Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7: User Passwort gelöscht, Programme laufen nicht mehr

Win7: User Passwort gelöscht, Programme laufen nicht mehr


Log-Analyse und Auswertung: Win7: User Passwort gelöscht, Programme laufen nicht mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.11.2014, 18:57   #1
Plagegeist12
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


Hallo!

Vor einiger Zeit war plötzlich mein Zugangspasswort zu Windows gelöscht und einige Programme funktionieren nicht mehr (nur Fehlermeldungen...). Ebenso ist die Kaspersky Internet Security deaktiviert und ich kann sie auch nicht mehr starten...

FRST und MBAM habe ich mal ausgeführt, das wird ja bei den meisten Sachen hier benötigt.

Vielleicht kann mir ja jemand helfen....

Dankeschön!

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.10.2014
Suchlauf-Zeit: 17:59:47
Logdatei: Malware.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.02.05
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: NB-003

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360311
Verstrichene Zeit: 28 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.MailPassView, C:\Users\NB-003\AppData\Local\Temp\Temp2_mailpv.zip\mailpv.exe, , [e914999d1e5e181e948254f2c83d4ab6], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by NB-003 (administrator) on NB-003-TSV on 29-10-2014 17:53:11
Running from C:\Users\NB-003\Downloads
Loaded Profile: NB-003 (Available profiles: NB-003 & NB-003_1)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira) C:\ProgramData\Avira\My Avira\Temp\speedup.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [GDataRegistrationNotifier] => C:\Program Files (x86)\G Data\InternetSecurity\RegNotifier\RegistrationNotifier.exe [2331672 2012-12-10] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\Run: [Power2GoExpress] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: E - E:\pushinst.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {08c8c8df-30a9-11e4-9722-bc05430ef17b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {43f434ec-4112-11e4-8cb2-bc05430ef17b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {574680ad-f253-11e3-ad97-f0def10c034a} - E:\pushinst.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {6b2585cb-415b-11e4-99a9-002710786bd4} - E:\pushinst.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {b51fba56-079e-11e4-adde-bc05430ef17b} - E:\SISetup.exe
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\MountPoints2: {e9c2d589-fa37-11e3-a3fe-bc05430ef17b} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vabtimer.lnk
ShortcutTarget: vabtimer.lnk -> C:\Program Files (x86)\PC-VAB\VABTimer.exe (Schäfer VAB GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tsv1862blaichach.de/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default
FF Homepage: hxxp://www.tsv1862blaichach.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default\Extensions\abs@avira.com [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx []
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx []
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-09] (Lenovo.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [114288 2014-09-27] (Mozilla Foundation)
R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S2 avp; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe" -r [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41712 2013-05-29] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:54 - 2014-11-02 15:54 - 02347384 _____ (ESET) C:\Users\NB-003\Downloads\esetsmartinstaller_deu.exe
2014-11-02 15:54 - 2014-11-02 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-29 17:56 - 2014-10-29 17:56 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Avira
2014-10-29 17:53 - 2014-10-29 17:55 - 00016104 _____ () C:\Users\NB-003\Downloads\FRST.txt
2014-10-29 17:53 - 2014-10-29 17:52 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-29 17:52 - 2014-10-29 17:53 - 00000000 ____D () C:\FRST
2014-10-29 17:50 - 2014-10-29 17:52 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\NB-003\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-29 17:50 - 2014-10-29 17:50 - 02114560 _____ (Farbar) C:\Users\NB-003\Downloads\FRST64.exe
2014-10-29 17:50 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-29 17:50 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-29 17:50 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-29 17:41 - 2014-10-29 17:41 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-29 17:40 - 2014-10-29 17:40 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\NB-003\Downloads\avira_de_av___ws.exe
2014-10-29 17:40 - 2014-10-29 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-29 17:35 - 2014-10-29 17:35 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\MAGIX
2014-10-29 17:35 - 2014-10-29 17:35 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Xara
2014-10-29 17:33 - 2014-10-29 17:33 - 00001432 _____ () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-29 17:33 - 2014-10-29 17:33 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-29 17:32 - 2014-10-29 17:33 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\VirtualStore
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Vorlagen
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Startmenü
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Netzwerkumgebung
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Lokale Einstellungen
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Eigene Dateien
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Druckumgebung
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Documents\Eigene Musik
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Documents\Eigene Bilder
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Local\Verlauf
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Local\Anwendungsdaten
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Anwendungsdaten
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 ____D () C:\Users\NB-003_1
2014-10-29 17:32 - 2013-12-12 21:07 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Microsoft Help
2014-10-29 17:32 - 2013-10-14 09:03 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\PwrMgr
2014-10-29 17:32 - 2013-10-14 08:35 - 00001987 _____ () C:\Users\NB-003_1\Desktop\Microsoft Office.lnk
2014-10-29 17:32 - 2013-08-01 15:43 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Lenovo
2014-10-29 17:32 - 2013-08-01 13:30 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Adobe
2014-10-29 17:32 - 2013-04-29 13:17 - 00000000 ___RD () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 17:32 - 2013-04-29 13:17 - 00000000 ___RD () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 17:32 - 2010-11-21 03:50 - 00000020 ___SH () C:\Users\NB-003_1\ntuser.ini
2014-10-26 21:05 - 2014-10-26 21:05 - 06126536 _____ (Tim Kosse) C:\Users\NB-003\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-26 20:55 - 2014-10-26 20:55 - 00001128 _____ () C:\Users\Public\Desktop\MAGIX Web Designer 10 Premium.lnk
2014-10-26 20:55 - 2014-10-26 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-10-26 20:42 - 2014-10-26 20:53 - 01038704 _____ (Amazon Services LLC) C:\Users\NB-003\Downloads\MAGIX_Web_Designer_10_Premium_Downloader(2).exe
2014-10-25 18:15 - 2014-10-25 18:15 - 00013422 _____ () C:\Users\NB-003\Documents\Werte Heike.xlsx
2014-10-24 16:45 - 2014-10-24 16:45 - 01054912 _____ (Adobe) C:\Users\NB-003\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-24 16:44 - 2014-10-24 16:45 - 00000000 ____D () C:\AdwCleaner
2014-10-24 16:33 - 2014-10-25 16:59 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\TeamViewer
2014-10-24 16:33 - 2014-10-24 16:33 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-24 16:33 - 2014-10-24 16:33 - 00001173 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-24 16:33 - 2014-10-24 16:33 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-24 16:32 - 2014-10-24 16:32 - 06626832 _____ (TeamViewer GmbH) C:\Users\NB-003\Downloads\TeamViewer_Setup_de.exe
2014-10-22 17:51 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-22 17:51 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-22 17:50 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-22 17:50 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-22 17:50 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-22 17:50 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-22 17:50 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-22 17:50 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-22 17:40 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-22 17:40 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-22 17:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-22 17:40 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-22 17:40 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-22 17:40 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-22 17:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-22 17:40 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-22 17:40 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-22 17:40 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-22 17:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-22 17:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-22 17:40 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-22 17:40 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-22 17:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-22 17:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-22 17:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-22 17:40 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-22 17:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-22 17:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-22 17:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-22 17:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-22 17:40 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-22 17:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-22 17:40 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-22 17:40 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-22 17:40 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-22 17:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-22 17:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-22 17:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-22 17:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-22 17:40 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-22 17:40 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-22 17:40 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-22 17:40 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-22 17:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-22 17:40 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-22 17:40 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-22 17:40 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-22 17:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-22 17:40 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-22 17:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-22 17:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-22 17:40 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-22 17:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-22 17:40 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-22 17:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-22 17:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-22 17:40 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-22 17:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-22 17:39 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-22 17:39 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-22 17:39 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-22 17:39 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-22 17:39 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 18:58 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 18:58 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-21 18:58 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 18:58 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-21 18:58 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-21 18:58 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-21 18:58 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-21 18:54 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 18:54 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 18:50 - 2014-10-12 18:50 - 00000000 ____D () C:\Users\NB-003\Desktop\MAGIX Web Designer 10 Premium (Download)
2014-10-12 18:49 - 2014-10-12 18:49 - 01038704 _____ (Amazon Services LLC) C:\Users\NB-003\Downloads\MAGIX_Web_Designer_10_Premium_Downloader(1).exe
2014-10-04 18:55 - 2014-10-04 18:55 - 00000879 _____ () C:\Users\NB-003\AppData\Local\recently-used.xbel
2014-10-02 19:12 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 19:12 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:56 - 2014-09-29 20:56 - 03728357 _____ () C:\Users\NB-003\Downloads\visitenkarten_1.01.exe
2014-09-29 20:56 - 2014-09-29 20:56 - 00001198 _____ () C:\Users\NB-003\Desktop\Visitenkarten In 2 Minuten.lnk
2014-09-29 20:56 - 2014-09-29 20:56 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2014-09-29 20:56 - 2014-09-29 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2014-09-29 20:56 - 2014-09-29 20:56 - 00000000 ____D () C:\Program Files (x86)\Sigel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 16:49 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 15:45 - 2013-10-16 10:52 - 00110472 _____ () C:\Users\NB-003\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 15:28 - 2014-06-12 18:30 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-02 15:28 - 2014-06-12 18:30 - 00007076 _____ () C:\Windows\LkmdfCoInst.log
2014-10-30 19:10 - 2010-11-21 04:47 - 00237238 _____ () C:\Windows\PFRO.log
2014-10-30 19:10 - 2009-07-14 05:45 - 00414280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-29 17:54 - 2009-07-14 05:45 - 00006640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 17:54 - 2009-07-14 05:45 - 00006640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 17:44 - 2013-10-16 09:06 - 01679614 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 17:40 - 2014-08-09 20:04 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Skype
2014-10-29 17:40 - 2010-11-21 07:50 - 00784178 _____ () C:\Windows\system32\perfh007.dat
2014-10-29 17:40 - 2010-11-21 07:50 - 00181060 _____ () C:\Windows\system32\perfc007.dat
2014-10-29 17:40 - 2009-07-14 06:13 - 01845382 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 17:36 - 2013-10-17 21:40 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-29 17:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 17:31 - 2009-07-14 05:51 - 00074255 _____ () C:\Windows\setupact.log
2014-10-29 17:28 - 2014-07-02 18:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 22:10 - 2014-07-20 15:15 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\FileZilla
2014-10-26 20:55 - 2014-08-02 16:41 - 00000000 ___RD () C:\Users\NB-003\Documents\MAGIX
2014-10-24 16:08 - 2014-05-16 13:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-24 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 15:51 - 2013-10-16 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 17:42 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 18:54 - 2013-10-16 12:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 18:47 - 2013-04-29 10:44 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 18:59 - 2014-07-20 15:23 - 00000000 ____D () C:\Program Files (x86)\WebSite X5 v10 - Free
2014-10-11 16:10 - 2014-05-28 18:49 - 00000000 ____D () C:\Users\NB-003\Desktop\TSV 1862 Blaichach e.V
2014-10-05 18:22 - 2014-07-02 19:53 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\7-PDFSplitMerge
2014-10-04 18:56 - 2014-07-20 16:07 - 00000000 ____D () C:\Users\NB-003\.gimp-2.8
2014-10-03 19:17 - 2014-07-20 16:09 - 00000000 ____D () C:\Users\NB-003\AppData\Local\gtk-2.0
2014-09-29 20:58 - 2014-07-02 18:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 20:58 - 2014-07-02 18:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 20:58 - 2014-07-02 18:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:58 - 2013-10-17 20:57 - 00000000 ____D () C:\Users\NB-003\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\NB-003\AppData\Local\Temp\autorun.dll
C:\Users\NB-003\AppData\Local\Temp\avgnt.exe
C:\Users\NB-003\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\NB-003\AppData\Local\Temp\InstallAX.exe
C:\Users\NB-003\AppData\Local\Temp\LMkRstPt.exe
C:\Users\NB-003\AppData\Local\Temp\ose00000.exe
C:\Users\NB-003\AppData\Local\Temp\siinst.exe
C:\Users\NB-003\AppData\Local\Temp\sqlite3.dll
C:\Users\NB-003\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 22:26

