x1264  vpci - ok
14:02:25.0911 0x1264  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
14:02:25.0930 0x1264  vsmraid - ok
14:02:26.0007 0x1264  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS            C:\Windows\system32\vssvc.exe
14:02:26.0068 0x1264  VSS - ok
14:02:26.0089 0x1264  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
14:02:26.0114 0x1264  VSTXRAID - ok
14:02:26.0147 0x1264  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:02:26.0163 0x1264  vwifibus - ok
14:02:26.0193 0x1264  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:02:26.0210 0x1264  vwififlt - ok
14:02:26.0228 0x1264  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
14:02:26.0244 0x1264  vwifimp - ok
14:02:26.0300 0x1264  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time        C:\Windows\system32\w32time.dll
14:02:26.0327 0x1264  W32Time - ok
14:02:26.0372 0x1264  [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc        C:\Windows\system32\inetsrv\w3logsvc.dll
14:02:26.0388 0x1264  w3logsvc - ok
14:02:26.0414 0x1264  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
14:02:26.0428 0x1264  WacomPen - ok
14:02:26.0471 0x1264  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:02:26.0486 0x1264  Wanarp - ok
14:02:26.0492 0x1264  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:02:26.0507 0x1264  Wanarpv6 - ok
14:02:26.0555 0x1264  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:26.0584 0x1264  WAS - ok
14:02:26.0677 0x1264  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
14:02:26.0742 0x1264  wbengine - ok
14:02:26.0784 0x1264  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:02:26.0812 0x1264  WbioSrvc - ok
14:02:26.0870 0x1264  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
14:02:26.0898 0x1264  Wcmsvc - ok
14:02:26.0949 0x1264  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:02:26.0980 0x1264  wcncsvc - ok
14:02:27.0022 0x1264  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:02:27.0042 0x1264  WcsPlugInService - ok
14:02:27.0075 0x1264  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
14:02:27.0089 0x1264  WdBoot - ok
14:02:27.0143 0x1264  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:02:27.0180 0x1264  Wdf01000 - ok
14:02:27.0202 0x1264  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
14:02:27.0223 0x1264  WdFilter - ok
14:02:27.0259 0x1264  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:02:27.0278 0x1264  WdiServiceHost - ok
14:02:27.0284 0x1264  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:02:27.0309 0x1264  WdiSystemHost - ok
14:02:27.0330 0x1264  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
14:02:27.0345 0x1264  WdNisDrv - ok
14:02:27.0394 0x1264  WdNisSvc - ok
14:02:27.0432 0x1264  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient      C:\Windows\System32\webclnt.dll
14:02:27.0454 0x1264  WebClient - ok
14:02:27.0492 0x1264  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:02:27.0515 0x1264  Wecsvc - ok
14:02:27.0550 0x1264  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
14:02:27.0567 0x1264  WEPHOSTSVC - ok
14:02:27.0599 0x1264  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:02:27.0633 0x1264  wercplsupport - ok
14:02:27.0677 0x1264  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
14:02:27.0698 0x1264  WerSvc - ok
14:02:27.0753 0x1264  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
14:02:27.0770 0x1264  WFPLWFS - ok
14:02:27.0812 0x1264  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
14:02:27.0828 0x1264  WiaRpc - ok
14:02:27.0846 0x1264  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:02:27.0859 0x1264  WIMMount - ok
14:02:27.0863 0x1264  WinDefend - ok
14:02:27.0912 0x1264  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:02:27.0950 0x1264  WinHttpAutoProxySvc - ok
14:02:28.0031 0x1264  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:02:28.0051 0x1264  Winmgmt - ok
14:02:28.0172 0x1264  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM          C:\Windows\system32\WsmSvc.dll
14:02:28.0268 0x1264  WinRM - ok
14:02:28.0308 0x1264  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
14:02:28.0318 0x1264  WirelessButtonDriver - ok
14:02:28.0401 0x1264  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc        C:\Windows\System32\wlansvc.dll
14:02:28.0462 0x1264  WlanSvc - ok
14:02:28.0533 0x1264  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
14:02:28.0593 0x1264  wlidsvc - ok
14:02:28.0612 0x1264  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
14:02:28.0624 0x1264  WmiAcpi - ok
14:02:28.0665 0x1264  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:02:28.0684 0x1264  wmiApSrv - ok
14:02:28.0718 0x1264  WMPNetworkSvc - ok
14:02:28.0754 0x1264  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
14:02:28.0772 0x1264  Wof - ok
14:02:28.0866 0x1264  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
14:02:28.0929 0x1264  workfolderssvc - ok
14:02:28.0970 0x1264  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
14:02:28.0984 0x1264  wpcfltr - ok
14:02:29.0015 0x1264  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:02:29.0029 0x1264  WPCSvc - ok
14:02:29.0062 0x1264  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:02:29.0079 0x1264  WPDBusEnum - ok
14:02:29.0109 0x1264  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
14:02:29.0121 0x1264  WpdUpFltr - ok
14:02:29.0133 0x1264  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:02:29.0152 0x1264  ws2ifsl - ok
14:02:29.0192 0x1264  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:02:29.0210 0x1264  wscsvc - ok
14:02:29.0241 0x1264  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
14:02:29.0256 0x1264  WSDPrintDevice - ok
14:02:29.0286 0x1264  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
14:02:29.0299 0x1264  WSDScan - ok
14:02:29.0305 0x1264  WSearch - ok
14:02:29.0467 0x1264  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService      C:\Windows\System32\WSService.dll
14:02:29.0597 0x1264  WSService - ok
14:02:29.0758 0x1264  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:02:29.0873 0x1264  wuauserv - ok
14:02:29.0906 0x1264  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:02:29.0920 0x1264  WudfPf - ok
14:02:29.0962 0x1264  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
14:02:29.0981 0x1264  WUDFRd - ok
14:02:30.0011 0x1264  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:02:30.0029 0x1264  wudfsvc - ok
14:02:30.0041 0x1264  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs      C:\Windows\System32\drivers\WUDFRd.sys
14:02:30.0061 0x1264  WUDFWpdFs - ok
14:02:30.0116 0x1264  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc        C:\Windows\System32\wwansvc.dll
14:02:30.0150 0x1264  WwanSvc - ok
14:02:30.0179 0x1264  ================ Scan global ===============================
14:02:30.0200 0x1264  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
14:02:30.0238 0x1264  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
14:02:30.0280 0x1264  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
14:02:30.0329 0x1264  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
14:02:30.0339 0x1264  [ Global ] - ok
14:02:30.0340 0x1264  ================ Scan MBR ==================================
14:02:30.0350 0x1264  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:02:30.0416 0x1264  \Device\Harddisk0\DR0 - ok
14:02:30.0416 0x1264  ================ Scan VBR ==================================
14:02:30.0446 0x1264  [ 0B66C5BEDCF7488B9D8C785D583165B6 ] \Device\Harddisk0\DR0\Partition1
14:02:30.0503 0x1264  \Device\Harddisk0\DR0\Partition1 - ok
14:02:30.0542 0x1264  [ 3A356FF4EEBE6E010359623E9552753F ] \Device\Harddisk0\DR0\Partition2
14:02:30.0589 0x1264  \Device\Harddisk0\DR0\Partition2 - ok
14:02:30.0604 0x1264  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:02:30.0605 0x1264  \Device\Harddisk0\DR0\Partition3 - ok
14:02:30.0622 0x1264  [ 368951780A21C662279438FDF55E658B ] \Device\Harddisk0\DR0\Partition4
14:02:30.0695 0x1264  \Device\Harddisk0\DR0\Partition4 - ok
14:02:30.0726 0x1264  [ C2B7C327F88704D1072916659161C72A ] \Device\Harddisk0\DR0\Partition5
14:02:30.0740 0x1264  \Device\Harddisk0\DR0\Partition5 - ok
14:02:30.0741 0x1264  ================ Scan generic autorun ======================
14:02:31.0055 0x1264  [ 82311E6BB2DFE95068B612DAE1A45CD1, 21962178AF6439B64C162EF71D6F7100B5D4CAA24053E74E85EB4FA334CA6B32 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:02:31.0266 0x1264  RTHDVCPL - ok
14:02:31.0281 0x1264  SynTPEnh - ok
14:02:31.0420 0x1264  [ 1E41BAC800ABEF1DA2C42EB843D0077D, FBD05FF7442E4880183E736E1D000011FD791EDDED796AC8234CF4D4A6905636 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
14:02:31.0452 0x1264  StartCCC - ok
14:02:31.0669 0x1264  [ 2660AE6DE6B4C4EC647BE75A06D3DDD1, 71A5D504ED44E7DB8DFA0722BAAF3B41FF86ACBE0CEA285BDDA28C5836FB267C ] C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
14:02:31.0745 0x1264  JunosPulse - ok
14:02:31.0788 0x1264  [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
14:02:31.0804 0x1264  PDFPrint - ok
14:02:31.0850 0x1264  [ 36EC32B20A18849D60BDCE57C3952E95, DEEA94E4671FF43408435B487E3F127CD91FC4AD38FB636959A8B78D74726E7D ] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
14:02:31.0887 0x1264  Samsung PanelMgr - detected UnsignedFile.Multi.Generic ( 1 )
14:02:34.0341 0x1264  Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0888 0x1264  [ FCD1C5EAA34FDBEDC87022F2F4FE9C80, 988A4FCB6A6FF58FDECAC3CC92463947D97B5BEDA411FC8167A08FE8AF82277D ] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe
14:02:36.0915 0x1264  3170 Scan2PC - detected UnsignedFile.Multi.Generic ( 1 )
14:02:39.0474 0x1264  Detect skipped due to KSN trusted
14:02:39.0474 0x1264  3170 Scan2PC - ok
14:02:39.0586 0x1264  [ FD8635F0976F6538C43CD306AF4A3BE5, 6108A2B39DEF7947317F2BEC881153939A1122391AEEE85356C3915AF2FFE9AC ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
14:02:39.0610 0x1264  AccelerometerSysTrayApplet - ok
14:02:39.0709 0x1264  [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
14:02:39.0744 0x1264  avgnt - ok
14:02:39.0822 0x1264  [ 535833DA47D695208FC65591385FE1F6, 781D81F492A16EC5BB96C1C82C56DCEDA6FF79943D81D6292C152C1D6B3F95CF ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
14:02:39.0842 0x1264  HPMessageService - ok
14:02:39.0883 0x1264  [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
14:02:39.0899 0x1264  Avira Systray - ok
14:02:39.0998 0x1264  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:02:40.0034 0x1264  Adobe ARM - ok
14:02:40.0452 0x1264  [ BB441F69C310FC218DED7946CDB23064, 90C5BDF2A9D8F4BF686EAEAFA940127D2E54DADC5F3D6F5419D0D991CB853461 ] C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
14:02:40.0865 0x1264  Pokki - ok
14:02:41.0072 0x1264  [ 4D59BEBF01FED98C8E7F2A5DC1F9F442, 280CE34123287161D1AED05C8406507E8723552D6825301ECC46BB3C8AB7D0D9 ] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
14:02:41.0128 0x1264  Power2GoExpress8 - ok
14:02:41.0186 0x1264  [ 4CD8FAEAE28BC807955245F3950AB299, 3B372FEF66170D4C8ADE9A759E4ED3FBA60F932B06CF3DCAB61499C9198B0414 ] C:\Program Files (x86)\MP4 Player\mp4Player.exe
14:02:41.0220 0x1264  MP4 Player - detected UnsignedFile.Multi.Generic ( 1 )
14:02:43.0695 0x1264  Detect skipped due to KSN trusted
14:02:43.0695 0x1264  MP4 Player - ok
14:02:43.0698 0x1264  Waiting for KSN requests completion. In queue: 7
14:02:44.0698 0x1264  Waiting for KSN requests completion. In queue: 7
14:02:45.0699 0x1264  Waiting for KSN requests completion. In queue: 7
14:02:46.0725 0x1264  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:02:46.0821 0x1264  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
14:02:46.0826 0x1264  Win FW state via NFP2: enabled
14:02:49.0282 0x1264  ============================================================
14:02:49.0282 0x1264  Scan finished
14:02:49.0282 0x1264  ============================================================
14:02:49.0306 0x22c8  Detected object count: 2
14:02:49.0306 0x22c8  Actual detected object count: 2
14:03:21.0369 0x22c8  Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:21.0369 0x22c8  Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:21.0369 0x22c8  Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:21.0370 0x22c8  Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