==================== End Of Log ============================
FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by NB-003 at 2014-10-29 17:56:38
Running from C:\Users\NB-003\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security (Disabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
DDBAC (HKLM-x32\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2002 - CyberLink Corporation)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.40 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lexware vereinsverwaltung 14 (HKLM-x32\...\{5A816AEA-0681-46F9-A3EF-30F88199A215}) (Version: 14.0 - Lexware)
MediaShow (HKLM-x32\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.4325 - CyberLink Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
PC-VAB (HKLM-x32\...\{DF96259F-0658-47F0-98FF-D38947731113}) (Version: 3.27.0062 - Schäfer VAB Gesellschaft für EDV-Lösungen mbH)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoNow! 1.0 (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 3.0.4310 - CyberLink Corporation)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.2903 - CyberLink Corporation)
PowerDirector Express (HKLM-x32\...\{EDE721EC-870A-11D8-9D75-000129760D75}) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerDVD Copy (HKLM-x32\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.3716a - CyberLink Corporation)
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - Synaptics Incorporated)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM-x32\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{045281D6-AFD2-4cd6-A93D-C07AD6FB20A2}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\SVGFilter.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{0A352EAA-8FF3-404c-AFED-1F9AA02818DD}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\ODPImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{1B00816B-14D7-4442-82B3-15CCF43C0254}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\RTFfilter.dll (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{47C58F72-DD97-4204-9A58-00E0A82E5207}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\TIFFImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{55E4C8A1-601C-407f-9DF5-A2652A241AAE}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\EMFFilter.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{7DCC32F2-DAEF-4CDE-A81A-F45DAA3EB0B0}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\HTMLfilter.dll (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{7F75D6E7-EE09-46d8-A83E-040926610774}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\DocImport\DocImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{86A7051E-BCD5-4d1f-9DC6-94BADC257777}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\PSDFilter.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{B189AF08-C20E-44e6-A12E-3790640BBCD0}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\RAWImport\RAWImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{BD1631EA-6D82-4407-9B96-5B40DA7BCCC1}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\PDFImport\PDFImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{C0908775-F5BD-4caf-B8BE-7138F7EBAAEE}\InprocServer32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\Filters\DEU\PPImport.dll ()
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\WebDesigner.exe (MAGIX Software GmbH)
CustomCLSID: HKU\S-1-5-21-1602883323-1665739586-4230331772-1000_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files\MAGIX\Web Designer 10 Premium\WebDesigner.exe (MAGIX Software GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6703DAFF-14AB-4373-A27A-E256E04E3B5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-29] (Adobe Systems Incorporated)
Task: {8D42D916-E66C-4800-99FE-459783B8A0F5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-09] (Lenovo Group Limited)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 21:40 - 2006-12-19 15:23 - 00272024 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2013-08-01 13:57 - 2013-10-29 01:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-01 15:06 - 2013-01-09 05:40 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-09-19 21:01 - 2014-09-27 17:05 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-12 20:03 - 2014-09-29 20:58 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1602883323-1665739586-4230331772-500 - Administrator - Disabled)
Gast (S-1-5-21-1602883323-1665739586-4230331772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1602883323-1665739586-4230331772-1006 - Limited - Enabled)
NB-003 (S-1-5-21-1602883323-1665739586-4230331772-1000 - Administrator - Enabled) => C:\Users\NB-003
NB-003_1 (S-1-5-21-1602883323-1665739586-4230331772-1007 - Administrator - Enabled) => C:\Users\NB-003_1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 05:33:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 05:33:20 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2540) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (10/29/2014 05:32:40 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2900) WindowsMail1: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (11/02/2014 05:16:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avpui.exe, Version: 15.0.0.463, Zeitstempel: 0x5353b5a4
Name des fehlerhaften Moduls: avpui.exe, Version: 15.0.0.463, Zeitstempel: 0x5353b5a4
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000487a
ID des fehlerhaften Prozesses: 0xc30
Startzeit der fehlerhaften Anwendung: 0xavpui.exe0
Pfad der fehlerhaften Anwendung: avpui.exe1
Pfad des fehlerhaften Moduls: avpui.exe2
Berichtskennung: avpui.exe3

Error: (11/02/2014 05:14:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 05:08:36 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\dbgeng.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Windows-Problemberichterstattung wurde wegen dieses Fehlers geschlossen.

Programm: Windows-Problemberichterstattung
Datei: C:\Windows\System32\dbgeng.dll

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3

Error: (11/02/2014 05:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc607
Name des fehlerhaften Moduls: dbgeng.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c5ab
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00000000001a4c14
ID des fehlerhaften Prozesses: 0x778
Startzeit der fehlerhaften Anwendung: 0xWerFault.exe0
Pfad der fehlerhaften Anwendung: WerFault.exe1
Pfad des fehlerhaften Moduls: WerFault.exe2
Berichtskennung: WerFault.exe3

Error: (11/02/2014 04:53:56 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files\MAGIX\Web Designer 10 Premium\WebDesigner.exe" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm MAGIX Web Designer 10 Premium wurde wegen dieses Fehlers geschlossen.

Programm: MAGIX Web Designer 10 Premium
Datei: C:\Program Files\MAGIX\Web Designer 10 Premium\WebDesigner.exe

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3

Error: (11/02/2014 04:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WebDesigner.exe, Version: 10.1.4.35438, Zeitstempel: 0x541a9470
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0000000000029c42
ID des fehlerhaften Prozesses: 0xe00
Startzeit der fehlerhaften Anwendung: 0xWebDesigner.exe0
Pfad der fehlerhaften Anwendung: WebDesigner.exe1
Pfad des fehlerhaften Moduls: WebDesigner.exe2
Berichtskennung: WebDesigner.exe3

Error: (11/02/2014 04:53:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm NVIDIA User Experience Driver Component wurde wegen dieses Fehlers geschlossen.

Programm: NVIDIA User Experience Driver Component
Datei: C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3


System errors:
=============
Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:40:00 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/29/2014 05:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (06/18/2014 07:34:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 348 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/20/2013 06:58:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 115 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 08:13:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 80 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 08:12:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 136 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 08:11:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 182 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 08:10:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 168 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-16 10:34:54.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 10:34:54.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 10:34:54.708
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 10:34:54.708
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 10:32:33.665
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 10:32:33.587
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 18:49:07.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 18:49:07.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 18:49:07.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 18:49:07.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 28%
Total physical RAM: 8051.67 MB
Available physical RAM: 5752.21 MB
Total Pagefile: 16101.52 MB
Available Pagefile: 13608.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:689.85 GB) (Free:566.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 177F4562)
Partition 1: (Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=689.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 02.11.2014, 19:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________
Alt 02.11.2014, 20:23   #3
Plagegeist12
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


vielen Dank für deine Hilfe.

es wurden leider nix gefunden:

Code:
ATTFilter
20:19:18.0150 0x0fe4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
20:19:32.0492 0x0fe4  ============================================================
20:19:32.0492 0x0fe4  Current date / time: 2014/10/29 20:19:32.0492
20:19:32.0492 0x0fe4  SystemInfo:
20:19:32.0492 0x0fe4  
20:19:32.0492 0x0fe4  OS Version: 6.1.7601 ServicePack: 1.0
20:19:32.0492 0x0fe4  Product type: Workstation
20:19:32.0492 0x0fe4  ComputerName: NB-003-TSV
20:19:32.0493 0x0fe4  UserName: NB-003
20:19:32.0493 0x0fe4  Windows directory: C:\Windows
20:19:32.0493 0x0fe4  System windows directory: C:\Windows
20:19:32.0493 0x0fe4  Running under WOW64
20:19:32.0493 0x0fe4  Processor architecture: Intel x64
20:19:32.0493 0x0fe4  Number of processors: 4
20:19:32.0493 0x0fe4  Page size: 0x1000
20:19:32.0493 0x0fe4  Boot type: Normal boot
20:19:32.0493 0x0fe4  ============================================================
20:19:58.0725 0x0fe4  KLMD registered as C:\Windows\system32\drivers\55228220.sys
20:20:00.0365 0x0fe4  System UUID: {1834014C-826D-8102-A4DC-0CEB8996FC48}
20:20:03.0057 0x0fe4  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:20:03.0057 0x0fe4  ============================================================
20:20:03.0057 0x0fe4  \Device\Harddisk0\DR0:
20:20:03.0057 0x0fe4  MBR partitions:
20:20:03.0057 0x0fe4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x563B1000
20:20:03.0057 0x0fe4  ============================================================
20:20:03.0137 0x0fe4  C: <-> \Device\Harddisk0\DR0\Partition1
20:20:03.0137 0x0fe4  ============================================================
20:20:03.0137 0x0fe4  Initialize success
20:20:03.0137 0x0fe4  ============================================================
20:20:33.0509 0x1208  ============================================================
20:20:33.0509 0x1208  Scan started
20:20:33.0509 0x1208  Mode: Manual; SigCheck; TDLFS; 
20:20:33.0509 0x1208  ============================================================
20:20:33.0509 0x1208  KSN ping started
20:20:44.0943 0x1208  KSN ping finished: true
20:20:46.0633 0x1208  ================ Scan system memory ========================
20:20:46.0633 0x1208  System memory - ok
20:20:46.0633 0x1208  ================ Scan services =============================
20:20:46.0864 0x1208  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:20:46.0964 0x1208  1394ohci - ok
20:20:47.0014 0x1208  [ 0839005949EA2DA7E9420A66614C6649, 2095EC5A6B545BCA20077B53AA7AEB4A00865DC035E22070400F91B068493D74 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
20:20:47.0054 0x1208  5U877 - ok
20:20:47.0084 0x1208  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:20:47.0104 0x1208  ACPI - ok
20:20:47.0124 0x1208  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:20:47.0164 0x1208  AcpiPmi - ok
20:20:47.0294 0x1208  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:20:47.0334 0x1208  AdobeARMservice - ok
20:20:47.0684 0x1208  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:20:47.0694 0x1208  AdobeFlashPlayerUpdateSvc - ok
20:20:47.0744 0x1208  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:20:47.0774 0x1208  adp94xx - ok
20:20:47.0804 0x1208  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:20:47.0844 0x1208  adpahci - ok
20:20:47.0844 0x1208  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:20:47.0874 0x1208  adpu320 - ok
20:20:47.0894 0x1208  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:20:47.0954 0x1208  AeLookupSvc - ok
20:20:48.0014 0x1208  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:20:48.0084 0x1208  AFD - ok
20:20:48.0134 0x1208  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
20:20:48.0284 0x1208  AgereSoftModem - ok
20:20:48.0314 0x1208  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:20:48.0324 0x1208  agp440 - ok
20:20:48.0354 0x1208  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:20:48.0394 0x1208  ALG - ok
20:20:48.0424 0x1208  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:20:48.0444 0x1208  aliide - ok
20:20:48.0444 0x1208  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:20:48.0464 0x1208  amdide - ok
20:20:48.0494 0x1208  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:20:48.0524 0x1208  AmdK8 - ok
20:20:48.0534 0x1208  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:20:48.0554 0x1208  AmdPPM - ok
20:20:48.0564 0x1208  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:20:48.0584 0x1208  amdsata - ok
20:20:48.0604 0x1208  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:20:48.0624 0x1208  amdsbs - ok
20:20:48.0634 0x1208  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:20:48.0644 0x1208  amdxata - ok
20:20:49.0224 0x1208  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:20:49.0244 0x1208  AntiVirSchedulerService - ok
20:20:49.0344 0x1208  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:20:49.0354 0x1208  AntiVirService - ok
20:20:49.0454 0x1208  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:20:49.0564 0x1208  AppID - ok
20:20:49.0604 0x1208  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:20:49.0664 0x1208  AppIDSvc - ok
20:20:49.0704 0x1208  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:20:49.0764 0x1208  Appinfo - ok
20:20:49.0784 0x1208  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:20:49.0844 0x1208  AppMgmt - ok
20:20:49.0854 0x1208  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:20:49.0874 0x1208  arc - ok
20:20:49.0884 0x1208  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:20:49.0904 0x1208  arcsas - ok
20:20:50.0134 0x1208  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:20:50.0214 0x1208  aspnet_state - ok
20:20:50.0244 0x1208  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:20:50.0304 0x1208  AsyncMac - ok
20:20:50.0324 0x1208  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:20:50.0334 0x1208  atapi - ok
20:20:50.0394 0x1208  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:20:50.0504 0x1208  athr - ok
20:20:50.0554 0x1208  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:20:50.0674 0x1208  AudioEndpointBuilder - ok
20:20:50.0694 0x1208  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:20:50.0744 0x1208  AudioSrv - ok
20:20:50.0824 0x1208  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:20:50.0854 0x1208  avgntflt - ok
20:20:50.0894 0x1208  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:20:50.0914 0x1208  avipbb - ok
20:20:51.0214 0x1208  [ F21955927D1C99206A8B91DE2CCE85E1, 26A6155CF46123C489CBE19B5B3E3B0D9ED02C9388E57058724B0FFB7D7C08B5 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:20:51.0224 0x1208  Avira.OE.ServiceHost - ok
20:20:51.0264 0x1208  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:20:51.0274 0x1208  avkmgr - ok
20:20:51.0404 0x1208  [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
20:20:51.0444 0x1208  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
20:20:53.0936 0x1208  Detect skipped due to KSN trusted
20:20:53.0936 0x1208  AVM WLAN Connection Service - ok
20:20:53.0986 0x1208  avp - ok
20:20:54.0026 0x1208  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:20:54.0096 0x1208  AxInstSV - ok
20:20:54.0146 0x1208  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:20:54.0236 0x1208  b06bdrv - ok
20:20:54.0266 0x1208  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:20:54.0326 0x1208  b57nd60a - ok
20:20:54.0366 0x1208  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:20:54.0416 0x1208  BDESVC - ok
20:20:54.0436 0x1208  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:20:54.0476 0x1208  Beep - ok
20:20:54.0536 0x1208  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:20:54.0576 0x1208  BFE - ok
20:20:54.0616 0x1208  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:20:54.0686 0x1208  BITS - ok
20:20:54.0716 0x1208  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:20:54.0736 0x1208  blbdrive - ok
20:20:54.0746 0x1208  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:20:54.0766 0x1208  bowser - ok