rootofallevi 24.05.2015 13:17
Die Logs vom letzten Laptop (Laptop 3) auch hier gibts funde in tdss
Laptop3 FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by S**** (administrator) on S****-PC on 24-05-2015 13:53:12
Running from C:\S******\Desktop
Loaded Profiles: S**** (Available Profiles: S****)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(NVIDIA Corporation) C:\Windows\SysWOW64\nvSCPAPISvr.exe
(Expansion Programs International, Inc.) C:\Program Files\Abaqus\Documentation\monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Expansion Programs International, Inc.) C:\Program Files\Abaqus\Documentation\monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dropbox, Inc.) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-11] (Microsoft Corporation)
Startup: C:\Users\S****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\searchplugins\avira-safesearch.xml [2014-05-10]
FF Extension: Avira Browser Safety - C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: Adblock Plus - C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Stereo Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [239720 2009-10-17] (NVIDIA Corporation)
R2 Texis Monitor; C:\Program Files\Abaqus\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-04] (Samsung Electronics Co., Ltd.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:53 - 2015-05-24 13:53 - 00000000 ____D () C:\FRST
2015-05-24 13:28 - 2015-05-24 13:28 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-23 16:15 - 2015-05-24 13:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 16:15 - 2015-05-23 16:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-23 15:52 - 2015-05-23 16:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-17 20:33 - 2015-05-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 22:45 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:45 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:08 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:08 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:08 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:08 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:08 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:08 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:08 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:08 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:08 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:08 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:08 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:08 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:08 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:08 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:08 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:08 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:08 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:08 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:08 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:08 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:08 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:08 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:08 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:08 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:08 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:08 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:08 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:08 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:08 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:08 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:08 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:08 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:08 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:08 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:08 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:08 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:08 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:08 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:08 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:08 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:08 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:08 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:08 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:08 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:08 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:08 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:08 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:08 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:08 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:08 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:08 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:08 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:08 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:08 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:08 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:08 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:08 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:08 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:08 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:08 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:36 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:36 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:36 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:36 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:31 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:31 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:31 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:28 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:28 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:28 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:28 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:28 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:28 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:28 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:28 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:28 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:28 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:28 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:28 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:28 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:28 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:28 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:50 - 2014-08-01 20:11 - 00000000 ____D () C:\Users\S****\AppData\Roaming\DVDVideoSoft
2015-05-24 13:47 - 2014-01-14 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 13:27 - 2014-01-22 18:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-24 13:27 - 2014-01-22 18:18 - 00000000 ____D () C:\MSOCache
2015-05-24 13:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 13:26 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-24 13:23 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2015-05-24 13:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-24 13:15 - 2014-01-14 18:01 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-05-24 12:56 - 2014-01-10 16:16 - 01264726 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 11:59 - 2009-07-14 06:45 - 00027872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:59 - 2009-07-14 06:45 - 00027872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:52 - 2014-01-12 00:35 - 00000000 ____D () C:\Users\S****\AppData\Roaming\Dropbox
2015-05-24 11:50 - 2014-01-14 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 11:50 - 2014-01-10 21:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 11:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 11:50 - 2009-07-14 06:51 - 00064203 _____ () C:\Windows\setupact.log
2015-05-23 16:27 - 2014-01-10 21:28 - 00000000 ____D () C:\Users\S*****\AppData\Local\Adobe
2015-05-23 16:15 - 2014-01-10 21:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-23 16:15 - 2014-01-10 21:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 15:53 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 15:53 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 15:53 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 20:42 - 2014-01-14 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 20:42 - 2014-01-14 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 23:14 - 2015-04-05 21:32 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-19 23:14 - 2015-04-05 21:32 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 20:47 - 2014-02-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 20:43 - 2014-02-21 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-19 20:43 - 2014-02-21 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-18 20:06 - 2014-01-10 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-13 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 21:49 - 2009-07-14 06:45 - 00448264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 21:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 21:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 21:44 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-12 22:54 - 2014-01-10 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 22:49 - 2014-01-10 21:51 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:45 - 2015-01-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:44 - 2015-01-20 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 22:44 - 2015-01-20 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 20:50 - 2014-01-11 14:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-09 10:22 - 2014-01-12 00:36 - 00000000 ____D () C:\Users\S*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-06-16 12:12 - 2015-01-13 22:23 - 0011333 _____ () C:\Users\S****\AppData\Roaming\SmarThruOptions.xml
2014-07-07 21:17 - 2014-07-07 21:17 - 0003584 _____ () C:\Users\S****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 00:40 - 2014-11-23 00:40 - 0007600 _____ () C:\Users\S****\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\S****\AppData\Local\Temp\avgnt.exe
C:\Users\S****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_fymo.dll
C:\Users\S****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\S****\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\S****\AppData\Local\Temp\LMkRstPt.exe
C:\Users\S****\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\S****\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-19 22:14

==================== End of log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by S**** at 2015-05-24 13:55:08
Running from C:\S****\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1182937863-3971946200-2950405193-500 - Administrator - Disabled)
Gast (S-1-5-21-1182937863-3971946200-2950405193-501 - Limited - Disabled)
S**** (S-1-5-21-1182937863-3971946200-2950405193-1000 - Administrator - Enabled) => C:\Users\S****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CES EduPack 2014 (HKLM-x32\...\{60A532BD-A3EF-4360-A146-CF7C13133E85}) (Version: 1.1.0.0 - Granta Design Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}) (Version: 13.0.089 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{791FF357-3DE8-485E-BD59-41844BB16415}) (Version: 13.0.089 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.4.31475 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Maple 17 (HKLM\...\Maple 17) (Version: 17.0.0.0 - Maplesoft)
Maple 17 (HKLM-x32\...\Maple 17) (Version:  - Maplesoft)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.8771 - NVIDIA Corporation)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5932 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung SCX-4300 Series (HKLM-x32\...\Samsung SCX-4300 Series) (Version:  - Samsung Electronics CO.,LTD)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.9.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-05-2015 20:16:36 Geplanter Prüfpunkt
12-05-2015 22:43:02 Windows Update
19-05-2015 23:14:08 Windows Update
23-05-2015 16:02:07 Prüfpunkt von HitmanPro
23-05-2015 16:03:34 Prüfpunkt von HitmanPro
23-05-2015 16:04:05 Prüfpunkt von HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09D94382-2EE8-497F-87CE-DAB68AB08293} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {5EFCCEAB-C349-4D19-A39F-5411E3F7D67A} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {64AD3445-A02E-42E4-844C-FE7CEC0047AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B6195368-0099-41EA-90C0-E137400B339D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {D89ADBDD-9F52-4A50-BB98-BE0B02536084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {DD61792C-15C5-41DB-BCE2-1D90B413B07D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {EEA5217F-072E-400A-9DBF-8357D01E3951} - System32\Tasks\{01206BF3-6AF6-4F58-A92B-9954BD11B150} => pcalua.exe -a "C:\Program Files\Abaqus\SIMULIA_Abaqus_6.13_SP5__6.13-5_.SIM_Abaqus.media.4-4\SIM_Abaqus.media\1\setup.exe" -d "C:\Program Files\Abaqus\SIMULIA_Abaqus_6.13_SP5__6.13-5_.SIM_Abaqus.media.4-4\SIM_Abaqus.media\1"
Task: {F70008CA-E827-411C-8F80-5F63C151F534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============

2009-08-14 12:16 - 2009-08-14 12:16 - 00022016 _____ () C:\Windows\System32\sse1ml6.dll
2015-05-24 11:51 - 2015-05-24 11:51 - 00043008 _____ () c:\users\s****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_fymo.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\S****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5E04E8D3-2073-468E-8507-AC3A7B3885BA}] => (Allow) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3C0CBB58-F923-4A2E-A02D-0284F28FD055}] => (Allow) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7B4ABE3B-3AF1-4C14-815A-51EC6488DC6B}C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1339E3FA-5106-404B-9440-5BEC22EC6DCB}C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5F35D732-3E1B-4FA0-B70A-6B695CBD2014}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1121FE43-39EB-46EB-A184-1217213C5D3A}] => (Allow) LPort=2869
FirewallRules: [{DE06834D-511F-44BD-8753-E932D466E9E9}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{832742CF-512B-409B-ACBC-EA65185C04A9}C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe] => (Allow) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [UDP Query User{A088E701-C7D6-4B02-BBDB-04E6329673C9}C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe] => (Allow) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [{F2674B45-0338-4D95-9CB9-CCDC06A27073}] => (Block) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [{A9480B27-71F6-4469-9A1E-13913256B056}] => (Block) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [TCP Query User{E8E2D7C4-C091-448C-AA6C-AC8BD866F88C}C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe
FirewallRules: [UDP Query User{B752ACE1-41D6-4980-9DB4-B5231874A3A9}C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe
FirewallRules: [TCP Query User{F6580899-1E68-4BE2-934F-5AEBFE13A928}C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{8DF765B6-5996-4648-8018-DDEFADBD7461}C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{44C01D78-DCB4-4804-9943-FF9D16D57EA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F3535FC-4194-4F69-AA37-A40D07218B72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000360,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000315EAF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b50,(null),0,REG_BINARY,000000000609E150.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Generatorname: MSSearch Service Writer
  Generatorinstanz-ID: {2aba8475-ffae-4ea1-9496-ebf1471e7de7}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b50,(null),0,REG_BINARY,000000000609E150.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Generatorname: MSSearch Service Writer
  Generatorinstanz-ID: {2aba8475-ffae-4ea1-9496-ebf1471e7de7}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,00000000151BDEA0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f32ba69c-0457-4ccb-966e-d76edb5bc184}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000005b0,(null),0,REG_BINARY,000000000159DF20.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {9f789c6f-6180-4e45-9827-4caa835ef646}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,00000000151BDEA0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {f32ba69c-0457-4ccb-966e-d76edb5bc184}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000005b0,(null),0,REG_BINARY,000000000159DF20.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Generatorname: WMI Writer
  Generatorinstanz-ID: {9f789c6f-6180-4e45-9827-4caa835ef646}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001e8,(null),0,REG_BINARY,000000000275EE00.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
  Generatorname: Shadow Copy Optimization Writer
  Generatorinstanz-ID: {077428c9-72e3-45c9-bac9-9169c00f52d8}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001a0,(null),0,REG_BINARY,00000000027DF280.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
  Generatorname: COM+ REGDB Writer
  Generatorinstanz-ID: {ae17e266-e7fa-4d96-8906-22809c699b2a}

Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000190,(null),0,REG_BINARY,00000000025DECF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  BackupShutdown-Ereignis

Kontext:
  Ausführungskontext: Writer
  Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
  Generatorname: Registry Writer
  Generatorinstanz-ID: {104e7af8-c8b2-4baa-b280-3d6b379cc740}


System errors:
=============
Error: (05/24/2015 11:50:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (05/23/2015 04:53:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 04:43:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 04:33:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 04:23:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 04:15:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 04:13:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/23/2015 03:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (05/21/2015 06:01:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (05/20/2015 08:34:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 4060.93 MB
Available physical RAM: 2249.98 MB
Total Pagefile: 8120.07 MB
Available Pagefile: 6211.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368.1 GB) (Free:151.21 GB) NTFS
Drive d: () (Fixed) (Total:97.56 GB) (Free:97.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 617A8EF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of log ============================

rootofallevi 24.05.2015 14:19
die funde in tdss auf Laptop3
Code:
14:09:15.0474 0x0c9c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:09:19.0936 0x0c9c  ============================================================
14:09:19.0936 0x0c9c  Current date / time: 2015/05/24 14:09:19.0936
14:09:19.0936 0x0c9c  SystemInfo:
14:09:19.0936 0x0c9c 
14:09:19.0936 0x0c9c  OS Version: 6.1.7601 ServicePack: 1.0
14:09:19.0936 0x0c9c  Product type: Workstation
14:09:19.0936 0x0c9c  ComputerName: S****-PC
14:09:19.0936 0x0c9c  UserName: S****
14:09:19.0936 0x0c9c  Windows directory: C:\Windows
14:09:19.0936 0x0c9c  System windows directory: C:\Windows
14:09:19.0936 0x0c9c  Running under WOW64
14:09:19.0936 0x0c9c  Processor architecture: Intel x64
14:09:19.0936 0x0c9c  Number of processors: 2
14:09:19.0936 0x0c9c  Page size: 0x1000
14:09:19.0936 0x0c9c  Boot type: Normal boot
14:09:19.0936 0x0c9c  ============================================================
14:09:21.0184 0x0c9c  KLMD registered as C:\Windows\system32\drivers\32638106.sys
14:09:21.0542 0x0c9c  System UUID: {E0F7DCD2-8447-858F-B052-D4414522B707}
14:09:22.0572 0x0c9c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:22.0588 0x0c9c  ============================================================
14:09:22.0588 0x0c9c  \Device\Harddisk0\DR0:
14:09:22.0588 0x0c9c  MBR partitions:
14:09:22.0588 0x0c9c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:22.0588 0x0c9c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
14:09:22.0588 0x0c9c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
14:09:22.0588 0x0c9c  ============================================================
14:09:22.0681 0x0c9c  C: <-> \Device\Harddisk0\DR0\Partition3
14:09:22.0728 0x0c9c  D: <-> \Device\Harddisk0\DR0\Partition2
14:09:22.0728 0x0c9c  ============================================================
14:09:22.0728 0x0c9c  Initialize success
14:09:22.0728 0x0c9c  ============================================================
14:09:28.0219 0x080c  ============================================================
14:09:28.0219 0x080c  Scan started
14:09:28.0219 0x080c  Mode: Manual; SigCheck; TDLFS;
14:09:28.0219 0x080c  ============================================================
14:09:28.0219 0x080c  KSN ping started
14:09:31.0199 0x080c  KSN ping finished: true
14:09:32.0275 0x080c  ================ Scan system memory ========================
14:09:32.0275 0x080c  System memory - ok
14:09:32.0275 0x080c  ================ Scan services =============================
14:09:32.0728 0x080c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:09:32.0821 0x080c  1394ohci - ok
14:09:32.0930 0x080c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:09:32.0962 0x080c  ACPI - ok
14:09:33.0040 0x080c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
14:09:33.0071 0x080c  AcpiPmi - ok
14:09:33.0227 0x080c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:33.0274 0x080c  AdobeARMservice - ok
14:09:33.0383 0x080c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:33.0414 0x080c  adp94xx - ok
14:09:33.0492 0x080c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
14:09:33.0508 0x080c  adpahci - ok
14:09:33.0617 0x080c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
14:09:33.0648 0x080c  adpu320 - ok
14:09:33.0710 0x080c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:09:33.0788 0x080c  AeLookupSvc - ok
14:09:33.0913 0x080c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
14:09:33.0944 0x080c  AFD - ok
14:09:34.0069 0x080c  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
14:09:34.0116 0x080c  AgereSoftModem - ok
14:09:34.0194 0x080c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:09:34.0210 0x080c  agp440 - ok
14:09:34.0241 0x080c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
14:09:34.0256 0x080c  ALG - ok
14:09:34.0319 0x080c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:09:34.0366 0x080c  aliide - ok
14:09:34.0381 0x080c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:09:34.0397 0x080c  amdide - ok
14:09:34.0428 0x080c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
14:09:34.0444 0x080c  AmdK8 - ok
14:09:34.0459 0x080c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:09:34.0475 0x080c  AmdPPM - ok
14:09:34.0522 0x080c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
14:09:34.0568 0x080c  amdsata - ok
14:09:34.0678 0x080c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:34.0724 0x080c  amdsbs - ok
14:09:34.0771 0x080c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
14:09:34.0802 0x080c  amdxata - ok
14:09:34.0958 0x080c  [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
14:09:35.0021 0x080c  AntiVirMailService - ok
14:09:35.0099 0x080c  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:09:35.0130 0x080c  AntiVirSchedulerService - ok
14:09:35.0192 0x080c  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:09:35.0208 0x080c  AntiVirService - ok
14:09:35.0317 0x080c  [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
14:09:35.0364 0x080c  AntiVirWebService - ok
14:09:35.0442 0x080c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID          C:\Windows\system32\drivers\appid.sys
14:09:35.0473 0x080c  AppID - ok
14:09:35.0520 0x080c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:09:35.0551 0x080c  AppIDSvc - ok
14:09:35.0614 0x080c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
14:09:35.0629 0x080c  Appinfo - ok
14:09:35.0692 0x080c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt        C:\Windows\System32\appmgmts.dll
14:09:35.0707 0x080c  AppMgmt - ok
14:09:35.0816 0x080c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\DRIVERS\arc.sys
14:09:35.0848 0x080c  arc - ok
14:09:35.0879 0x080c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:09:35.0894 0x080c  arcsas - ok
14:09:36.0316 0x080c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:36.0347 0x080c  aspnet_state - ok
14:09:36.0409 0x080c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:36.0472 0x080c  AsyncMac - ok
14:09:36.0518 0x080c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
14:09:36.0550 0x080c  atapi - ok
14:09:36.0643 0x080c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:36.0674 0x080c  AudioEndpointBuilder - ok
14:09:36.0752 0x080c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:09:36.0784 0x080c  AudioSrv - ok
14:09:36.0877 0x080c  [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:09:36.0924 0x080c  avgntflt - ok
14:09:37.0002 0x080c  [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:09:37.0033 0x080c  avipbb - ok
14:09:37.0236 0x080c  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:09:37.0267 0x080c  Avira.OE.ServiceHost - ok
14:09:37.0314 0x080c  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:09:37.0330 0x080c  avkmgr - ok
14:09:37.0408 0x080c  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
14:09:37.0423 0x080c  avnetflt - ok
14:09:37.0486 0x080c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:09:37.0532 0x080c  AxInstSV - ok
14:09:37.0610 0x080c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:37.0657 0x080c  b06bdrv - ok
14:09:37.0704 0x080c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:37.0720 0x080c  b57nd60a - ok
14:09:37.0844 0x080c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:09:37.0860 0x080c  BDESVC - ok
14:09:37.0876 0x080c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:09:37.0922 0x080c  Beep - ok
14:09:38.0016 0x080c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
14:09:38.0078 0x080c  BFE - ok
14:09:38.0172 0x080c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:09:38.0234 0x080c  BITS - ok
14:09:38.0266 0x080c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:38.0281 0x080c  blbdrive - ok
14:09:38.0344 0x080c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:09:38.0375 0x080c  bowser - ok
14:09:38.0422 0x080c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:38.0453 0x080c  BrFiltLo - ok
14:09:38.0468 0x080c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:38.0484 0x080c  BrFiltUp - ok
14:09:38.0515 0x080c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
14:09:38.0531 0x080c  Browser - ok
14:09:38.0609 0x080c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
14:09:38.0640 0x080c  Brserid - ok
14:09:38.0656 0x080c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:38.0687 0x080c  BrSerWdm - ok
14:09:38.0718 0x080c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:38.0734 0x080c  BrUsbMdm - ok
14:09:38.0749 0x080c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:38.0765 0x080c  BrUsbSer - ok
14:09:38.0843 0x080c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
14:09:38.0890 0x080c  BthEnum - ok
14:09:38.0921 0x080c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:38.0952 0x080c  BTHMODEM - ok
14:09:38.0983 0x080c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:09:39.0014 0x080c  BthPan - ok
14:09:39.0092 0x080c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
14:09:39.0124 0x080c  BTHPORT - ok
14:09:39.0170 0x080c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
14:09:39.0217 0x080c  bthserv - ok
14:09:39.0248 0x080c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:09:39.0264 0x080c  BTHUSB - ok
14:09:39.0295 0x080c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:09:39.0358 0x080c  cdfs - ok
14:09:39.0436 0x080c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\drivers\cdrom.sys
14:09:39.0498 0x080c  cdrom - ok
14:09:39.0592 0x080c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
14:09:39.0670 0x080c  CertPropSvc - ok
14:09:39.0732 0x080c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:09:39.0748 0x080c  circlass - ok
14:09:39.0826 0x080c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
14:09:39.0857 0x080c  CLFS - ok
14:09:40.0013 0x080c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:40.0060 0x080c  clr_optimization_v2.0.50727_32 - ok
14:09:40.0216 0x080c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:40.0247 0x080c  clr_optimization_v2.0.50727_64 - ok
14:09:40.0356 0x080c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:40.0387 0x080c  clr_optimization_v4.0.30319_32 - ok
14:09:40.0465 0x080c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:40.0481 0x080c  clr_optimization_v4.0.30319_64 - ok
14:09:40.0512 0x080c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:40.0528 0x080c  CmBatt - ok
14:09:40.0559 0x080c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:09:40.0590 0x080c  cmdide - ok
14:09:40.0730 0x080c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG            C:\Windows\system32\Drivers\cng.sys
14:09:40.0793 0x080c  CNG - ok
14:09:40.0824 0x080c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:09:40.0840 0x080c  Compbatt - ok
14:09:40.0886 0x080c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:09:40.0902 0x080c  CompositeBus - ok
14:09:40.0933 0x080c  COMSysApp - ok
14:09:40.0949 0x080c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:40.0964 0x080c  crcdisk - ok
14:09:41.0027 0x080c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:09:41.0042 0x080c  CryptSvc - ok
14:09:41.0136 0x080c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC            C:\Windows\system32\drivers\csc.sys
14:09:41.0183 0x080c  CSC - ok
14:09:41.0354 0x080c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:09:41.0386 0x080c  CscService - ok
14:09:41.0495 0x080c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:09:41.0557 0x080c  DcomLaunch - ok
14:09:41.0604 0x080c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
14:09:41.0651 0x080c  defragsvc - ok
14:09:41.0729 0x080c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:09:41.0776 0x080c  DfsC - ok
14:09:41.0854 0x080c  [ 2D589A2C024B2FB238535DB9F7B3597D, 1EB47F73BC890D67A50C72E30BFE139AA1747C88E2FA8029A7382B203C37B512 ] DgiVecp        C:\Windows\system32\Drivers\DgiVecp.sys
14:09:41.0885 0x080c  DgiVecp - ok
14:09:41.0947 0x080c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:09:41.0963 0x080c  dg_ssudbus - ok
14:09:42.0072 0x080c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:09:42.0119 0x080c  Dhcp - ok
14:09:42.0290 0x080c  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack      C:\Windows\system32\diagtrack.dll
14:09:42.0337 0x080c  DiagTrack - ok
14:09:42.0384 0x080c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:09:42.0415 0x080c  discache - ok
14:09:42.0524 0x080c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:09:42.0556 0x080c  Disk - ok
14:09:42.0587 0x080c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:09:42.0618 0x080c  Dnscache - ok
14:09:42.0665 0x080c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:09:42.0712 0x080c  dot3svc - ok
14:09:42.0790 0x080c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
14:09:42.0852 0x080c  DPS - ok
14:09:42.0930 0x080c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:09:42.0992 0x080c  drmkaud - ok
14:09:43.0055 0x080c  [ F2D97A85F4F6E0942BC17C4EECEEE6B7, 3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
14:09:43.0102 0x080c  dsNcAdpt - ok
14:09:43.0180 0x080c  [ 79E0BEAEAF69C24C25928E5CD7416518, AB89046F84A1CB3F2EEE98FD029E8256B7C6079BAB904D13051F6FF1802C13AC ] dsNcService    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
14:09:43.0289 0x080c  dsNcService - ok
14:09:43.0570 0x080c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:09:43.0663 0x080c  DXGKrnl - ok
14:09:43.0726 0x080c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
14:09:43.0772 0x080c  EapHost - ok
14:09:44.0225 0x080c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
14:09:44.0428 0x080c  ebdrv - ok
14:09:44.0490 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS            C:\Windows\System32\lsass.exe
14:09:44.0537 0x080c  EFS - ok
14:09:44.0771 0x080c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
14:09:44.0849 0x080c  ehRecvr - ok
14:09:44.0911 0x080c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
14:09:44.0942 0x080c  ehSched - ok
14:09:45.0036 0x080c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
14:09:45.0083 0x080c  elxstor - ok
14:09:45.0130 0x080c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:09:45.0161 0x080c  ErrDev - ok
14:09:45.0223 0x080c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
14:09:45.0286 0x080c  EventSystem - ok
14:09:45.0317 0x080c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
14:09:45.0364 0x080c  exfat - ok
14:09:45.0395 0x080c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:09:45.0442 0x080c  fastfat - ok
14:09:45.0566 0x080c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
14:09:45.0707 0x080c  Fax - ok
14:09:45.0894 0x080c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
14:09:45.0925 0x080c  fdc - ok
14:09:45.0988 0x080c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
14:09:46.0050 0x080c  fdPHost - ok
14:09:46.0097 0x080c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:09:46.0144 0x080c  FDResPub - ok
14:09:46.0175 0x080c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:09:46.0190 0x080c  FileInfo - ok
14:09:46.0222 0x080c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:09:46.0284 0x080c  Filetrace - ok
14:09:46.0346 0x080c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:46.0362 0x080c  flpydisk - ok
14:09:46.0456 0x080c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:09:46.0502 0x080c  FltMgr - ok
14:09:46.0643 0x080c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache      C:\Windows\system32\FntCache.dll
14:09:46.0736 0x080c  FontCache - ok
14:09:46.0814 0x080c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:46.0830 0x080c  FontCache3.0.0.0 - ok
14:09:46.0861 0x080c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
14:09:46.0877 0x080c  FsDepends - ok
14:09:46.0908 0x080c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:09:46.0924 0x080c  Fs_Rec - ok
14:09:46.0986 0x080c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:09:47.0033 0x080c  fvevol - ok
14:09:47.0064 0x080c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:47.0080 0x080c  gagp30kx - ok
14:09:47.0173 0x080c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
14:09:47.0314 0x080c  gpsvc - ok
14:09:47.0532 0x080c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:47.0563 0x080c  gupdate - ok
14:09:47.0610 0x080c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:47.0641 0x080c  gupdatem - ok
14:09:47.0688 0x080c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:09:47.0704 0x080c  hcw85cir - ok
14:09:47.0766 0x080c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:47.0797 0x080c  HdAudAddService - ok
14:09:47.0828 0x080c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:09:47.0844 0x080c  HDAudBus - ok
14:09:47.0906 0x080c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:47.0938 0x080c  HidBatt - ok
14:09:47.0969 0x080c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:09:47.0984 0x080c  HidBth - ok
14:09:48.0047 0x080c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
14:09:48.0078 0x080c  HidIr - ok
14:09:48.0125 0x080c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\system32\hidserv.dll
14:09:48.0187 0x080c  hidserv - ok
14:09:48.0281 0x080c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:09:48.0343 0x080c  HidUsb - ok
14:09:48.0406 0x080c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:09:48.0452 0x080c  hkmsvc - ok
14:09:48.0515 0x080c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:48.0546 0x080c  HomeGroupListener - ok
14:09:48.0624 0x080c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:48.0686 0x080c  HomeGroupProvider - ok
14:09:48.0764 0x080c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:09:48.0811 0x080c  HpSAMD - ok
14:09:48.0920 0x080c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:09:49.0092 0x080c  HTTP - ok
14:09:49.0139 0x080c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:09:49.0154 0x080c  hwpolicy - ok
14:09:49.0217 0x080c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:09:49.0264 0x080c  i8042prt - ok
14:09:49.0404 0x080c  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:09:49.0451 0x080c  IAANTMON - ok
14:09:49.0482 0x080c  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:09:49.0513 0x080c  iaStor - ok
14:09:49.0576 0x080c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
14:09:49.0591 0x080c  iaStorV - ok
14:09:49.0794 0x080c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:49.0888 0x080c  idsvc - ok
14:09:49.0934 0x080c  IEEtwCollectorService - ok
14:09:49.0966 0x080c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
14:09:49.0981 0x080c  iirsp - ok
14:09:50.0075 0x080c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:09:50.0168 0x080c  IKEEXT - ok
14:09:50.0324 0x080c  [ 430AAB6C09AF99D5BEB311795349E9DD, 5B4502BB9202B2DC59731BC4777755D770C380840B266C351940905DDB3E42BA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:50.0480 0x080c  IntcAzAudAddService - ok
14:09:50.0527 0x080c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:09:50.0543 0x080c  intelide - ok
14:09:50.0590 0x080c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:09:50.0605 0x080c  intelppm - ok
14:09:50.0621 0x080c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
14:09:50.0668 0x080c  IPBusEnum - ok
14:09:50.0730 0x080c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:50.0777 0x080c  IpFilterDriver - ok
14:09:51.0026 0x080c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:09:51.0323 0x080c  iphlpsvc - ok
14:09:51.0432 0x080c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
14:09:51.0541 0x080c  IPMIDRV - ok
14:09:51.0713 0x080c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
14:09:51.0775 0x080c  IPNAT - ok
14:09:51.0822 0x080c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:09:51.0838 0x080c  IRENUM - ok
14:09:51.0853 0x080c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:09:51.0869 0x080c  isapnp - ok
14:09:51.0916 0x080c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:09:51.0962 0x080c  iScsiPrt - ok
14:09:51.0994 0x080c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:09:52.0009 0x080c  kbdclass - ok
14:09:52.0072 0x080c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:09:52.0087 0x080c  kbdhid - ok
14:09:52.0103 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
14:09:52.0118 0x080c  KeyIso - ok
14:09:52.0165 0x080c  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:09:52.0181 0x080c  KSecDD - ok
14:09:52.0196 0x080c  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
14:09:52.0228 0x080c  KSecPkg - ok
14:09:52.0243 0x080c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
14:09:52.0290 0x080c  ksthunk - ok
14:09:52.0321 0x080c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:09:52.0399 0x080c  KtmRm - ok
14:09:52.0430 0x080c  [ 2377EC4CC3E356655B996F39B43486B6, 1934013BAC20D857C9060229AC847B5628FB17042057E8B1CB8E3E0F9F26D53F ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
14:09:52.0493 0x080c  L1C - ok
14:09:52.0555 0x080c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:09:52.0602 0x080c  LanmanServer - ok
14:09:52.0664 0x080c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:52.0711 0x080c  LanmanWorkstation - ok
14:09:52.0758 0x080c  [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:09:52.0805 0x080c  LHidFilt - ok
14:09:52.0836 0x080c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:09:52.0883 0x080c  lltdio - ok
14:09:52.0914 0x080c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:09:52.0961 0x080c  lltdsvc - ok
14:09:52.0976 0x080c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:09:53.0023 0x080c  lmhosts - ok
14:09:53.0039 0x080c  [ F84023FB2E3DEA06103501974A2EDB44, 38144EB7DE7F0B33F9C3E637715834CD0860CCE11915C77065000949767D98DF ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:09:53.0054 0x080c  LMouFilt - ok
14:09:53.0086 0x080c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:53.0101 0x080c  LSI_FC - ok
14:09:53.0132 0x080c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:53.0148 0x080c  LSI_SAS - ok
14:09:53.0164 0x080c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:53.0179 0x080c  LSI_SAS2 - ok
14:09:53.0195 0x080c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:53.0226 0x080c  LSI_SCSI - ok
14:09:53.0242 0x080c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
14:09:53.0288 0x080c  luafv - ok
14:09:53.0335 0x080c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
14:09:53.0351 0x080c  Mcx2Svc - ok
14:09:53.0382 0x080c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
14:09:53.0398 0x080c  megasas - ok
14:09:53.0429 0x080c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:53.0444 0x080c  MegaSR - ok
14:09:53.0476 0x080c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
14:09:53.0522 0x080c  MMCSS - ok
14:09:53.0538 0x080c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
14:09:53.0569 0x080c  Modem - ok
14:09:53.0600 0x080c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
14:09:53.0647 0x080c  monitor - ok
14:09:53.0694 0x080c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:09:53.0725 0x080c  mouclass - ok
14:09:53.0725 0x080c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:09:53.0741 0x080c  mouhid - ok
14:09:53.0788 0x080c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:09:53.0834 0x080c  mountmgr - ok
14:09:53.0881 0x080c  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:53.0912 0x080c  MozillaMaintenance - ok
14:09:53.0928 0x080c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:09:53.0959 0x080c  mpio - ok
14:09:53.0990 0x080c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:09:54.0037 0x080c  mpsdrv - ok
14:09:54.0100 0x080c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:09:54.0193 0x080c  MpsSvc - ok
14:09:54.0224 0x080c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:09:54.0271 0x080c  MRxDAV - ok
14:09:54.0302 0x080c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:54.0334 0x080c  mrxsmb - ok
14:09:54.0349 0x080c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:54.0380 0x080c  mrxsmb10 - ok
14:09:54.0396 0x080c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:54.0412 0x080c  mrxsmb20 - ok
14:09:54.0458 0x080c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:09:54.0490 0x080c  msahci - ok
14:09:54.0536 0x080c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
14:09:54.0552 0x080c  msdsm - ok
14:09:54.0599 0x080c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
14:09:54.0614 0x080c  MSDTC - ok
14:09:54.0646 0x080c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:09:54.0708 0x080c  Msfs - ok
14:09:54.0724 0x080c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
14:09:54.0755 0x080c  mshidkmdf - ok
14:09:54.0802 0x080c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:09:54.0817 0x080c  msisadrv - ok
14:09:54.0864 0x080c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:09:54.0911 0x080c  MSiSCSI - ok
14:09:54.0911 0x080c  msiserver - ok
14:09:54.0958 0x080c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:09:55.0004 0x080c  MSKSSRV - ok
14:09:55.0004 0x080c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:55.0051 0x080c  MSPCLOCK - ok
14:09:55.0067 0x080c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:09:55.0098 0x080c  MSPQM - ok
14:09:55.0160 0x080c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:09:55.0192 0x080c  MsRPC - ok
14:09:55.0238 0x080c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:09:55.0254 0x080c  mssmbios - ok
14:09:55.0270 0x080c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:09:55.0316 0x080c  MSTEE - ok
14:09:55.0316 0x080c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:55.0348 0x080c  MTConfig - ok
14:09:55.0363 0x080c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
14:09:55.0379 0x080c  Mup - ok
14:09:55.0441 0x080c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:09:55.0535 0x080c  napagent - ok
14:09:55.0582 0x080c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:09:55.0613 0x080c  NativeWifiP - ok
14:09:55.0722 0x080c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:09:55.0784 0x080c  NDIS - ok
14:09:55.0800 0x080c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:55.0847 0x080c  NdisCap - ok
14:09:55.0862 0x080c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:55.0909 0x080c  NdisTapi - ok
14:09:55.0956 0x080c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:56.0018 0x080c  Ndisuio - ok
14:09:56.0081 0x080c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:56.0143 0x080c  NdisWan - ok
14:09:56.0190 0x080c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:09:56.0252 0x080c  NDProxy - ok
14:09:56.0268 0x080c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:09:56.0315 0x080c  NetBIOS - ok