20:20:54.0806 0x1208  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:20:54.0826 0x1208  BrFiltLo - ok
20:20:54.0826 0x1208  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:20:54.0846 0x1208  BrFiltUp - ok
20:20:54.0876 0x1208  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:20:54.0906 0x1208  Browser - ok
20:20:54.0916 0x1208  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:20:54.0966 0x1208  Brserid - ok
20:20:54.0966 0x1208  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:20:54.0996 0x1208  BrSerWdm - ok
20:20:54.0996 0x1208  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:20:55.0016 0x1208  BrUsbMdm - ok
20:20:55.0026 0x1208  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:20:55.0046 0x1208  BrUsbSer - ok
20:20:55.0066 0x1208  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:20:55.0086 0x1208  BTHMODEM - ok
20:20:55.0116 0x1208  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:20:55.0166 0x1208  bthserv - ok
20:20:55.0186 0x1208  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:20:55.0236 0x1208  cdfs - ok
20:20:55.0276 0x1208  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:20:55.0296 0x1208  cdrom - ok
20:20:55.0326 0x1208  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:20:55.0366 0x1208  CertPropSvc - ok
20:20:55.0386 0x1208  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:20:55.0406 0x1208  circlass - ok
20:20:55.0426 0x1208  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:20:55.0446 0x1208  CLFS - ok
20:20:55.0586 0x1208  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:55.0606 0x1208  clr_optimization_v2.0.50727_32 - ok
20:20:55.0666 0x1208  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:20:55.0686 0x1208  clr_optimization_v2.0.50727_64 - ok
20:20:55.0766 0x1208  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:55.0986 0x1208  clr_optimization_v4.0.30319_32 - ok
20:20:55.0996 0x1208  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:20:56.0026 0x1208  clr_optimization_v4.0.30319_64 - ok
20:20:56.0066 0x1208  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:20:56.0096 0x1208  CmBatt - ok
20:20:56.0126 0x1208  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:20:56.0146 0x1208  cmdide - ok
20:20:56.0186 0x1208  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:20:56.0226 0x1208  CNG - ok
20:20:56.0276 0x1208  [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2, D7D9D739748A7D1159623738464A92BBEC3AF5734B2A7B44291E2B9F21C91D7F ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:20:56.0306 0x1208  CnxtHdAudService - ok
20:20:56.0326 0x1208  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:20:56.0336 0x1208  Compbatt - ok
20:20:56.0366 0x1208  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:20:56.0416 0x1208  CompositeBus - ok
20:20:56.0436 0x1208  COMSysApp - ok
20:20:56.0456 0x1208  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:20:56.0466 0x1208  crcdisk - ok
20:20:56.0516 0x1208  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:20:56.0566 0x1208  CryptSvc - ok
20:20:56.0576 0x1208  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
20:20:56.0626 0x1208  CSC - ok
20:20:56.0676 0x1208  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
20:20:56.0736 0x1208  CscService - ok
20:20:56.0776 0x1208  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:20:56.0847 0x1208  DcomLaunch - ok
20:20:56.0877 0x1208  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:20:56.0927 0x1208  defragsvc - ok
20:20:56.0927 0x1208  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:20:56.0987 0x1208  DfsC - ok
20:20:57.0007 0x1208  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:20:57.0047 0x1208  Dhcp - ok
20:20:57.0057 0x1208  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:20:57.0107 0x1208  discache - ok
20:20:57.0107 0x1208  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:20:57.0117 0x1208  Disk - ok
20:20:57.0147 0x1208  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:20:57.0187 0x1208  dmvsc - ok
20:20:57.0217 0x1208  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:20:57.0257 0x1208  Dnscache - ok
20:20:57.0287 0x1208  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:20:57.0347 0x1208  dot3svc - ok
20:20:57.0407 0x1208  [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
20:20:57.0437 0x1208  DozeSvc - ok
20:20:57.0447 0x1208  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:20:57.0497 0x1208  DPS - ok
20:20:57.0547 0x1208  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:20:57.0587 0x1208  drmkaud - ok
20:20:57.0787 0x1208  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:20:57.0827 0x1208  DXGKrnl - ok
20:20:57.0887 0x1208  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
20:20:57.0907 0x1208  DzHDD64 - ok
20:20:57.0957 0x1208  [ 477E33019A855D9B8E7B3263CB9A1AE5, F28840936D992C99238AFECBBF03B75047DEDF0EC682C1444036931E4036AFBB ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
20:20:57.0977 0x1208  e1kexpress - ok
20:20:58.0047 0x1208  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:20:58.0097 0x1208  EapHost - ok
20:20:58.0227 0x1208  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:20:58.0407 0x1208  ebdrv - ok
20:20:58.0457 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:20:58.0497 0x1208  EFS - ok
20:20:58.0637 0x1208  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:20:58.0727 0x1208  ehRecvr - ok
20:20:58.0757 0x1208  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:20:58.0807 0x1208  ehSched - ok
20:20:58.0847 0x1208  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:20:58.0887 0x1208  elxstor - ok
20:20:58.0887 0x1208  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:20:58.0927 0x1208  ErrDev - ok
20:20:58.0987 0x1208  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:20:59.0057 0x1208  EventSystem - ok
20:20:59.0087 0x1208  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:20:59.0127 0x1208  exfat - ok
20:20:59.0137 0x1208  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:20:59.0197 0x1208  fastfat - ok
20:20:59.0607 0x1208  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:20:59.0667 0x1208  Fax - ok
20:20:59.0687 0x1208  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:20:59.0707 0x1208  fdc - ok
20:20:59.0717 0x1208  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:20:59.0777 0x1208  fdPHost - ok
20:20:59.0787 0x1208  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:20:59.0827 0x1208  FDResPub - ok
20:20:59.0857 0x1208  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:20:59.0877 0x1208  FileInfo - ok
20:20:59.0887 0x1208  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:20:59.0937 0x1208  Filetrace - ok
20:20:59.0947 0x1208  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:20:59.0957 0x1208  flpydisk - ok
20:20:59.0977 0x1208  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:20:59.0997 0x1208  FltMgr - ok
20:21:00.0067 0x1208  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:21:00.0167 0x1208  FontCache - ok
20:21:00.0217 0x1208  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:21:00.0237 0x1208  FontCache3.0.0.0 - ok
20:21:00.0257 0x1208  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:21:00.0267 0x1208  FsDepends - ok
20:21:00.0277 0x1208  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:21:00.0297 0x1208  Fs_Rec - ok
20:21:00.0307 0x1208  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:21:00.0327 0x1208  fvevol - ok
20:21:00.0407 0x1208  [ 4632BB93B668004965246D7911E2DD05, B4CCFFC488C94A0D82A6CC11A9BA2616B339217164719EABA3CF59913EA899FB ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
20:21:00.0487 0x1208  fwlanusb4 - ok
20:21:00.0507 0x1208  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:21:00.0527 0x1208  gagp30kx - ok
20:21:00.0557 0x1208  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:21:00.0627 0x1208  gpsvc - ok
20:21:00.0647 0x1208  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:21:00.0687 0x1208  hcw85cir - ok
20:21:00.0707 0x1208  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:21:00.0787 0x1208  HdAudAddService - ok
20:21:00.0807 0x1208  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:21:00.0847 0x1208  HDAudBus - ok
20:21:00.0907 0x1208  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
20:21:00.0927 0x1208  HECIx64 - ok
20:21:00.0937 0x1208  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:21:00.0977 0x1208  HidBatt - ok
20:21:00.0977 0x1208  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:21:01.0007 0x1208  HidBth - ok
20:21:01.0017 0x1208  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:21:01.0037 0x1208  HidIr - ok
20:21:01.0037 0x1208  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:21:01.0077 0x1208  hidserv - ok
20:21:01.0107 0x1208  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:21:01.0117 0x1208  HidUsb - ok
20:21:01.0137 0x1208  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:21:01.0187 0x1208  hkmsvc - ok
20:21:01.0237 0x1208  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:21:01.0297 0x1208  HomeGroupListener - ok
20:21:01.0347 0x1208  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:21:01.0377 0x1208  HomeGroupProvider - ok
20:21:01.0387 0x1208  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:21:01.0407 0x1208  HpSAMD - ok
20:21:01.0447 0x1208  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:21:01.0557 0x1208  HTTP - ok
20:21:01.0577 0x1208  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:21:01.0587 0x1208  hwpolicy - ok
20:21:01.0607 0x1208  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:21:01.0637 0x1208  i8042prt - ok
20:21:01.0657 0x1208  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:21:01.0687 0x1208  iaStorV - ok
20:21:01.0747 0x1208  [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:21:01.0767 0x1208  IBMPMDRV - ok
20:21:01.0797 0x1208  [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
20:21:01.0807 0x1208  IBMPMSVC - ok
20:21:01.0919 0x1208  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:21:01.0979 0x1208  idsvc - ok
20:21:01.0999 0x1208  IEEtwCollectorService - ok
20:21:02.0319 0x1208  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:21:02.0629 0x1208  igfx - ok
20:21:02.0659 0x1208  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:21:02.0679 0x1208  iirsp - ok
20:21:02.0819 0x1208  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:21:02.0879 0x1208  IKEEXT - ok
20:21:02.0919 0x1208  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:21:02.0929 0x1208  intelide - ok
20:21:02.0949 0x1208  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:21:02.0959 0x1208  intelppm - ok
20:21:02.0989 0x1208  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:21:03.0049 0x1208  IPBusEnum - ok
20:21:03.0049 0x1208  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:03.0099 0x1208  IpFilterDriver - ok
20:21:03.0159 0x1208  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:21:03.0199 0x1208  iphlpsvc - ok
20:21:03.0209 0x1208  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:21:03.0239 0x1208  IPMIDRV - ok
20:21:03.0259 0x1208  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:21:03.0329 0x1208  IPNAT - ok
20:21:03.0349 0x1208  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:21:03.0379 0x1208  IRENUM - ok
20:21:03.0399 0x1208  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:21:03.0419 0x1208  isapnp - ok
20:21:03.0459 0x1208  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:21:03.0509 0x1208  iScsiPrt - ok
20:21:03.0519 0x1208  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:03.0529 0x1208  kbdclass - ok
20:21:03.0549 0x1208  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:21:03.0579 0x1208  kbdhid - ok
20:21:03.0599 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:21:03.0619 0x1208  KeyIso - ok
20:21:03.0739 0x1208  [ 67D1F7FA1DF9502DE12027D7C7782863, BCB92C1C11A7576FD7E91B160CBC3FB5A0C31FE028305021D7C10EC40C4D5013 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
20:21:03.0779 0x1208  kl1 - ok
20:21:03.0909 0x1208  [ D02B93716FCC770821964272B6604517, 058BF8439D4009867BAA10089423BB5CC762A4B7F193E0EA84E00D42698A9AFE ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
20:21:03.0919 0x1208  klflt - ok
20:21:03.0989 0x1208  [ FE72450279320E5A8470B8862C7AFE41, B73E91AF671D70EA60C10422842427AB6341EFBDF73200326E14B2FD38AF6EB6 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
20:21:04.0019 0x1208  KLIF - ok
20:21:04.0069 0x1208  [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
20:21:04.0079 0x1208  KLIM6 - ok
20:21:04.0119 0x1208  [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
20:21:04.0139 0x1208  klkbdflt - ok
20:21:04.0159 0x1208  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
20:21:04.0179 0x1208  klmouflt - ok
20:21:04.0189 0x1208  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
20:21:04.0199 0x1208  klpd - ok
20:21:04.0239 0x1208  [ 5BB9E329FE48904108BBBF9C73073920, 402E88770C12C9E8D809D2A8C130CA9E5083CDB1D50C38D4CE2F0D24F2D32E82 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
20:21:04.0249 0x1208  kltdi - ok
20:21:04.0319 0x1208  [ D043624FE4AE0A4894A785097C02EF09, 2259CA9BAC73902D291176AB689C101CACE115A8A1C2E6824CC66E928FA27552 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
20:21:04.0339 0x1208  kneps - ok
20:21:04.0419 0x1208  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:21:04.0439 0x1208  KSecDD - ok
20:21:04.0499 0x1208  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:21:04.0519 0x1208  KSecPkg - ok
20:21:04.0559 0x1208  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:21:04.0609 0x1208  ksthunk - ok
20:21:04.0639 0x1208  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:21:04.0689 0x1208  KtmRm - ok
20:21:04.0729 0x1208  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:21:04.0789 0x1208  LanmanServer - ok
20:21:04.0829 0x1208  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:21:04.0879 0x1208  LanmanWorkstation - ok
20:21:04.0939 0x1208  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
20:21:04.0949 0x1208  LEqdUsb - ok
20:21:04.0969 0x1208  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
20:21:04.0989 0x1208  LHidEqd - ok
20:21:05.0029 0x1208  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:21:05.0049 0x1208  LHidFilt - ok
20:21:05.0089 0x1208  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:21:05.0149 0x1208  lltdio - ok
20:21:05.0189 0x1208  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:21:05.0279 0x1208  lltdsvc - ok
20:21:05.0309 0x1208  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:21:05.0339 0x1208  lmhosts - ok
20:21:05.0359 0x1208  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:21:05.0379 0x1208  LMouFilt - ok
20:21:05.0409 0x1208  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:21:05.0429 0x1208  LSI_FC - ok
20:21:05.0429 0x1208  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:21:05.0449 0x1208  LSI_SAS - ok
20:21:05.0459 0x1208  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:21:05.0469 0x1208  LSI_SAS2 - ok
20:21:05.0479 0x1208  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:21:05.0499 0x1208  LSI_SCSI - ok
20:21:05.0529 0x1208  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:21:05.0589 0x1208  luafv - ok
20:21:05.0609 0x1208  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:21:05.0649 0x1208  Mcx2Svc - ok
20:21:05.0649 0x1208  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:21:05.0669 0x1208  megasas - ok
20:21:05.0689 0x1208  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:21:05.0719 0x1208  MegaSR - ok
20:21:05.0749 0x1208  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:21:05.0789 0x1208  MMCSS - ok
20:21:05.0799 0x1208  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:21:05.0849 0x1208  Modem - ok
20:21:05.0879 0x1208  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:21:05.0909 0x1208  monitor - ok
20:21:05.0919 0x1208  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:21:05.0939 0x1208  mouclass - ok
20:21:05.0959 0x1208  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:21:05.0989 0x1208  mouhid - ok
20:21:05.0999 0x1208  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:21:06.0009 0x1208  mountmgr - ok
20:21:06.0099 0x1208  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
20:21:06.0119 0x1208  MozillaMaintenance - ok
20:21:06.0129 0x1208  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:21:06.0149 0x1208  mpio - ok
20:21:06.0179 0x1208  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:21:06.0219 0x1208  mpsdrv - ok
20:21:06.0259 0x1208  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:21:06.0319 0x1208  MpsSvc - ok
20:21:06.0349 0x1208  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:21:06.0389 0x1208  MRxDAV - ok
20:21:06.0399 0x1208  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:06.0429 0x1208  mrxsmb - ok
20:21:06.0459 0x1208  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:06.0489 0x1208  mrxsmb10 - ok
20:21:06.0499 0x1208  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:06.0519 0x1208  mrxsmb20 - ok
20:21:06.0539 0x1208  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:21:06.0559 0x1208  msahci - ok
20:21:06.0579 0x1208  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:21:06.0599 0x1208  msdsm - ok
20:21:06.0619 0x1208  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:21:06.0649 0x1208  MSDTC - ok
20:21:06.0649 0x1208  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:21:06.0699 0x1208  Msfs - ok
20:21:06.0709 0x1208  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:21:06.0759 0x1208  mshidkmdf - ok
20:21:06.0779 0x1208  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:21:06.0789 0x1208  msisadrv - ok
20:21:06.0829 0x1208  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:21:06.0879 0x1208  MSiSCSI - ok
20:21:06.0889 0x1208  msiserver - ok
20:21:06.0911 0x1208  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:21:06.0971 0x1208  MSKSSRV - ok
20:21:06.0971 0x1208  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:07.0011 0x1208  MSPCLOCK - ok
20:21:07.0021 0x1208  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:21:07.0061 0x1208  MSPQM - ok
20:21:07.0071 0x1208  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:21:07.0101 0x1208  MsRPC - ok
20:21:07.0111 0x1208  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:21:07.0121 0x1208  mssmbios - ok
20:21:07.0221 0x1208  MSSQL$SERVEREXP2008 - ok
20:21:07.0281 0x1208  [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:21:07.0301 0x1208  MSSQLServerADHelper100 - ok
20:21:07.0321 0x1208  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:21:07.0371 0x1208  MSTEE - ok
20:21:07.0371 0x1208  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:21:07.0391 0x1208  MTConfig - ok
20:21:07.0401 0x1208  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:21:07.0411 0x1208  Mup - ok
20:21:07.0521 0x1208  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:21:07.0581 0x1208  napagent - ok
20:21:07.0611 0x1208  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:21:07.0671 0x1208  NativeWifiP - ok
20:21:07.0711 0x1208  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:21:07.0741 0x1208  NDIS - ok
20:21:07.0761 0x1208  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:21:07.0811 0x1208  NdisCap - ok
20:21:07.0821 0x1208  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:07.0861 0x1208  NdisTapi - ok
20:21:07.0871 0x1208  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:07.0911 0x1208  Ndisuio - ok
20:21:07.0921 0x1208  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:07.0981 0x1208  NdisWan - ok
20:21:07.0981 0x1208  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:21:08.0031 0x1208  NDProxy - ok
20:21:08.0031 0x1208  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:21:08.0081 0x1208  NetBIOS - ok
20:21:08.0091 0x1208  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:21:08.0151 0x1208  NetBT - ok
20:21:08.0171 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:21:08.0181 0x1208  Netlogon - ok
20:21:08.0221 0x1208  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:21:08.0291 0x1208  Netman - ok
20:21:08.0321 0x1208  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:08.0371 0x1208  NetMsmqActivator - ok
20:21:08.0371 0x1208  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:08.0391 0x1208  NetPipeActivator - ok
20:21:08.0421 0x1208  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:21:08.0471 0x1208  netprofm - ok
20:21:08.0491 0x1208  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:08.0511 0x1208  NetTcpActivator - ok