14:09:56.0377 0x080c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
14:09:56.0455 0x080c  NetBT - ok
14:09:56.0471 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
14:09:56.0486 0x080c  Netlogon - ok
14:09:56.0518 0x080c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:09:56.0596 0x080c  Netman - ok
14:09:56.0627 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0642 0x080c  NetMsmqActivator - ok
14:09:56.0674 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0689 0x080c  NetPipeActivator - ok
14:09:56.0720 0x080c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:09:56.0783 0x080c  netprofm - ok
14:09:56.0814 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0845 0x080c  NetTcpActivator - ok
14:09:56.0845 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0876 0x080c  NetTcpPortSharing - ok
14:09:57.0110 0x080c  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
14:09:57.0391 0x080c  netw5v64 - ok
14:09:57.0438 0x080c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:57.0454 0x080c  nfrd960 - ok
14:09:57.0469 0x080c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:09:57.0516 0x080c  NlaSvc - ok
14:09:57.0532 0x080c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:09:57.0578 0x080c  Npfs - ok
14:09:57.0610 0x080c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
14:09:57.0641 0x080c  nsi - ok
14:09:57.0656 0x080c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:09:57.0703 0x080c  nsiproxy - ok
14:09:57.0844 0x080c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:09:57.0984 0x080c  Ntfs - ok
14:09:58.0015 0x080c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:09:58.0062 0x080c  Null - ok
14:09:58.0078 0x080c  [ 4F990BD111CF94891104193F8787788F, 9EC023E1A4F19F83E95B128522E191C2FA1709150971FFB5727C16B2086B0B9C ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
14:09:58.0109 0x080c  nuvotoncir - ok
14:09:58.0156 0x080c  [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
14:09:58.0171 0x080c  NVHDA - ok
14:09:58.0624 0x080c  [ FCF29A4C5A976075E55468A244110837, 0016816AA111D3696C1E0412B60118CCCB18A2C9B6656BA3EF67EA458A6728A8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:09:59.0154 0x080c  nvlddmkm - ok
14:09:59.0357 0x080c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:09:59.0388 0x080c  nvraid - ok
14:09:59.0435 0x080c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:09:59.0450 0x080c  nvstor - ok
14:09:59.0513 0x080c  [ 1A86F20153A131E02C8C6E1BD15BFCB4, B1203071B3142B6A90464B5F124C833D1D214B2ECBCC518C217F74E329D8A684 ] nvsvc          C:\Windows\system32\nvvsvc.exe
14:09:59.0544 0x080c  nvsvc - ok
14:09:59.0606 0x080c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:09:59.0622 0x080c  nv_agp - ok
14:09:59.0669 0x080c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:09:59.0684 0x080c  ohci1394 - ok
14:09:59.0778 0x080c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:09:59.0825 0x080c  p2pimsvc - ok
14:09:59.0872 0x080c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:09:59.0903 0x080c  p2psvc - ok
14:09:59.0934 0x080c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
14:09:59.0950 0x080c  Parport - ok
14:09:59.0981 0x080c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:09:59.0996 0x080c  partmgr - ok
14:10:00.0059 0x080c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:10:00.0106 0x080c  PcaSvc - ok
14:10:00.0121 0x080c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
14:10:00.0152 0x080c  pci - ok
14:10:00.0184 0x080c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:10:00.0199 0x080c  pciide - ok
14:10:00.0230 0x080c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:10:00.0262 0x080c  pcmcia - ok
14:10:00.0277 0x080c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
14:10:00.0293 0x080c  pcw - ok
14:10:00.0371 0x080c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:10:00.0449 0x080c  PEAUTH - ok
14:10:00.0527 0x080c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
14:10:00.0652 0x080c  PeerDistSvc - ok
14:10:00.0745 0x080c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:10:00.0792 0x080c  PerfHost - ok
14:10:00.0886 0x080c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
14:10:01.0010 0x080c  pla - ok
14:10:01.0042 0x080c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:10:01.0088 0x080c  PlugPlay - ok
14:10:01.0104 0x080c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
14:10:01.0135 0x080c  PNRPAutoReg - ok
14:10:01.0166 0x080c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
14:10:01.0182 0x080c  PNRPsvc - ok
14:10:01.0260 0x080c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:10:01.0322 0x080c  PolicyAgent - ok
14:10:01.0354 0x080c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
14:10:01.0400 0x080c  Power - ok
14:10:01.0463 0x080c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:10:01.0510 0x080c  PptpMiniport - ok
14:10:01.0541 0x080c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
14:10:01.0556 0x080c  Processor - ok
14:10:01.0603 0x080c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:10:01.0666 0x080c  ProfSvc - ok
14:10:01.0681 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:10:01.0697 0x080c  ProtectedStorage - ok
14:10:01.0759 0x080c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:10:01.0806 0x080c  Psched - ok
14:10:01.0868 0x080c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:10:01.0962 0x080c  ql2300 - ok
14:10:02.0009 0x080c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:10:02.0040 0x080c  ql40xx - ok
14:10:02.0071 0x080c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
14:10:02.0102 0x080c  QWAVE - ok
14:10:02.0134 0x080c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:10:02.0149 0x080c  QWAVEdrv - ok
14:10:02.0165 0x080c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:10:02.0212 0x080c  RasAcd - ok
14:10:02.0227 0x080c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
14:10:02.0274 0x080c  RasAgileVpn - ok
14:10:02.0290 0x080c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
14:10:02.0336 0x080c  RasAuto - ok
14:10:02.0383 0x080c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:02.0446 0x080c  Rasl2tp - ok
14:10:02.0492 0x080c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:10:02.0570 0x080c  RasMan - ok
14:10:02.0602 0x080c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:02.0648 0x080c  RasPppoe - ok
14:10:02.0680 0x080c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:10:02.0726 0x080c  RasSstp - ok
14:10:02.0789 0x080c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:10:02.0882 0x080c  rdbss - ok
14:10:02.0882 0x080c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:10:02.0914 0x080c  rdpbus - ok
14:10:02.0929 0x080c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:02.0960 0x080c  RDPCDD - ok
14:10:03.0023 0x080c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
14:10:03.0054 0x080c  RDPDR - ok
14:10:03.0085 0x080c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:10:03.0132 0x080c  RDPENCDD - ok
14:10:03.0148 0x080c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:10:03.0194 0x080c  RDPREFMP - ok
14:10:03.0241 0x080c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
14:10:03.0288 0x080c  RDPWD - ok
14:10:03.0319 0x080c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:10:03.0350 0x080c  rdyboost - ok
14:10:03.0382 0x080c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:10:03.0428 0x080c  RemoteAccess - ok
14:10:03.0460 0x080c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:10:03.0506 0x080c  RemoteRegistry - ok
14:10:03.0538 0x080c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:10:03.0569 0x080c  RFCOMM - ok
14:10:03.0584 0x080c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:10:03.0631 0x080c  RpcEptMapper - ok
14:10:03.0647 0x080c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:10:03.0678 0x080c  RpcLocator - ok
14:10:03.0740 0x080c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
14:10:03.0803 0x080c  RpcSs - ok
14:10:03.0834 0x080c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:10:03.0881 0x080c  rspndr - ok
14:10:03.0928 0x080c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
14:10:03.0943 0x080c  s3cap - ok
14:10:03.0974 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs          C:\Windows\system32\lsass.exe
14:10:03.0990 0x080c  SamSs - ok
14:10:04.0021 0x080c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:10:04.0037 0x080c  sbp2port - ok
14:10:04.0068 0x080c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:10:04.0115 0x080c  SCardSvr - ok
14:10:04.0177 0x080c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:10:04.0224 0x080c  scfilter - ok
14:10:04.0333 0x080c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:10:04.0442 0x080c  Schedule - ok
14:10:04.0489 0x080c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:10:04.0536 0x080c  SCPolicySvc - ok
14:10:04.0583 0x080c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:10:04.0598 0x080c  SDRSVC - ok
14:10:04.0630 0x080c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:10:04.0676 0x080c  secdrv - ok
14:10:04.0692 0x080c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:10:04.0739 0x080c  seclogon - ok
14:10:04.0770 0x080c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:10:04.0832 0x080c  SENS - ok
14:10:04.0848 0x080c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:10:04.0879 0x080c  SensrSvc - ok
14:10:04.0910 0x080c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
14:10:04.0926 0x080c  Serenum - ok
14:10:04.0942 0x080c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:10:04.0957 0x080c  Serial - ok
14:10:04.0988 0x080c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:10:05.0004 0x080c  sermouse - ok
14:10:05.0051 0x080c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:10:05.0113 0x080c  SessionEnv - ok
14:10:05.0160 0x080c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
14:10:05.0207 0x080c  sffdisk - ok
14:10:05.0222 0x080c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:10:05.0254 0x080c  sffp_mmc - ok
14:10:05.0254 0x080c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
14:10:05.0285 0x080c  sffp_sd - ok
14:10:05.0300 0x080c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
14:10:05.0316 0x080c  sfloppy - ok
14:10:05.0347 0x080c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:10:05.0410 0x080c  SharedAccess - ok
14:10:05.0488 0x080c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:10:05.0550 0x080c  ShellHWDetection - ok
14:10:05.0566 0x080c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:10:05.0581 0x080c  SiSRaid2 - ok
14:10:05.0612 0x080c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:10:05.0628 0x080c  SiSRaid4 - ok
14:10:05.0659 0x080c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
14:10:05.0706 0x080c  Smb - ok
14:10:05.0753 0x080c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:10:05.0768 0x080c  SNMPTRAP - ok
14:10:05.0784 0x080c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
14:10:05.0800 0x080c  spldr - ok
14:10:05.0846 0x080c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
14:10:05.0909 0x080c  Spooler - ok
14:10:06.0112 0x080c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:10:06.0330 0x080c  sppsvc - ok
14:10:06.0361 0x080c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
14:10:06.0408 0x080c  sppuinotify - ok
14:10:06.0455 0x080c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:10:06.0502 0x080c  srv - ok
14:10:06.0548 0x080c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:10:06.0611 0x080c  srv2 - ok
14:10:06.0704 0x080c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:10:06.0876 0x080c  srvnet - ok
14:10:06.0907 0x080c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:10:06.0954 0x080c  SSDPSRV - ok
14:10:07.0016 0x080c  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
14:10:07.0032 0x080c  SSPORT - ok
14:10:07.0063 0x080c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:10:07.0110 0x080c  SstpSvc - ok
14:10:07.0157 0x080c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
14:10:07.0172 0x080c  ssudmdm - ok
14:10:07.0250 0x080c  [ 9DDE5AD12189D9AA2D1B96E129460939, DF741327D2C48837827F24D25C296E20B01BE69333461B2DFD2BAFE804A1FBBB ] Stereo Service  C:\Windows\SysWOW64\nvSCPAPISvr.exe
14:10:07.0297 0x080c  Stereo Service - ok
14:10:07.0313 0x080c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:10:07.0328 0x080c  stexstor - ok
14:10:07.0438 0x080c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:10:07.0531 0x080c  stisvc - ok
14:10:07.0562 0x080c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
14:10:07.0578 0x080c  storflt - ok
14:10:07.0609 0x080c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc        C:\Windows\system32\storsvc.dll
14:10:07.0640 0x080c  StorSvc - ok
14:10:07.0672 0x080c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc        C:\Windows\system32\drivers\storvsc.sys
14:10:07.0687 0x080c  storvsc - ok
14:10:07.0703 0x080c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:10:07.0718 0x080c  swenum - ok
14:10:07.0812 0x080c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
14:10:07.0952 0x080c  swprv - ok
14:10:08.0062 0x080c  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
14:10:08.0124 0x080c  SynTP - ok
14:10:08.0264 0x080c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
14:10:08.0358 0x080c  SysMain - ok
14:10:08.0405 0x080c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:10:08.0436 0x080c  TabletInputService - ok
14:10:08.0467 0x080c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:10:08.0514 0x080c  TapiSrv - ok
14:10:08.0530 0x080c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
14:10:08.0576 0x080c  TBS - ok
14:10:08.0701 0x080c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:10:08.0795 0x080c  Tcpip - ok
14:10:08.0888 0x080c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:10:08.0951 0x080c  TCPIP6 - ok
14:10:08.0998 0x080c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:10:09.0013 0x080c  tcpipreg - ok
14:10:09.0044 0x080c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:10:09.0076 0x080c  TDPIPE - ok
14:10:09.0107 0x080c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
14:10:09.0122 0x080c  TDTCP - ok
14:10:09.0185 0x080c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:10:09.0216 0x080c  tdx - ok
14:10:09.0247 0x080c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:10:09.0263 0x080c  TermDD - ok
14:10:09.0372 0x080c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService    C:\Windows\System32\termsrv.dll
14:10:09.0450 0x080c  TermService - ok
14:10:09.0778 0x080c  [ 407DB52B50C8C8154FF114DCEC1FB73C, 2C9C3B9E16ADDB0A03D0FDE96C680980F7D2BFFF9DFCAC36C5977087436DF5F7 ] Texis Monitor  C:\Program Files\Abaqus\Documentation\monitor.exe
14:10:09.0996 0x080c  Texis Monitor - detected UnsignedFile.Multi.Generic ( 1 )
14:10:12.0944 0x080c  Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
14:10:15.0908 0x080c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:10:15.0955 0x080c  Themes - ok
14:10:15.0986 0x080c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
14:10:16.0033 0x080c  THREADORDER - ok
14:10:16.0049 0x080c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:10:16.0096 0x080c  TrkWks - ok
14:10:16.0189 0x080c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:16.0283 0x080c  TrustedInstaller - ok
14:10:16.0330 0x080c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:16.0361 0x080c  tssecsrv - ok
14:10:16.0454 0x080c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:10:16.0497 0x080c  TsUsbFlt - ok
14:10:16.0556 0x080c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:10:16.0596 0x080c  tunnel - ok
14:10:16.0626 0x080c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:10:16.0636 0x080c  uagp35 - ok
14:10:16.0706 0x080c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:10:16.0786 0x080c  udfs - ok
14:10:16.0816 0x080c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:10:16.0836 0x080c  UI0Detect - ok
14:10:16.0856 0x080c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:10:16.0876 0x080c  uliagpkx - ok
14:10:16.0916 0x080c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
14:10:16.0936 0x080c  umbus - ok
14:10:16.0976 0x080c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:10:16.0996 0x080c  UmPass - ok
14:10:17.0056 0x080c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:10:17.0096 0x080c  UmRdpService - ok
14:10:17.0146 0x080c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:10:17.0226 0x080c  upnphost - ok
14:10:17.0256 0x080c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:17.0276 0x080c  usbccgp - ok
14:10:17.0336 0x080c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:10:17.0406 0x080c  usbcir - ok
14:10:17.0478 0x080c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
14:10:17.0508 0x080c  usbehci - ok
14:10:17.0539 0x080c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:10:17.0570 0x080c  usbhub - ok
14:10:17.0586 0x080c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
14:10:17.0601 0x080c  usbohci - ok
14:10:17.0632 0x080c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:10:17.0648 0x080c  usbprint - ok
14:10:17.0695 0x080c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
14:10:17.0757 0x080c  usbscan - ok
14:10:17.0788 0x080c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:17.0804 0x080c  USBSTOR - ok
14:10:17.0851 0x080c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
14:10:17.0866 0x080c  usbuhci - ok
14:10:17.0913 0x080c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:10:17.0944 0x080c  usbvideo - ok
14:10:17.0976 0x080c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
14:10:18.0022 0x080c  UxSms - ok
14:10:18.0085 0x080c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
14:10:18.0100 0x080c  VaultSvc - ok
14:10:18.0116 0x080c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:10:18.0132 0x080c  vdrvroot - ok
14:10:18.0210 0x080c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
14:10:18.0288 0x080c  vds - ok
14:10:18.0350 0x080c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:18.0366 0x080c  vga - ok
14:10:18.0381 0x080c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
14:10:18.0428 0x080c  VgaSave - ok
14:10:18.0490 0x080c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
14:10:18.0522 0x080c  vhdmp - ok
14:10:18.0568 0x080c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:10:18.0600 0x080c  viaide - ok
14:10:18.0631 0x080c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
14:10:18.0646 0x080c  vmbus - ok
14:10:18.0662 0x080c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:10:18.0678 0x080c  VMBusHID - ok
14:10:18.0693 0x080c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:10:18.0724 0x080c  volmgr - ok
14:10:18.0802 0x080c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:10:18.0849 0x080c  volmgrx - ok
14:10:18.0880 0x080c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:10:18.0896 0x080c  volsnap - ok
14:10:18.0927 0x080c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:18.0958 0x080c  vsmraid - ok
14:10:19.0083 0x080c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
14:10:19.0208 0x080c  VSS - ok
14:10:19.0224 0x080c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:10:19.0255 0x080c  vwifibus - ok
14:10:19.0302 0x080c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
14:10:19.0364 0x080c  W32Time - ok
14:10:19.0395 0x080c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:10:19.0411 0x080c  WacomPen - ok
14:10:19.0473 0x080c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:10:19.0520 0x080c  WANARP - ok
14:10:19.0520 0x080c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:10:19.0567 0x080c  Wanarpv6 - ok
14:10:19.0676 0x080c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:10:19.0770 0x080c  wbengine - ok
14:10:19.0801 0x080c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:10:19.0832 0x080c  WbioSrvc - ok
14:10:19.0894 0x080c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:10:19.0941 0x080c  wcncsvc - ok
14:10:19.0972 0x080c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:19.0988 0x080c  WcsPlugInService - ok
14:10:20.0019 0x080c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:10:20.0035 0x080c  Wd - ok
14:10:20.0113 0x080c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:10:20.0175 0x080c  Wdf01000 - ok
14:10:20.0238 0x080c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:10:20.0269 0x080c  WdiServiceHost - ok
14:10:20.0269 0x080c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:10:20.0284 0x080c  WdiSystemHost - ok
14:10:20.0347 0x080c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
14:10:20.0409 0x080c  WebClient - ok
14:10:20.0440 0x080c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:10:20.0503 0x080c  Wecsvc - ok
14:10:20.0503 0x080c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:10:20.0550 0x080c  wercplsupport - ok
14:10:20.0581 0x080c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:10:20.0628 0x080c  WerSvc - ok
14:10:20.0628 0x080c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:20.0674 0x080c  WfpLwf - ok
14:10:20.0706 0x080c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:10:20.0721 0x080c  WIMMount - ok
14:10:20.0752 0x080c  WinDefend - ok
14:10:20.0768 0x080c  WinHttpAutoProxySvc - ok
14:10:20.0830 0x080c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:10:20.0893 0x080c  Winmgmt - ok
14:10:21.0018 0x080c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM          C:\Windows\system32\WsmSvc.dll
14:10:21.0158 0x080c  WinRM - ok
14:10:21.0205 0x080c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
14:10:21.0220 0x080c  WinUsb - ok
14:10:21.0283 0x080c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
14:10:21.0345 0x080c  Wlansvc - ok
14:10:21.0517 0x080c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:21.0657 0x080c  wlidsvc - ok
14:10:21.0704 0x080c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
14:10:21.0735 0x080c  WmiAcpi - ok
14:10:21.0766 0x080c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:10:21.0782 0x080c  wmiApSrv - ok
14:10:21.0813 0x080c  WMPNetworkSvc - ok
14:10:21.0829 0x080c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:10:21.0860 0x080c  WPCSvc - ok
14:10:21.0907 0x080c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:10:21.0954 0x080c  WPDBusEnum - ok
14:10:21.0985 0x080c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:10:22.0063 0x080c  ws2ifsl - ok
14:10:22.0094 0x080c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:10:22.0125 0x080c  wscsvc - ok
14:10:22.0125 0x080c  WSearch - ok
14:10:22.0297 0x080c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:10:22.0468 0x080c  wuauserv - ok
14:10:22.0500 0x080c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:10:22.0546 0x080c  WudfPf - ok
14:10:22.0593 0x080c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:22.0609 0x080c  WUDFRd - ok
14:10:22.0624 0x080c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:10:22.0656 0x080c  wudfsvc - ok
14:10:22.0702 0x080c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
14:10:22.0734 0x080c  WwanSvc - ok
14:10:22.0780 0x080c  ================ Scan global ===============================
14:10:22.0796 0x080c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:10:22.0858 0x080c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
14:10:22.0890 0x080c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
14:10:22.0936 0x080c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:10:22.0999 0x080c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:10:23.0046 0x080c  [ Global ] - ok
14:10:23.0046 0x080c  ================ Scan MBR ==================================
14:10:23.0061 0x080c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:23.0451 0x080c  \Device\Harddisk0\DR0 - ok
14:10:23.0451 0x080c  ================ Scan VBR ==================================
14:10:23.0467 0x080c  [ 177B3A5DB69C0F51412498E95153B649 ] \Device\Harddisk0\DR0\Partition1
14:10:23.0467 0x080c  \Device\Harddisk0\DR0\Partition1 - ok
14:10:23.0467 0x080c  [ D9C1677F95911FFF3606801AC685F48A ] \Device\Harddisk0\DR0\Partition2
14:10:23.0482 0x080c  \Device\Harddisk0\DR0\Partition2 - ok
14:10:23.0514 0x080c  [ AFCD9E54E2ED7037097E228A9E09F8E1 ] \Device\Harddisk0\DR0\Partition3
14:10:23.0514 0x080c  \Device\Harddisk0\DR0\Partition3 - ok
14:10:23.0514 0x080c  ================ Scan generic autorun ======================
14:10:23.0514 0x080c  NvCplDaemon - ok
14:10:23.0888 0x080c  [ C7065803783E15DE2A1281D81D849398, 1B4592F0C68BD70A8833418723E6C7EA912478189AAC3D906B2C19E86810122E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:10:24.0184 0x080c  RtHDVCpl - ok
14:10:24.0200 0x080c  SynTPEnh - ok
14:10:24.0309 0x080c  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
14:10:24.0340 0x080c  IAAnotif - ok
14:10:24.0434 0x080c  [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
14:10:24.0465 0x080c  avgnt - ok
14:10:24.0543 0x080c  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:10:24.0574 0x080c  SunJavaUpdateSched - ok
14:10:24.0621 0x080c  [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
14:10:24.0652 0x080c  Avira Systray - ok
14:10:24.0808 0x080c  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:10:24.0871 0x080c  Adobe ARM - ok
14:10:24.0964 0x080c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:10:25.0167 0x080c  Sidebar - ok
14:10:25.0200 0x080c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:10:25.0230 0x080c  mctadmin - ok
14:10:25.0290 0x080c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:10:25.0340 0x080c  Sidebar - ok
14:10:25.0370 0x080c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:10:25.0390 0x080c  mctadmin - ok
14:10:25.0390 0x080c  Waiting for KSN requests completion. In queue: 83
14:10:26.0402 0x080c  Waiting for KSN requests completion. In queue: 83
14:10:27.0416 0x080c  Waiting for KSN requests completion. In queue: 83
14:10:28.0461 0x080c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:10:28.0477 0x080c  Win FW state via NFP2: enabled
14:10:31.0300 0x080c  ============================================================
14:10:31.0300 0x080c  Scan finished
14:10:31.0300 0x080c  ============================================================
14:10:31.0316 0x03c0  Detected object count: 1
14:10:31.0316 0x03c0  Actual detected object count: 1
14:15:21.0407 0x03c0  Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:21.0407 0x03c0  Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
Sooo zurück zu Laptop1 , FRST fix, ESET und Security check sind fertig. Ich habe außerdem das defekte avira gleich deinstalliert und bin auf avast umgestiegen.

hier die logs:
Laptop1 FRST Fixlog:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Michael at 2015-05-24 12:22:58 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\system32\Drivers\etc\hosts
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
Hosts:
RemoveProxy:
EmptyTemp:
end
       
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google" => key Removed successfully
Could not move "C:\Windows\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}" => key Removed successfully
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => key not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 6.6 GB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 12:32:46)<=

"C:\Windows\system32\Drivers\etc\hosts" => Could not move

==== End of Fixlog 12:32:46 ====
Laptop1 ESET log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4cf169053aeb34da03cc080edec2fc7
# engine=23996
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-24 12:49:41
# local_time=2015-05-24 02:49:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8115 184101631 0 0
# scanned=781947
# found=0
# cleaned=0
# scan_time=7674
Laptop1 Security check:
Code:
Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Visual Studio Extensions for Windows Library for JavaScript
 Java 7 Update 65 
 Java 8 Update 31 
 Visual Studio Extensions for Windows Library for JavaScript
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.134 
 Adobe Reader XI 
 Mozilla Firefox (38.0.1)
 Mozilla Thunderbird (31.6.0)
 Google Chrome (42.0.2311.152)
 Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast avastUi.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
die hosts datei konnte vermutlich wegen avira nicht verändert werden. die Einträge habe ich dann selbst entfernt.