20:21:08.0521 0x1208  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:08.0531 0x1208  NetTcpPortSharing - ok
20:21:08.0801 0x1208  [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
20:21:09.0121 0x1208  NETw5s64 - ok
20:21:09.0191 0x1208  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:21:09.0211 0x1208  nfrd960 - ok
20:21:09.0231 0x1208  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:21:09.0281 0x1208  NlaSvc - ok
20:21:09.0301 0x1208  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:21:09.0341 0x1208  Npfs - ok
20:21:09.0371 0x1208  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:21:09.0431 0x1208  nsi - ok
20:21:09.0451 0x1208  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:21:09.0501 0x1208  nsiproxy - ok
20:21:09.0581 0x1208  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:21:09.0681 0x1208  Ntfs - ok
20:21:09.0701 0x1208  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:21:09.0741 0x1208  Null - ok
20:21:09.0791 0x1208  [ 805F0C2B9C07E4C0F74D0EF70E9E827A, 32D3DA095788F7F7BA52AC56C8C0DD6D9D388ED3ECEAFEF23EDB8F5812FF953E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:21:09.0811 0x1208  NVHDA - ok
20:21:10.0961 0x1208  [ A51F78816F7F4B5862D9F6E0E0E588C4, 7634A83B60E7496651299690D766EA7AFF185437D3173D10D093ED71D2C13270 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:21:11.0221 0x1208  nvlddmkm - ok
20:21:11.0291 0x1208  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:21:11.0311 0x1208  nvraid - ok
20:21:11.0311 0x1208  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:21:11.0341 0x1208  nvstor - ok
20:21:11.0551 0x1208  [ 5DCB3AE42B3430EDAC80A42BB9BADEB6, FA57B03D10B6BB50D878F4720E30D3753622A711A6DF990FFA8875E409C4678A ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:21:11.0581 0x1208  nvsvc - ok
20:21:11.0601 0x1208  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:21:11.0621 0x1208  nv_agp - ok
20:21:11.0871 0x1208  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:21:11.0911 0x1208  odserv - ok
20:21:11.0911 0x1208  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:21:11.0946 0x1208  ohci1394 - ok
20:21:11.0996 0x1208  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:12.0016 0x1208  ose - ok
20:21:12.0096 0x1208  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:21:12.0146 0x1208  p2pimsvc - ok
20:21:12.0176 0x1208  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:21:12.0226 0x1208  p2psvc - ok
20:21:12.0236 0x1208  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:21:12.0266 0x1208  Parport - ok
20:21:12.0286 0x1208  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:21:12.0306 0x1208  partmgr - ok
20:21:12.0406 0x1208  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:21:12.0446 0x1208  PcaSvc - ok
20:21:12.0466 0x1208  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:21:12.0476 0x1208  pci - ok
20:21:12.0546 0x1208  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:21:12.0556 0x1208  pciide - ok
20:21:12.0586 0x1208  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:21:12.0606 0x1208  pcmcia - ok
20:21:12.0616 0x1208  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:21:12.0626 0x1208  pcw - ok
20:21:12.0766 0x1208  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:21:12.0846 0x1208  PEAUTH - ok
20:21:12.0896 0x1208  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:21:12.0996 0x1208  PeerDistSvc - ok
20:21:13.0126 0x1208  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:21:13.0156 0x1208  PerfHost - ok
20:21:13.0236 0x1208  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:21:13.0376 0x1208  pla - ok
20:21:13.0426 0x1208  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:21:13.0476 0x1208  PlugPlay - ok
20:21:13.0496 0x1208  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:21:13.0526 0x1208  PNRPAutoReg - ok
20:21:13.0556 0x1208  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:21:13.0576 0x1208  PNRPsvc - ok
20:21:13.0626 0x1208  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:21:13.0716 0x1208  PolicyAgent - ok
20:21:13.0726 0x1208  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:21:13.0796 0x1208  Power - ok
20:21:13.0886 0x1208  [ 9D1F6EAD9EC4F2B1FBC87194E0AB37E2, 8523B57F145E2B53B775487A8B2C0F0EF681AD09577D61C7EC55C7CFF986BFCD ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:21:13.0946 0x1208  Power Manager DBC Service - ok
20:21:14.0006 0x1208  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:21:14.0056 0x1208  PptpMiniport - ok
20:21:14.0096 0x1208  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:21:14.0126 0x1208  Processor - ok
20:21:14.0146 0x1208  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:21:14.0196 0x1208  ProfSvc - ok
20:21:14.0216 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:21:14.0226 0x1208  ProtectedStorage - ok
20:21:14.0246 0x1208  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:21:14.0296 0x1208  Psched - ok
20:21:14.0366 0x1208  [ 4751E1872446CE21207E43AE4C0EC52A, 43FBB60709EA8AAF2D048EAC1C8837B2DE8F354727EE34E20C00C749659F3F9C ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
20:21:14.0466 0x1208  PwmEWSvc - ok
20:21:14.0786 0x1208  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:21:14.0846 0x1208  ql2300 - ok
20:21:14.0876 0x1208  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:21:14.0896 0x1208  ql40xx - ok
20:21:14.0916 0x1208  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:21:14.0956 0x1208  QWAVE - ok
20:21:14.0966 0x1208  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:21:14.0986 0x1208  QWAVEdrv - ok
20:21:14.0996 0x1208  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:21:15.0036 0x1208  RasAcd - ok
20:21:15.0076 0x1208  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:21:15.0116 0x1208  RasAgileVpn - ok
20:21:15.0136 0x1208  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:21:15.0186 0x1208  RasAuto - ok
20:21:15.0216 0x1208  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:15.0256 0x1208  Rasl2tp - ok
20:21:15.0296 0x1208  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:21:15.0346 0x1208  RasMan - ok
20:21:15.0356 0x1208  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:15.0406 0x1208  RasPppoe - ok
20:21:15.0416 0x1208  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:21:15.0456 0x1208  RasSstp - ok
20:21:15.0466 0x1208  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:21:15.0526 0x1208  rdbss - ok
20:21:15.0546 0x1208  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:21:15.0566 0x1208  rdpbus - ok
20:21:15.0576 0x1208  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:15.0616 0x1208  RDPCDD - ok
20:21:15.0626 0x1208  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:21:15.0656 0x1208  RDPDR - ok
20:21:15.0676 0x1208  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:21:15.0726 0x1208  RDPENCDD - ok
20:21:15.0726 0x1208  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:21:15.0766 0x1208  RDPREFMP - ok
20:21:15.0816 0x1208  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:21:15.0856 0x1208  RdpVideoMiniport - ok
20:21:15.0906 0x1208  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:21:15.0956 0x1208  RDPWD - ok
20:21:15.0976 0x1208  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:21:15.0986 0x1208  rdyboost - ok
20:21:16.0016 0x1208  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:21:16.0076 0x1208  RemoteAccess - ok
20:21:16.0116 0x1208  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:21:16.0176 0x1208  RemoteRegistry - ok
20:21:16.0316 0x1208  [ 4D05898896EC49CF663DDA61041AB096, 1218A0AD84946F2555773D529F3D55D7B675780EC1E79A634ED0FECF8D5C9C6D ] RichVideo       C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:21:16.0346 0x1208  RichVideo - ok
20:21:16.0376 0x1208  [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci         C:\Windows\system32\drivers\rimspe64.sys
20:21:16.0396 0x1208  rimspci - ok
20:21:16.0416 0x1208  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:21:16.0446 0x1208  RpcEptMapper - ok
20:21:16.0506 0x1208  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:21:16.0536 0x1208  RpcLocator - ok
20:21:16.0566 0x1208  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:21:16.0606 0x1208  RpcSs - ok
20:21:16.0616 0x1208  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:21:16.0676 0x1208  rspndr - ok
20:21:16.0706 0x1208  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:21:16.0736 0x1208  s3cap - ok
20:21:16.0746 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:21:16.0756 0x1208  SamSs - ok
20:21:16.0776 0x1208  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:21:16.0796 0x1208  sbp2port - ok
20:21:16.0826 0x1208  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:21:16.0876 0x1208  SCardSvr - ok
20:21:16.0886 0x1208  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:21:16.0936 0x1208  scfilter - ok
20:21:17.0046 0x1208  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:21:17.0166 0x1208  Schedule - ok
20:21:17.0186 0x1208  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:21:17.0226 0x1208  SCPolicySvc - ok
20:21:17.0226 0x1208  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:21:17.0256 0x1208  sdbus - ok
20:21:17.0286 0x1208  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:21:17.0336 0x1208  SDRSVC - ok
20:21:17.0356 0x1208  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:21:17.0396 0x1208  secdrv - ok
20:21:17.0406 0x1208  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:21:17.0446 0x1208  seclogon - ok
20:21:17.0456 0x1208  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:21:17.0506 0x1208  SENS - ok
20:21:17.0526 0x1208  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:21:17.0556 0x1208  SensrSvc - ok
20:21:17.0586 0x1208  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:21:17.0616 0x1208  Serenum - ok
20:21:17.0616 0x1208  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
20:21:17.0656 0x1208  Serial - ok
20:21:17.0656 0x1208  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:21:17.0676 0x1208  sermouse - ok
20:21:17.0706 0x1208  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:21:17.0756 0x1208  SessionEnv - ok
20:21:17.0756 0x1208  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:21:17.0776 0x1208  sffdisk - ok