M-K-D-B 24.05.2015 23:14
Servus,




dein Laptop (Win 7) könnte die Meldung von der Telekom sein.

Wir führen dort bitte aus:


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

M-K-D-B 24.05.2015 23:17
Servus,


nun zu deinem 2. Rechner (Win 8.1):


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

M-K-D-B 24.05.2015 23:21
Servus,



die Funde von TDSS-Killer auf dem Laptop 3 sind Fehlalarme, keine Malware.

Auch auf Laptop 3 bitte ausführen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

rootofallevi 25.05.2015 11:58
Schönen guten Morgen,
Danke für die Antwort,
heißt das, dass mein Laptop vermutlich mit Zeus infiziert war/ist?
Ich nehme an auf Laptop 2(win8.1 nicht win 7 wie im ersten post fälschlich angenommen) auch MBs Anti-Rootkit ausführen?

Hier der Log von Anti-Rootkit auf meinem Laptop1(win7)
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.25.02
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Michael :: MICHAEL-LAPTOP [administrator]

25.05.2015 09:32:00
mbar-log-2015-05-25 (09-32-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 577143
Time elapsed: 17 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Zu beginn meldete Anti-Rootkit, dass ein Eintrag in AppInit_DLLs von Rootkit-Aktivitäten kommen kann, in der Registry habe ich den Eintrag mal nachgesehen, es ist eine nvinit.dll (vermutlich von meiner nvidia graka?), kann ich diesem Eintrag trauen?

Die MBAR-Logs der anderen Rechner folgen gleich.
Beste Grüße

schon sind sie da:
Log von mbar auf Laptop2(win 8.1)
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.25.02
  rootkit: v2015.05.24.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17801
Doppel D :: DEISSLER [administrator]

25.05.2015 09:56:42
mbar-log-2015-05-25 (09-56-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365932
Time elapsed: 29 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
zu Laptop3(win7) habe ich gerade leider keinen Zugriff, wird dann nachgereicht, auf meinem Desktop läuft mbar noch.

und fertig:
mbar log auf meinem Desktop(win8.1)
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.25.02
  rootkit: v2015.05.24.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17690
Michael :: BLACKTOWER [administrator]

25.05.2015 10:19:09
mbar-log-2015-05-25 (10-19-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 338674
Time elapsed: 13 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Es gibt ein kleines Update:
Laptop3 kann man garantiert ausschließen, da zum Zeitpunkt der Verbindung zu dem Command&Control-Server (Zeitstempel durch Provider) dieser zu 100% nicht im Netz war.
Das heißt die Liste der interessanten Geräte ist dann:
mein Laptop1 (win7)
mein Desktop (win8.1)
Laptop2 (win 8.1)
Virenscans mit Avast auf allen Androidgeräten hier im Netz brachten auch keine Funde hervor.

M-K-D-B 25.05.2015 12:18
Servus,



bisher konnten wir kein Rootkit und keinen Zeus-Trojaner finden.

An welchem Datum sollte laut Telekom eine Kommunikation mit einem Botnetz erfolgt sein?



Also dein 1. Rechner (Win 7) ist sauber, dort bitte folgendes tun:

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/ghostery_chrome.pngGhostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.






==============================


auf den Rechnern

mein Desktop (win8.1)
Laptop2 (win 8.1)

noch bitte jeweils folgendes ausführen (verwende für jeden Rechner einen extra post und poste nur, wenn du alle Logdateien beisammen hast):

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste mir den Inhalt mit deiner nächsten Antwort.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die Logdatei von Shortcut-Cleaner,
  • die beiden neuen Logdateien von FRST.

rootofallevi 25.05.2015 14:34
Mein Laptop1 ist soweit wieder aufgeräumt, abgesichert und uptodate.
Die oben genannten Schritte wurden auf meinem Desktop ausgeführt, dabei entstanden folgende logs:
Desktop(win8.1)
AdwCleaner:
Code:
# AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 14:26:56
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : Michael - BLACKTOWER
# Gestarted von : C:\Users\Michael\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.65

[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [2057 Bytes] - [25/05/2015 14:24:51]
AdwCleaner[S0].txt - [1573 Bytes] - [25/05/2015 14:26:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1632  Bytes] ##########
mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.05.2015
Suchlauf-Zeit: 14:53:53
Logdatei: desktop_mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.25.04
Rootkit Datenbank: v2015.05.24.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337816
Verstrichene Zeit: 11 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 Pro x64
Ran by Michael on 25.05.2015 at 15:08:14,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 15:11:16,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SC-cleaner:
Code:
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 Pro
Program started at: 05/25/2015 03:17:17 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Michael\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 05/25/2015 03:17:18 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Michael (administrator) on BLACKTOWER on 25-05-2015 15:19:15
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [US800Pane] => C:\Windows\system32\US800Pan.exe [1796696 2015-04-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1261568 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3440640 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\MountPoints2: {585dddbe-aadf-11e4-8250-001a92dae90a} - "G:\pushinst.exe"
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Touchpad Server.lnk [2015-02-03]
ShortcutTarget: Touchpad Server.lnk -> C:\Program Files (x86)\Things & Stuff\Touchpad Server\TouchpadServer.exe (Things & Stuff)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-24] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] ()
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (ScriptSafe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-02-10]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [89088 2007-06-07] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-24] (Avast Software)
S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) []
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-24] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-24] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2015-02-02] ()
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                          )
R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 US800_01; C:\Windows\system32\DRIVERS\US800Wdm.sys [36440 2015-04-12] ()
S3 US800_AA; C:\Windows\system32\DRIVERS\US800Drv.sys [90200 2015-04-12] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-24] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 15:17 - 2015-05-25 15:17 - 00001844 _____ () C:\Users\Michael\Desktop\sc-cleaner.txt
2015-05-25 15:16 - 2015-05-25 15:16 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2015-05-25 15:11 - 2015-05-25 15:11 - 00000732 _____ () C:\Users\Michael\Desktop\JRdesktop_T.txt
2015-05-25 15:08 - 2015-05-25 15:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BLACKTOWER-Windows-8.1-Pro-(64-bit).dat
2015-05-25 15:08 - 2015-05-25 15:08 - 00000000 ____D () C:\RegBackup
2015-05-25 15:07 - 2015-05-25 15:07 - 02945770 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2015-05-25 15:05 - 2015-05-25 15:05 - 00001205 _____ () C:\Users\Michael\Desktop\desktop_mbam.txt
2015-05-25 14:36 - 2015-05-25 14:36 - 00001712 _____ () C:\Users\Michael\Desktop\Desktop_AdwCleaner[S0].txt
2015-05-25 14:32 - 2015-05-25 14:32 - 00000000 ___RD () C:\Users\Michael\OneDrive
2015-05-25 14:24 - 2015-05-25 14:27 - 00000000 ____D () C:\AdwCleaner
2015-05-25 14:21 - 2015-05-25 14:21 - 02222592 _____ () C:\Users\Michael\Desktop\AdwCleaner_4.205.exe
2015-05-25 10:18 - 2015-05-25 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-25 10:15 - 2015-05-25 10:34 - 00000000 ____D () C:\Users\Michael\Desktop\mbar
2015-05-25 10:14 - 2015-05-25 10:12 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Michael\Desktop\mbar-1.09.1.1004.exe
2015-05-24 16:57 - 2015-05-24 16:57 - 473103369 _____ () C:\Windows\MEMORY.DMP
2015-05-24 16:57 - 2015-05-24 16:57 - 00279760 _____ () C:\Windows\Minidump\052415-22421-01.dmp
2015-05-24 13:41 - 2015-05-24 16:22 - 00108774 _____ () C:\Users\Michael\Desktop\TDSS.txt
2015-05-24 13:35 - 2015-05-24 13:35 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-24 13:35 - 2015-05-24 13:35 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-24 13:35 - 2015-05-24 13:35 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-24 13:32 - 2015-05-24 13:32 - 00022173 _____ () C:\Users\Michael\Desktop\Addition.txt
2015-05-24 13:31 - 2015-05-25 15:19 - 00012841 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-24 13:31 - 2015-05-25 15:19 - 00000000 ____D () C:\FRST
2015-05-24 13:16 - 2015-05-24 13:17 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe
2015-05-24 13:15 - 2015-05-24 13:17 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:02 - 2015-05-23 17:02 - 00002047 _____ () C:\Users\Michael\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-05-23 17:02 - 2015-05-23 17:02 - 00001991 _____ () C:\Users\Michael\Desktop\Avira EU-Cleaner.lnk
2015-05-23 15:49 - 2015-05-23 15:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-23 15:42 - 2015-05-23 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 16:05 - 2015-05-19 16:06 - 00000197 _____ () C:\Windows\system32\2015-05-19-14-05-43.080-AvastVBoxSVC.exe-1640.log
2015-05-19 15:56 - 2015-05-19 15:56 - 00000197 _____ () C:\Windows\system32\2015-05-19-13-56-34.011-AvastVBoxSVC.exe-2428.log
2015-05-18 17:26 - 2015-05-18 17:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job
2015-05-09 20:17 - 2015-05-25 14:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (6).old
2015-04-28 14:27 - 2015-04-28 14:27 - 00279760 _____ () C:\Windows\Minidump\042815-23703-01.dmp
2015-04-28 14:07 - 2015-04-28 14:07 - 00279760 _____ () C:\Windows\Minidump\042815-19859-01.dmp
2015-04-28 10:39 - 2015-04-28 10:39 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-39-38.035-AvastVBoxSVC.exe-2352.log
2015-04-28 10:32 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive (5).old
2015-04-28 10:24 - 2015-04-28 10:24 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-24-32.022-AvastVBoxSVC.exe-2400.log
2015-04-28 10:19 - 2015-04-28 10:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (4).old
2015-04-28 10:19 - 2015-04-28 10:19 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-19-26.095-AvastVBoxSVC.exe-2372.log
2015-04-28 10:11 - 2015-04-28 10:11 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-11-53.013-AvastVBoxSVC.exe-2384.log
2015-04-28 10:10 - 2015-04-28 10:10 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-25 21:32 - 2015-04-25 21:48 - 00000000 ____D () C:\os161
2015-04-25 21:28 - 2015-04-26 01:25 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-25 17:55 - 2015-04-25 17:55 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-55-09.029-AvastVBoxSVC.exe-2388.log
2015-04-25 17:51 - 2015-04-25 17:51 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-51-05.037-AvastVBoxSVC.exe-2384.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 15:15 - 2015-02-09 20:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-25 14:48 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-25 14:41 - 2015-02-09 20:51 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-25 14:41 - 2015-02-09 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 14:41 - 2015-02-09 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-25 14:39 - 2015-04-12 10:38 - 00021869 _____ () C:\Windows\system32\DICoInst64.log
2015-05-25 14:39 - 2015-02-02 16:30 - 00690628 _____ () C:\Windows\avmfwlanci.log
2015-05-25 14:39 - 2015-02-01 19:07 - 01470831 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 14:38 - 2015-02-09 20:44 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 14:38 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 14:37 - 2015-04-12 10:38 - 00131214 _____ () C:\Windows\system32\DICoInst64.bak
2015-05-25 14:35 - 2015-02-10 17:26 - 00000000 ___DO () C:\Users\Michael\SkyDrive
2015-05-25 14:33 - 2013-08-22 16:46 - 00028945 _____ () C:\Windows\setupact.log
2015-05-25 14:32 - 2015-02-01 19:07 - 00000000 ____D () C:\Users\Michael
2015-05-25 14:32 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-24 16:57 - 2015-02-02 16:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-24 16:44 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-24 16:44 - 2015-02-01 19:02 - 00029892 _____ () C:\Windows\PFRO.log
2015-05-24 13:35 - 2015-02-09 20:44 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-24 13:35 - 2015-02-09 20:44 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 15:47 - 2015-02-02 14:54 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 15:47 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 15:47 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 15:27 - 2015-02-09 20:48 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 21:48 - 2015-02-16 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-19 15:56 - 2015-02-09 20:44 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 20:21 - 2015-02-09 21:49 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-09 20:21 - 2015-02-09 21:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-29 22:05 - 2015-04-02 17:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\dvdcss
2015-04-29 22:05 - 2015-02-03 20:10 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-28 17:57 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-28 10:19 - 2015-04-13 18:48 - 00000000 ___RD () C:\Users\Michael\OneDrive (3).old
2015-04-28 10:11 - 2015-02-17 18:28 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-28 10:11 - 2015-02-17 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 17:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

==================== Files in the root of some directories =======

2015-04-25 21:28 - 2015-04-26 01:25 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-03-31 20:37 - 2015-03-31 20:37 - 0000218 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-02-09 21:25 - 2015-03-03 14:31 - 0007627 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\GLF255D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLF9770.tmp.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 21:36

==================== End of log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Michael at 2015-05-25 15:20:07
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2705135437-1520576403-3312034090-500 - Administrator - Disabled)
Gast (S-1-5-21-2705135437-1520576403-3312034090-501 - Limited - Disabled)
Michael (S-1-5-21-2705135437-1520576403-3312034090-1001 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1165 - Steinberg Media Technologies GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
RollerCoaster Tycoon (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6260 - Analog Devices)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-03-2015 12:10:07 Geplanter Prüfpunkt
30-03-2015 12:46:47 Geplanter Prüfpunkt
10-04-2015 21:36:18 Windows Update
12-04-2015 10:47:21 Windows Modules Installer
09-05-2015 20:17:54 Windows Update
24-05-2015 13:33:58 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {091CCA98-CFD0-4668-816F-FDE30641D621} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1588799C-4460-41C0-AA69-FF77F32E3381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {25D3BFD7-0A4F-4BC6-B291-8B1C18A4D77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {44E0C120-F662-4486-92FE-F3E65B0819F1} - System32\Tasks\{F11BBD6E-B477-4B35-95EE-89F16075F125} => pcalua.exe -a E:\S3\Autorun.exe -d E:\
Task: {5AE49BDE-A780-4138-9F2D-7E9A0F4EA6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {5BFFBCE8-BED4-46D8-9116-9FCAC4414459} - System32\Tasks\MalwareScan => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2015-04-14] (Malwarebytes Corporation)
Task: {7BFBE983-69DD-4525-8DE1-26DBAFFB4B65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-09] (Microsoft Corporation)
Task: {8CCEC2F7-8D00-4D80-99D1-C94B977D5B9F} - System32\Tasks\{74D79551-C8A4-4047-B788-89735DC425A5} => pcalua.exe -a "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64\AsusSetup.exe" -d "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64"
Task: {9767B787-CE1C-4A13-B1BD-B7A19AC736A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B0D8A2D7-7D68-456A-9761-E462073237E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-24] (Avast Software s.r.o.)
Task: {BA1C29FA-CAB8-462C-BAA0-7A5C76D6755C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BE3560FE-A816-4757-B5FF-17E0EA6B513A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-25 10:16 - 2015-05-25 10:16 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052500\algo.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Michael\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (6).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\StartupApproved\StartupFolder: => "Touchpad Server.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{AAB8A8D3-CA72-49D4-8E20-B5F79820D6DF}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{7ACB1CC4-9D9A-4196-96E9-3BB7ADEFF15C}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [TCP Query User{8F792302-9964-4FD1-8689-8C96C290C6DD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{9939554D-8E8F-416F-8E27-EE7ECAC23FAD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{F930095C-CF05-4655-B911-28714319CEFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5C5F221-2B1B-4D2D-9A7F-32373DFD30FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EACDBECC-7E95-402B-AADF-13C3FAD92F11}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B7D48A1B-2CA4-42EF-9DA7-7227A4759BDF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4E89C4D8-799E-4F08-A0C6-8D49E16BC966}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D179C17E-73EA-4CC1-B480-08B9F98E175B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{14D4C7D2-5D15-4E49-9AFD-EB236DC9D5F3}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{C77E243B-4DFC-47F3-BB1E-B41D9FA1C02C}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [{7FCB0EF7-2955-4FC1-99F2-C07B347486EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02529297-DEBE-47C9-9557-9A77700C18C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A48FF7B7-0BFF-4A5E-9705-0C09E060B355}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 03:20:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:20:03Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:19:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:19:33Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:19:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:19:03Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:18:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:18:33Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:18:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:18:03Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:17:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:17:33Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:17:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:17:03Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:16:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:16:33Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:16:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:16:03Z. Fehlercode: 0x80040154.