20:21:17.0776 0x1208  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:21:17.0796 0x1208  sffp_mmc - ok
20:21:17.0796 0x1208  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:21:17.0836 0x1208  sffp_sd - ok
20:21:17.0836 0x1208  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:21:17.0856 0x1208  sfloppy - ok
20:21:17.0886 0x1208  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:21:17.0976 0x1208  SharedAccess - ok
20:21:18.0026 0x1208  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:21:18.0066 0x1208  ShellHWDetection - ok
20:21:18.0086 0x1208  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:21:18.0106 0x1208  SiSRaid2 - ok
20:21:18.0106 0x1208  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:21:18.0126 0x1208  SiSRaid4 - ok
20:21:18.0136 0x1208  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:21:18.0186 0x1208  Smb - ok
20:21:18.0206 0x1208  [ A95303DC547FFD717C15E526EBF7547C, 662311E7CC72D7CF6654E56F76EDF455B48DF4E3C9A2549A81FF3E69C82E7725 ] SmbDrv          C:\Windows\system32\drivers\Smb_driver_AMDASF.sys
20:21:18.0226 0x1208  SmbDrv - ok
20:21:18.0246 0x1208  [ 89614254910F75919B610E3E9F6E63B3, 0D90E44DDAF1CCF993EA2391142C9107177986CE1FF61DAA6653B41A1902E1A3 ] SmbDrvI         C:\Windows\system32\drivers\Smb_driver_Intel.sys
20:21:18.0266 0x1208  SmbDrvI - ok
20:21:18.0276 0x1208  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:21:18.0306 0x1208  SNMPTRAP - ok
20:21:18.0336 0x1208  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:21:18.0346 0x1208  spldr - ok
20:21:18.0356 0x1208  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:21:18.0396 0x1208  Spooler - ok
20:21:18.0496 0x1208  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:21:18.0656 0x1208  sppsvc - ok
20:21:18.0686 0x1208  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:21:18.0736 0x1208  sppuinotify - ok
20:21:18.0806 0x1208  [ 944B774D2B296E21C32FDADF255A83EB, C84A529D188815BC73F9EDF2CA877FE149C80569103040B8F5B3D04C54975CEA ] SQLAgent$SERVEREXP2008 c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE
20:21:18.0846 0x1208  SQLAgent$SERVEREXP2008 - ok
20:21:18.0896 0x1208  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB, EE66162AEAF6A583A04BB5AF1220318C9ADD3A62987CDCEE0505C6FF37AB30FF ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:21:18.0916 0x1208  SQLBrowser - ok
20:21:19.0096 0x1208  [ F92E5F93BE572B512DA3C016B675EDE0, 3BBE8B952A329E4BCD6F0C8D6225F809B99217A196301B6FE543B26C3689A37B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:21:19.0116 0x1208  SQLWriter - ok
20:21:19.0206 0x1208  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:21:19.0256 0x1208  srv - ok
20:21:19.0276 0x1208  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:21:19.0326 0x1208  srv2 - ok
20:21:19.0376 0x1208  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:21:19.0416 0x1208  SrvHsfHDA - ok
20:21:19.0476 0x1208  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:21:19.0596 0x1208  SrvHsfV92 - ok
20:21:19.0616 0x1208  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:21:19.0656 0x1208  SrvHsfWinac - ok
20:21:19.0666 0x1208  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:21:19.0686 0x1208  srvnet - ok
20:21:19.0726 0x1208  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:21:19.0766 0x1208  SSDPSRV - ok
20:21:19.0776 0x1208  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:21:19.0816 0x1208  SstpSvc - ok
20:21:19.0836 0x1208  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:21:19.0856 0x1208  stexstor - ok
20:21:19.0906 0x1208  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:21:19.0966 0x1208  stisvc - ok
20:21:19.0986 0x1208  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:21:19.0996 0x1208  storflt - ok
20:21:20.0006 0x1208  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
20:21:20.0046 0x1208  StorSvc - ok
20:21:20.0056 0x1208  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:21:20.0066 0x1208  storvsc - ok
20:21:20.0106 0x1208  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:21:20.0116 0x1208  swenum - ok
20:21:20.0156 0x1208  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:21:20.0226 0x1208  swprv - ok
20:21:20.0266 0x1208  [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP           C:\Windows\system32\drivers\SynTP.sys
20:21:20.0286 0x1208  SynTP - ok
20:21:20.0346 0x1208  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:21:20.0486 0x1208  SysMain - ok
20:21:20.0496 0x1208  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:21:20.0526 0x1208  TabletInputService - ok
20:21:20.0586 0x1208  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:21:20.0646 0x1208  TapiSrv - ok
20:21:20.0686 0x1208  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:21:20.0726 0x1208  TBS - ok
20:21:20.0806 0x1208  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:21:20.0976 0x1208  Tcpip - ok
20:21:21.0046 0x1208  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:21:21.0096 0x1208  TCPIP6 - ok
20:21:21.0186 0x1208  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:21:21.0236 0x1208  tcpipreg - ok
20:21:21.0246 0x1208  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:21:21.0286 0x1208  TDPIPE - ok
20:21:21.0286 0x1208  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:21:21.0326 0x1208  TDTCP - ok
20:21:21.0326 0x1208  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:21:21.0366 0x1208  tdx - ok
20:21:21.0376 0x1208  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:21:21.0396 0x1208  TermDD - ok
20:21:21.0446 0x1208  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
20:21:21.0486 0x1208  terminpt - ok
20:21:21.0546 0x1208  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
20:21:21.0596 0x1208  TermService - ok
20:21:21.0616 0x1208  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:21:21.0636 0x1208  Themes - ok
20:21:21.0666 0x1208  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:21:21.0706 0x1208  THREADORDER - ok
20:21:21.0766 0x1208  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
20:21:21.0786 0x1208  TPM - ok
20:21:21.0826 0x1208  [ 6EE437A872E0184D6D09F65C5EA0AABA, BA3351A37B072FE687A8637C517BCA001023ED6CEB9D91E949609F4FD15A62BF ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
20:21:21.0836 0x1208  TPPWRIF - ok
20:21:21.0856 0x1208  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:21:21.0916 0x1208  TrkWks - ok
20:21:22.0038 0x1208  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:21:22.0078 0x1208  TrustedInstaller - ok
20:21:22.0148 0x1208  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:22.0188 0x1208  tssecsrv - ok
20:21:22.0228 0x1208  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:21:22.0278 0x1208  TsUsbFlt - ok
20:21:22.0308 0x1208  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:21:22.0348 0x1208  TsUsbGD - ok
20:21:22.0368 0x1208  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:21:22.0428 0x1208  tunnel - ok
20:21:22.0428 0x1208  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:21:22.0448 0x1208  uagp35 - ok
20:21:22.0458 0x1208  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:21:22.0518 0x1208  udfs - ok
20:21:22.0528 0x1208  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:21:22.0558 0x1208  UI0Detect - ok
20:21:22.0588 0x1208  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:21:22.0608 0x1208  uliagpkx - ok
20:21:22.0618 0x1208  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:21:22.0648 0x1208  umbus - ok
20:21:22.0678 0x1208  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:21:22.0698 0x1208  UmPass - ok
20:21:22.0738 0x1208  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:21:22.0768 0x1208  UmRdpService - ok
20:21:22.0798 0x1208  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:21:22.0868 0x1208  upnphost - ok
20:21:22.0908 0x1208  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:22.0948 0x1208  usbccgp - ok
20:21:22.0988 0x1208  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:21:23.0028 0x1208  usbcir - ok
20:21:23.0058 0x1208  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:21:23.0088 0x1208  usbehci - ok
20:21:23.0138 0x1208  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:21:23.0168 0x1208  usbhub - ok
20:21:23.0218 0x1208  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:21:23.0238 0x1208  usbohci - ok
20:21:23.0268 0x1208  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:21:23.0308 0x1208  usbprint - ok
20:21:23.0318 0x1208  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:21:23.0358 0x1208  usbscan - ok
20:21:23.0368 0x1208  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:23.0408 0x1208  USBSTOR - ok
20:21:23.0428 0x1208  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:21:23.0438 0x1208  usbuhci - ok
20:21:23.0478 0x1208  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:21:23.0518 0x1208  usbvideo - ok
20:21:23.0548 0x1208  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:21:23.0608 0x1208  UxSms - ok
20:21:23.0618 0x1208  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:21:23.0638 0x1208  VaultSvc - ok
20:21:23.0658 0x1208  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:21:23.0678 0x1208  vdrvroot - ok
20:21:23.0718 0x1208  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:21:23.0798 0x1208  vds - ok
20:21:23.0808 0x1208  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:23.0838 0x1208  vga - ok
20:21:23.0848 0x1208  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:21:23.0908 0x1208  VgaSave - ok
20:21:23.0918 0x1208  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:21:23.0938 0x1208  vhdmp - ok
20:21:23.0968 0x1208  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:21:23.0988 0x1208  viaide - ok
20:21:24.0008 0x1208  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:21:24.0028 0x1208  vmbus - ok
20:21:24.0038 0x1208  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:21:24.0058 0x1208  VMBusHID - ok
20:21:24.0078 0x1208  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:21:24.0098 0x1208  volmgr - ok
20:21:24.0118 0x1208  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:21:24.0148 0x1208  volmgrx - ok
20:21:24.0178 0x1208  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:21:24.0188 0x1208  volsnap - ok