Error: (05/25/2015 03:15:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:15:32Z. Fehlercode: 0x80040154.


System errors:
=============
Error: (05/25/2015 03:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 03:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 03:08:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 03:08:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 03:08:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/25/2015 02:39:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.


Microsoft Office:
=========================
Error: (05/25/2015 03:20:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:20:03Z

Error: (05/25/2015 03:19:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:19:33Z

Error: (05/25/2015 03:19:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:19:03Z

Error: (05/25/2015 03:18:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:18:33Z

Error: (05/25/2015 03:18:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:18:03Z

Error: (05/25/2015 03:17:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:17:33Z

Error: (05/25/2015 03:17:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:17:03Z

Error: (05/25/2015 03:16:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:16:33Z

Error: (05/25/2015 03:16:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:16:03Z

Error: (05/25/2015 03:15:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:15:32Z


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 4094.55 MB
Available physical RAM: 2771.8 MB
Total Pagefile: 8190.55 MB
Available Pagefile: 6745.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.02 GB) (Free:32.04 GB) NTFS
Drive d: () (Fixed) (Total:698.63 GB) (Free:256.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: E19F6F61)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.8 GB) - (Type=82)
Partition 4: (Not Active) - (Size=76.9 GB) - (Type=83)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of log ============================
Die Schritte führe ich jetzt auch auf Laptop2 durch. Logs folgen.

rootofallevi 25.05.2015 18:16
Laptop2 logs:

adwcleaner:
Code:
# AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 15:40:00
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Doppel D - DEISSLER
# Gestarted von : C:\Users\Doppel D\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player
Ordner Gelöscht : C:\Program Files (x86)\MP4 Player
Ordner Gelöscht : C:\Users\Doppel D\AppData\Local\pokki
Ordner Gelöscht : C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MP4 Player]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP4 Player

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [2215 Bytes] - [25/05/2015 15:37:36]
AdwCleaner[S0].txt - [1945 Bytes] - [25/05/2015 15:40:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2004  Bytes] ##########
mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.05.2015
Suchlauf-Zeit: 15:50:31
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.25.04
Rootkit Datenbank: v2015.05.24.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Doppel D

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362179
Verstrichene Zeit: 30 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by Doppel D on 25.05.2015 at 16:23:17,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2419188506-2927848148-1747214967-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3406063620-4120487836-2621466698-500



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Doppel D\appdata\local\crashrpt



~~~ FireFox

Emptied folder: C:\Users\Doppel D\AppData\Roaming\mozilla\firefox\profiles\p3h9gu7x.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 16:26:21,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sc-cleaner:
Code:
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1
Program started at: 05/25/2015 04:29:11 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Doppel D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Doppel D\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 05/25/2015 04:29:15 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Doppel D (administrator) on DEISSLER on 25-05-2015 16:29:47
Running from C:\Users\Doppel D\Desktop
Loaded Profiles: Doppel D &  (Available Profiles: Doppel D)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] => C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe [503808 2009-01-30] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar374.lnk [2015-05-25]
ShortcutTarget: Sidebar374.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{18EF1542-630C-4621-A51B-04F11DFE9BD4}: [NameServer] 129.13.64.5,129.13.96.2

FireFox:
========
FF ProfilePath: C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default
FF Homepage: hxxp://www.bvb.de/News/Uebersicht/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\abs@avira.com [2015-04-28]
FF Extension: Adblock Plus - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-02-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) []
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) []
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-10] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-22] (Synaptics Incorporated)
S2 Texis Monitor; C:\SIMULIA\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks)
S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-08-20] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-02-11] (Realtek Semiconductor Corporation                          )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-22] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\swsetup\sp70137\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:29 - 2015-05-25 16:30 - 00021685 _____ () C:\Users\Doppel D\Desktop\FRST.txt
2015-05-25 16:29 - 2015-05-25 16:29 - 00001842 _____ () C:\Users\Doppel D\Desktop\sc-cleaner.txt
2015-05-25 16:28 - 2015-05-25 16:28 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Doppel D\Desktop\sc-cleaner.exe
2015-05-25 16:26 - 2015-05-25 16:26 - 00001474 _____ () C:\Users\Doppel D\Desktop\JRT.txt
2015-05-25 16:23 - 2015-05-25 16:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEISSLER-Windows-8.1-(64-bit).dat
2015-05-25 16:23 - 2015-05-25 16:23 - 00000000 ____D () C:\RegBackup
2015-05-25 16:22 - 2015-05-25 16:22 - 02945770 _____ (Thisisu) C:\Users\Doppel D\Downloads\JRT(1).exe
2015-05-25 16:21 - 2015-05-25 16:21 - 00001197 _____ () C:\Users\Doppel D\Desktop\mbam.txt
2015-05-25 16:05 - 2015-05-25 16:05 - 02945770 _____ (Thisisu) C:\Users\Doppel D\Desktop\JRT.exe
2015-05-25 15:47 - 2015-05-25 15:47 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-25 15:45 - 2015-05-25 15:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Doppel D\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-25 15:44 - 2015-05-25 15:44 - 00002084 _____ () C:\Users\Doppel D\Desktop\AdwCleaner[S0].txt
2015-05-25 15:37 - 2015-05-25 15:41 - 00000000 ____D () C:\AdwCleaner
2015-05-25 15:36 - 2015-05-25 15:36 - 02222592 _____ () C:\Users\Doppel D\Desktop\AdwCleaner_4.205.exe
2015-05-25 09:56 - 2015-05-25 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-25 09:54 - 2015-05-25 15:36 - 00000000 ____D () C:\Users\Doppel D\Desktop\mbar
2015-05-25 09:53 - 2015-05-25 09:53 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Doppel D\Downloads\mbar-1.09.1.1004.exe
2015-05-25 09:53 - 2015-05-25 09:53 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Doppel D\Desktop\mbar-1.09.1.1004.exe
2015-05-25 08:13 - 2015-05-25 08:13 - 00461597 _____ () C:\Users\Doppel D\Downloads\Daten#bersicht
2015-05-24 13:58 - 2015-05-25 16:29 - 00000000 ____D () C:\FRST
2015-05-24 13:48 - 2015-05-24 13:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Doppel D\Desktop\tdsskiller.exe
2015-05-24 13:47 - 2015-05-24 13:47 - 02108416 _____ (Farbar) C:\Users\Doppel D\Desktop\FRST64.exe
2015-05-23 16:05 - 2015-05-23 16:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-22 14:23 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-22 14:23 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-05-22 14:23 - 2015-04-09 00:07 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-22 14:23 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-22 14:23 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-22 14:23 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-22 14:23 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-22 14:23 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-22 14:23 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-22 14:23 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-22 14:23 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-22 14:23 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-22 14:23 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-22 14:23 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-22 14:23 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-05-22 14:23 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-22 14:23 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-05-22 14:23 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-05-22 14:22 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-22 14:22 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-20 15:41 - 2015-05-21 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\PDF Writer
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:26 - 00000000 ____D () C:\ProgramData\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\Common Files\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\7-PDF
2015-05-18 19:25 - 2015-05-04 11:33 - 06967260 ____N (7-PDF, Germany - Th. Hodes ) C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.exe
2015-05-18 19:25 - 2014-11-19 17:38 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2015-05-18 19:25 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-05-18 19:25 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-05-18 19:25 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-05-18 19:25 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-05-18 19:25 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-05-18 19:25 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-05-18 19:25 - 2008-07-09 17:38 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2015-05-18 19:25 - 1999-05-07 01:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX
2015-05-18 19:24 - 2015-05-18 19:24 - 06889574 _____ () C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.zip
2015-05-18 17:17 - 2015-05-21 07:33 - 00000000 ____D () C:\Program Files\paint.net
2015-05-18 17:17 - 2015-05-18 17:19 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\paint.net
2015-05-18 17:16 - 2015-05-18 17:16 - 06528454 _____ () C:\Users\Doppel D\Downloads\paint.net.4.0.5.install.zip
2015-05-18 17:10 - 2015-05-18 17:10 - 01203488 _____ () C:\Users\Doppel D\Downloads\Paint NET - CHIP-Installer.exe
2015-05-17 08:49 - 2015-05-17 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 22:20 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:20 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:03 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 22:03 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 22:03 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 22:03 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 22:03 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 22:03 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 22:03 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 22:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 22:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 22:03 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 22:03 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 22:03 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 22:03 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 22:03 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 22:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 22:03 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 22:03 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 22:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 22:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 22:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 22:03 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 22:03 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 22:03 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 22:03 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 22:03 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 22:03 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 22:03 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 09:51 - 2015-05-12 09:51 - 00776278 _____ () C:\Users\Doppel D\Downloads\Semcon Standort Sindelfingen Anfahrtsskizze.pptx
2015-05-07 13:25 - 2015-05-07 13:25 - 00000000 ____D () C:\Users\Doppel D\Downloads\Windows 8.1 (multiple editions) (x86) - DVD (German)
2015-05-07 11:45 - 2015-05-07 13:25 - 00010759 _____ () C:\Users\Doppel D\Downloads\SecureDownloadManager.log
2015-05-07 11:45 - 2015-05-07 11:45 - 00000184 _____ () C:\Users\Doppel D\Downloads\100381076748.sdx
2015-05-07 11:44 - 2015-05-07 11:44 - 00720384 _____ () C:\Users\Doppel D\Downloads\SDM_DE.msi
2015-05-07 08:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-07 08:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-05 15:28 - 2015-05-05 15:28 - 00000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-05-05 15:27 - 2015-05-05 15:27 - 01203488 _____ () C:\Users\Doppel D\Downloads\MP4 Player - CHIP-Installer.exe
2015-05-04 08:27 - 2015-05-04 08:28 - 00000000 ____D () C:\Users\Doppel D\Desktop\skripte
2015-05-01 19:48 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-01 19:48 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-01 19:48 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-01 19:48 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-01 19:48 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:48 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:47 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:27 - 2015-03-08 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 16:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-25 16:00 - 2015-01-19 12:45 - 02033882 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 15:48 - 2014-05-01 00:10 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-05-25 15:48 - 2014-05-01 00:10 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-05-25 15:48 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 15:47 - 2015-03-08 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 15:47 - 2015-03-08 12:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-25 15:46 - 2015-01-20 08:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 15:46 - 2015-01-19 12:53 - 00000000 ____D () C:\Users\Doppel D\Documents\Youcam
2015-05-25 15:45 - 2015-01-20 10:53 - 00000000 ___RD () C:\Users\Doppel D\Dropbox
2015-05-25 15:44 - 2015-01-20 10:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Dropbox
2015-05-25 15:42 - 2013-08-22 16:46 - 00053392 _____ () C:\Windows\setupact.log
2015-05-25 15:42 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 15:41 - 2014-08-05 21:39 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-25 08:35 - 2015-01-19 16:22 - 00000000 ____D () C:\Users\Doppel D\Documents\Bewerbung Job
2015-05-25 07:55 - 2015-01-21 21:44 - 00313344 ___SH () C:\Users\Doppel D\Desktop\Thumbs.db
2015-05-24 21:15 - 2015-03-17 11:17 - 00000362 _____ () C:\Windows\Tasks\HPCeeScheduleForDoppel D.job
2015-05-24 18:38 - 2015-03-31 20:21 - 00005148 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler
2015-05-24 18:29 - 2015-01-19 13:16 - 00002326 _____ () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-24 13:28 - 2015-01-19 16:34 - 00000000 ___RD () C:\Users\Doppel D\Desktop\Programme
2015-05-23 07:47 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-23 07:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-23 07:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-23 07:22 - 2015-01-19 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 07:22 - 2014-03-18 11:44 - 00373540 _____ () C:\Windows\PFRO.log
2015-05-22 20:26 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\vlc
2015-05-22 14:19 - 2015-02-10 22:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-22 08:42 - 2015-02-14 16:50 - 00000000 ____D () C:\Temp
2015-05-21 07:34 - 2015-01-20 15:31 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\CrashDumps
2015-05-19 07:51 - 2015-03-21 15:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 20:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 17:02 - 2015-01-19 14:24 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Adobe
2015-05-17 16:59 - 2015-01-20 08:32 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 16:59 - 2014-08-05 21:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-17 11:18 - 2015-01-19 13:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 08:00 - 2013-08-22 16:44 - 00521792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 22:21 - 2015-01-25 14:51 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-05-12 22:21 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 22:20 - 2015-01-22 18:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 22:14 - 2015-01-22 18:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:10 - 2015-01-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:07 - 2014-03-18 11:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 21:15 - 2015-03-17 11:17 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDoppel D
2015-05-11 15:28 - 2015-01-19 14:35 - 00010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-09 10:17 - 2015-01-19 12:50 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Packages
2015-05-09 08:46 - 2015-01-20 10:51 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-08 08:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-06 09:14 - 2015-03-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-05 19:59 - 2015-01-22 21:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-01-22 21:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 11:15 - 2015-02-15 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:14 - 2015-02-15 17:28 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:14 - 2015-02-15 17:28 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-30 13:10 - 2014-08-05 21:47 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-30 12:06 - 2015-01-19 14:08 - 00002244 ____H () C:\Users\Doppel D\Documents\Default.rdp
2015-04-28 09:48 - 2015-01-19 13:22 - 00000000 ____D () C:\Users\Doppel D\Documents\WG
2015-04-27 12:30 - 2015-01-19 15:34 - 00000000 ____D () C:\Users\Doppel D\Documents\Citavi 4

==================== Files in the root of some directories =======

2015-01-19 14:35 - 2015-05-11 15:28 - 0010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-05 15:28 - 2015-05-05 15:28 - 0000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-04-24 16:19 - 2015-04-24 16:19 - 0002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel
2015-02-03 21:35 - 2015-02-03 21:35 - 0007606 _____ () C:\Users\Doppel D\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Doppel D\AppData\Local\Temp\avgnt.exe
C:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpouh455.dll
C:\Users\Doppel D\AppData\Local\Temp\Extract.exe
C:\Users\Doppel D\AppData\Local\Temp\i4jdel0.exe
C:\Users\Doppel D\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Doppel D\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Doppel D\AppData\Local\Temp\oct2574.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct32CD.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct3428.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct525A.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct5BA0.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct7CDF.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA187.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA561.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octB3AC.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC461.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC9B2.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octEB09.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\Quarantine.exe
C:\Users\Doppel D\AppData\Local\Temp\scipy-0.14.0-sse3.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67280.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67743.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69229.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69393.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69401.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69404.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69411.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69555.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69559.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69718.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69738.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69846.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70137.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70439.exe
C:\Users\Doppel D\AppData\Local\Temp\sqlite3.dll
C:\Users\Doppel D\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 18:31

==================== End of log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Doppel D at 2015-05-25 16:30:52
Running from C:\Users\Doppel D\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1312067100-3160384092-1139304428-500 - Administrator - Disabled)
Doppel D (S-1-5-21-1312067100-3160384092-1139304428-1002 - Administrator - Enabled) => C:\Users\Doppel D
Gast (S-1-5-21-1312067100-3160384092-1139304428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1312067100-3160384092-1139304428-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 10.11.0.2342 (HKLM\...\7-PDF Printer_is1) (Version: 10.11.0.2342 - 7-PDF, Germany - Th. Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.50111 - Ihr Firmenname) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.50111 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Python 2.7 scipy-0.14.0 (HKLM-x32\...\scipy-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version:  - Samsung Electronics CO.,LTD)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
yEd Graph Editor 3.14 (HKLM\...\3309-7404-0599-8908) (Version: 3.14 - yWorks GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-05-2015 17:42:42 Geplanter Prüfpunkt
21-05-2015 07:32:36 Removed paint.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-02-16 09:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0990C75E-EEE2-4B86-8272-EDA7079CE817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1123A072-1BCD-4AF2-BBF1-37CC14219C22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {203E25B3-175E-49CA-9428-7142B4325EB0} - \Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002 No Task File <==== ATTENTION
Task: {2B55C425-F3A3-41D4-BDDB-323B0B29D0CC} - System32\Tasks\HPCeeScheduleForDoppel D => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B4E5D9E-FB40-4851-B770-7CC81249BC24} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard)
Task: {3CA217AF-8BE5-4D18-A55D-E34AB3AA7B15} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard)
Task: {40A1ECC5-6AC6-4B58-B6EF-FC7F95D49975} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {4A8E0D25-B728-4D11-9C3B-D5677A58D476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {5745C80F-E79B-4527-A735-677C3C95D324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E33AB4F-A509-457D-9105-F165B3A35099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {6AE3F81E-FF5D-4FB3-947E-E47F26664DD7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {7552A293-1545-495B-BB57-6BAF739F41CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {80A420C9-4AA9-4506-9EE0-B0C0A8A71CA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-06] (Microsoft Corporation)
Task: {872EEC8A-4540-4C84-A5E2-BB507ED799BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {87FD31D7-ADC0-4FD4-9C9A-24A08D998A9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {895DE694-D487-47FB-B416-4A012ACB2F76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {946D500B-08CE-4039-8D57-4B35C8894C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A4F6685F-D842-4381-BA79-ACE13CFE0211} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard)
Task: {B0D271CB-EFB6-43F3-A39F-1DEC597FD215} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C2F0E930-53DD-4D5F-9881-79994912ADBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C698FEA9-4053-437F-9E22-D26EFA73F12A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C9300309-2256-41D0-B6A6-FB723A098A52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {D28A0CE1-FFFA-42CD-8934-BCBEAC933A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D3045CA2-FE90-4C31-B9DB-7B062034F6B9} - \Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-500 No Task File <==== ATTENTION
Task: {E32BAE91-F6ED-4A31-A84B-3BEF3F188CF2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDoppel D.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2015-03-21 15:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-19 14:34 - 2007-12-27 17:44 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2015-01-19 14:31 - 2007-08-14 03:03 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-08-05 22:02 - 2013-02-01 11:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16AD78DD-65F2-47F6-8CDF-CAF8D355BB32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D98FA805-30BC-47AA-90C8-4F6D608AA674}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070CB099-7A71-44FC-8410-7062B6F7E165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90CB1EC0-7D89-402F-8372-A4399B92751A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1742ECAD-D58F-43A2-A3AD-DA7A6E47458F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27B451F7-8A22-4418-8BF0-12082A446104}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{75F4BDB8-2A9E-4903-9BD7-155A8A99C88A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E779D34-D883-4059-8D0A-1480CF531C17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61C5AA0-59F0-4F7E-A1CB-01FA24E98745}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{A170C4FD-9AD1-44FC-A0BB-12074CA67675}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{B066D0F2-9EED-4981-9FD3-8DFA25BBE09F}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{5395966C-550B-4A1D-8650-7197EB973A6D}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{022A1CF6-4E7C-4283-95F3-4D065580586C}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{8F619BAA-F9A6-4549-9978-43E3888AEF69}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{09ACE5EA-0B83-43A5-83AF-6A981068FBCE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{842FBF91-D0DE-4479-9C11-E68C9E4868CE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D0E8A705-1DAB-41D4-9947-25B624AF5747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{942348C0-30B5-4CDD-B691-48940D5B9B90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{169D1166-8C45-4F70-ACC9-85750662CA30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A161EE38-2B21-4162-BF14-17DC9803882A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{4A971199-06BA-4E38-B49D-C8D6B054ECA9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D6A08F9-926F-4CDC-9641-9D0307D6F56E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DC48C7CC-8C7C-4184-88AB-965555AD6D42}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{C34CD7B8-CCA8-4B1F-BC60-E7BFB9C4D642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73FB4A7A-346F-490B-9591-722E1BBAE5F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B3540C81-C0CD-4F4B-8087-9D36FD30D1D3}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5D7F82B1-2281-4C83-A276-BF776EC41961}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{328C5761-B521-4747-93ED-7EFBDAAD7B5C}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{F02E9BE4-F2B9-4060-866C-C2A7E507E975}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{4226FA3C-C310-4DD6-994F-54F5F87F903E}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{9783FEBE-D1EB-48F1-AFA4-6885C888B7ED}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{D5CFF259-6A4B-46A0-AF54-01A77DB1F732}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EB2897EE-AB63-4D50-88B3-004039E2E740}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CA588A6D-25BF-4CD6-92E0-4CB978107FCA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{16ABB144-DF68-4171-8412-A290AC6F1CF4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{F9397BE3-58B2-41BE-8753-335D2EBF8B49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{199F35C6-1460-4C14-9D21-6803BFAA2260}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5838AB6F-FD65-4111-8A95-28E44BC3A797}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{724F355B-F021-487B-A16B-B76A1D7F689A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 04:20:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16156344

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16156344

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11313

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11313

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9641

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9641

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/25/2015 04:24:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Texis Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SynTPEnh Caller Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HPWMISVC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 04:23:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dragon Notes Core" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/25/2015 04:20:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16156344

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16156344

Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11313

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11313

Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9641

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9641

Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 11460.65 MB
Available physical RAM: 9522.88 MB
Total Pagefile: 13188.65 MB
Available Pagefile: 10987.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.06 GB) (Free:728.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.43 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CA7DA791)

Partition: GPT Partition Type.

==================== End of log ============================

Der Zugriff soll laut Telekom am 18.05.2015 und am 06.05.2015 stattgefunden haben. Ich habe das Telekom Abuse-Team bereits kontaktiert, ob genauere Verbindungsdetails vorhanden sind; durch das verlängerte Wochenende erhielte ich jedoch noch keine Antwort.
[EDIT]:

Ich habe nun doch eine Antwort erhalten:
zusammengefasst:
ich habe den Hostname des Sinkholes erhalten auf den Zugegriffen wurde (insgesamt 5 mal, immer der gleiche), mehr Informationen gab es leider (noch) nicht.

Update:

Ich habe nun vom Telekom Abuse Team die Timestamps aller Zugriffe auf das Sinkhole bekommen. Laut Router-Log waren zum Zeitpunkt des letzten Zugriffs nur ein Androidgerät und Laptop2 im Netz.

M-K-D-B 25.05.2015 20:07
Servus,


auf deinem Rechner (Win 8.1):

  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\AdwCleaner.
  • Rechtsklicke auf den Ordner AdwCleaner und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen AdwCleaner.zip im Laufwerk C: erstellt.
  • Lade die AdwCleaner.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\AdwCleaner.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.


Gib mir Bescheid, wenn das erledigt ist.

M-K-D-B 25.05.2015 20:12
Servus,


auf Laptop 2:

  • Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
    Code:
    MP4 Player;Startfenster;
  • Drücke auf Search Registry.
  • FRST beginnt mit dem Suchlauf und erstellt am Ende eine Textdatei Search.txt.
  • Poste mir deren Inhalt mit deiner nächsten Antwort.

rootofallevi 26.05.2015 06:44
Guten Abend,
Sooo, wir waren schon etwas radikaler :lach:

da dem Laptop ein komplettes Neuaufsetzen von Windows eh ganz gut tut, haben wir dies jetzt getan und ihn mithilfe eines Images auf den Auslieferungszustand gebracht.
:kloppen:
Das Image war auf einer extra Partition, und wurde mit der HP-Recovery Software unter den Windows Reparaturoptionen aufgespielt
(Reparaturoption im erweiterten Bootmenü)

Dieser "MP4-Player" war durchaus keine vertrauenswürdige Software und meiner Vermutung nach auch die Infektionsquelle (wurde kurz vor der ersten bekannten Verbindung zum Sinkhole installiert).

Nach dem Rücksetzen wurde gleich Avast, MBAM, und NoScript installiert.

Gibt es noch weitere Tips oder Optionen die ich nicht in Betracht gezogen habe?

Vielen Dank für die Geduld und den Aufwand

Desktop (win 8.1)
Die AdwCleaner.zip ist hochgeladen :)
trojaner-board.de/upload.trojaner-board.de/files/150526-0743_AdwCleaner.zip.zip

M-K-D-B 26.05.2015 09:17
Servus,


das war wohl die richtige Entscheidung, den Laptop2 neu aufzusetzen. :daumenhoc


danke für den Upload.


Dann machen wir noch kurz den Windows 8.1 Rechner fertig:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

rootofallevi 26.05.2015 16:35
N'abend

Die Logs von FRST-Fix, ESET und SecurityCheck auf dem Desktop:

FRST-Fix:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Michael at 2015-05-26 10:59:00 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD2FE855-B9A4-4264-AB1C-3AF23779B4D4}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD2FE855-B9A4-4264-AB1C-3AF23779B4D4}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001" => key Removed successfully
EmptyTemp: => Removed 968.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:00:01 ====
Dann von ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9d76326dc1110847ba9932a3ab627efd
# engine=24029
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-26 03:12:11
# local_time=2015-05-26 05:12:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 174467 9149283 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6541786 15140714 0 0
# scanned=337503
# found=3
# cleaned=0
# scan_time=10023
sh=33F21111A3F3ECF3426863121BF458A8F19642DB ft=1 fh=77b670141c9fc9d9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-2705135437-1520576403-3312034090-1001\$R400O5I.exe"
sh=E4EC600C713AC4D250614FFAFD7BFEAE696CB76D ft=1 fh=f20ecac4b55764e3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-2705135437-1520576403-3312034090-1001\$RCZOMQQ.exe"
sh=B14E23A2F3238C771E8F047A89BB669A2EA72AA1 ft=1 fh=2cf6de8267e05ae4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Universal USB Installer - CHIP-Installer.exe"
Ich habe nachgesehen was gefunden wurde:
zum einen der Chip-Installer, den hatte ich mal früher in meiner Dummheit verwendet, mittlerweile lade ich Software immer direkt vom Hersteller, also diese ausführbare Datei wurde nie auf dem System ausgeführt. Ebenso die anderen Funde, die auch im Papierkorb liegen. Das sind Softwareinstaller die nie auf diesem System ausgeführt wurden (zum Glück :D, und auch auf keinem anderen System, das noch in Betrieb ist).


Zum Schluss noch der Log von SecurityCheck:
Code:
Results of screen317's Security Check version 1.001 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java 8 Update 40 
 Java 8 Update 45 
 Adobe Flash Player        17.0.0.188 
 Mozilla Firefox (38.0.1)
 Mozilla Thunderbird (31.7.0)
 Google Chrome (43.0.2357.65)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Da die Funde von ESET nie ausgeführt wurden, reicht ein einfaches Löschen der Dateien?

Grüße

M-K-D-B 26.05.2015 18:09
Servus,


ja, einfach die angezeigten Dateien per Hand löschen. :)


Ich sehe keine Malware in den Logdateien.






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/ghostery_chrome.pngGhostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

rootofallevi 26.05.2015 18:25
Alles wieder aufgeräumt, und infizierte Dateien gelöscht.

Vielen vielen Dank nochmal, auch im Namen meiner Mitbewohner :)

M-K-D-B 26.05.2015 18:32
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131