20:21:24.0228 0x1208  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:21:24.0248 0x1208  vsmraid - ok
20:21:24.0308 0x1208  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:21:24.0458 0x1208  VSS - ok
20:21:24.0478 0x1208  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:21:24.0518 0x1208  vwifibus - ok
20:21:24.0548 0x1208  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:21:24.0588 0x1208  vwififlt - ok
20:21:24.0598 0x1208  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:21:24.0638 0x1208  W32Time - ok
20:21:24.0658 0x1208  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:21:24.0678 0x1208  WacomPen - ok
20:21:24.0688 0x1208  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:21:24.0748 0x1208  WANARP - ok
20:21:24.0758 0x1208  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:21:24.0788 0x1208  Wanarpv6 - ok
20:21:24.0918 0x1208  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:21:24.0998 0x1208  WatAdminSvc - ok
20:21:25.0348 0x1208  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:21:25.0438 0x1208  wbengine - ok
20:21:25.0458 0x1208  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:21:25.0508 0x1208  WbioSrvc - ok
20:21:25.0528 0x1208  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:21:25.0578 0x1208  wcncsvc - ok
20:21:25.0598 0x1208  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:21:25.0658 0x1208  WcsPlugInService - ok
20:21:25.0678 0x1208  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:21:25.0698 0x1208  Wd - ok
20:21:25.0768 0x1208  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:21:25.0818 0x1208  Wdf01000 - ok
20:21:25.0828 0x1208  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:21:25.0938 0x1208  WdiServiceHost - ok
20:21:25.0938 0x1208  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:21:25.0958 0x1208  WdiSystemHost - ok
20:21:25.0998 0x1208  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:21:26.0048 0x1208  WebClient - ok
20:21:26.0068 0x1208  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:21:26.0138 0x1208  Wecsvc - ok
20:21:26.0158 0x1208  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:21:26.0188 0x1208  wercplsupport - ok
20:21:26.0198 0x1208  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:21:26.0238 0x1208  WerSvc - ok
20:21:26.0268 0x1208  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:21:26.0308 0x1208  WfpLwf - ok
20:21:26.0318 0x1208  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:21:26.0338 0x1208  WIMMount - ok
20:21:26.0348 0x1208  WinDefend - ok
20:21:26.0358 0x1208  WinHttpAutoProxySvc - ok
20:21:26.0538 0x1208  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:21:26.0588 0x1208  Winmgmt - ok
20:21:26.0668 0x1208  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:21:26.0798 0x1208  WinRM - ok
20:21:26.0858 0x1208  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:21:26.0938 0x1208  Wlansvc - ok
20:21:26.0968 0x1208  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:21:26.0999 0x1208  WmiAcpi - ok
20:21:27.0039 0x1208  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:21:27.0069 0x1208  wmiApSrv - ok
20:21:27.0109 0x1208  WMPNetworkSvc - ok
20:21:27.0119 0x1208  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:21:27.0149 0x1208  WPCSvc - ok
20:21:27.0169 0x1208  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:21:27.0189 0x1208  WPDBusEnum - ok
20:21:27.0209 0x1208  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:21:27.0269 0x1208  ws2ifsl - ok
20:21:27.0289 0x1208  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:21:27.0319 0x1208  wscsvc - ok
20:21:27.0329 0x1208  WSearch - ok
20:21:27.0989 0x1208  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:21:28.0059 0x1208  wuauserv - ok
20:21:28.0069 0x1208  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:21:28.0109 0x1208  WudfPf - ok
20:21:28.0149 0x1208  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:28.0179 0x1208  WUDFRd - ok
20:21:28.0199 0x1208  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:21:28.0239 0x1208  wudfsvc - ok
20:21:28.0269 0x1208  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:21:28.0339 0x1208  WwanSvc - ok
20:21:28.0369 0x1208  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
20:21:28.0429 0x1208  yukonw7 - ok
20:21:28.0469 0x1208  ================ Scan global ===============================
20:21:28.0489 0x1208  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:21:28.0569 0x1208  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:21:28.0579 0x1208  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:21:28.0639 0x1208  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:21:28.0709 0x1208  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:21:28.0719 0x1208  [ Global ] - ok
20:21:28.0719 0x1208  ================ Scan MBR ==================================
20:21:28.0739 0x1208  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:21:29.0469 0x1208  \Device\Harddisk0\DR0 - ok
20:21:29.0469 0x1208  ================ Scan VBR ==================================
20:21:29.0469 0x1208  [ C08E8E8E8DB557B055591AF20A2F5732 ] \Device\Harddisk0\DR0\Partition1
20:21:29.0469 0x1208  \Device\Harddisk0\DR0\Partition1 - ok
20:21:29.0469 0x1208  ================ Scan generic autorun ======================
20:21:29.0469 0x1208  SynTPEnh - ok
20:21:29.0529 0x1208  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
20:21:29.0549 0x1208  Logitech Download Assistant - ok
20:21:29.0559 0x1208  PWMTRV - ok
20:21:29.0659 0x1208  [ 0307536FD43CC7BFB92F9DAC8DB913F1, 6C8BEDA4ADFBEF28E647B39B3EEA37A20BFE5C93C7EDA79471EFB46156197843 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
20:21:29.0679 0x1208  RotateImage - detected UnsignedFile.Multi.Generic ( 1 )
20:21:32.0151 0x1208  Detect skipped due to KSN trusted
20:21:32.0151 0x1208  RotateImage - ok
20:21:32.0381 0x1208  [ 1C3313CE03BE33D56B577E4CF9B9D320, 8EADD89BB690AC8A35358CFE58672CC93D5D825B6715460592D71AE29CD8C617 ] C:\Program Files (x86)\G Data\InternetSecurity\RegNotifier\RegistrationNotifier.exe
20:21:32.0461 0x1208  GDataRegistrationNotifier - ok
20:21:32.0531 0x1208  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:21:32.0591 0x1208  Adobe ARM - ok
20:21:32.0641 0x1208  [ B2B2FE2671DD98A322B0AD7079C0B2B2, A9148336C9A6E44A089514C9BDA22704EB5EFC4069F07ED31E75330D48B4DF97 ] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
20:21:32.0661 0x1208  RemoteControl - ok
20:21:32.0771 0x1208  [ A4E85BDA66CF4DE8070D6F744D181C12, ACF577B0CE6EA1E167389BB32E7F07E0D8CF487B22828455698B042A37CF15B4 ] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe
20:21:32.0801 0x1208  LanguageShortcut - detected UnsignedFile.Multi.Generic ( 1 )
20:21:35.0261 0x1208  Detect skipped due to KSN trusted
20:21:35.0261 0x1208  LanguageShortcut - ok
20:21:35.0411 0x1208  [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:21:35.0431 0x1208  PDFPrint - ok
20:21:35.0681 0x1208  [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
20:21:35.0761 0x1208  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
20:21:38.0232 0x1208  Detect skipped due to KSN trusted
20:21:38.0232 0x1208  AVMWlanClient - ok
20:21:38.0362 0x1208  [ 5909C378DF9132FC91F50AF70A53455A, E13CE76ABAFA459BFDB4B7806E73BF57217D0800206FC24805E66573F3670604 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:21:38.0372 0x1208  Avira Systray - ok
20:21:38.0742 0x1208  [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:21:38.0772 0x1208  avgnt - ok
20:21:38.0862 0x1208  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:21:38.0992 0x1208  Sidebar - ok
20:21:39.0022 0x1208  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:21:39.0052 0x1208  mctadmin - ok
20:21:39.0082 0x1208  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:21:39.0122 0x1208  Sidebar - ok
20:21:39.0132 0x1208  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:21:39.0152 0x1208  mctadmin - ok
20:21:39.0152 0x1208  Waiting for KSN requests completion. In queue: 7
20:21:40.0152 0x1208  Waiting for KSN requests completion. In queue: 7
20:21:41.0152 0x1208  Waiting for KSN requests completion. In queue: 7
20:21:42.0304 0x1208  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
20:21:42.0344 0x1208  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmiav.exe ( 15.0.0.463 ), 0x40010 ( disabled : outofdate )
20:21:42.0364 0x1208  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmifw.exe ( 15.0.0.463 ), 0x40010 ( disabled )
20:21:42.0394 0x1208  Win FW state via NFP2: enabled
20:21:44.0804 0x1208  ============================================================
20:21:44.0804 0x1208  Scan finished
20:21:44.0804 0x1208  ============================================================
20:21:44.0804 0x12b0  Detected object count: 0
20:21:44.0804 0x12b0  Actual detected object count: 0
__________________
Alt 03.11.2014, 16:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.11.2014, 20:17   #5
Plagegeist12
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


Hi schrauber,

es wird leider kein Log erstellt..... Obwohl ich alles wie beschrieben mache und der combofix auch ganz normal durchläuft.

ich habe lediglich folgenden neuen "Ordner" der "Combofix" heißt, klick ich drauf komm ich auf den Computer (Arbeitsplatz)?!

Kannst du mir helfen?

DANKE


Alt 04.11.2014, 10:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


Combofix löschen und neu laden, nochmal laufen lassen. dann:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Win7: User Passwort gelöscht, Programme laufen nicht mehr

Alt 07.11.2014, 18:31   #7
Plagegeist12
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr


Hi,

hier die neuen Logs, wundere dich bitte nicht: ich musste das Datum einige Tage zurücksetzen.....

Combofix:
Code:
ATTFilter
ComboFix 14-10-29.01 - NB-003 03.11.2014  16:22:38.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8052.6264 [GMT 1:00]
ausgeführt von:: c:\users\NB-003\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security *Disabled/Outdated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NB-003\AppData\Local\Microsoft\Windows\Temporary Internet Files\eportoZip
c:\users\NB-003\AppData\Local\Microsoft\Windows\Temporary Internet Files\pplCsv.txt
c:\users\NB-003\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempCsv.txt
c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-03 bis 2014-11-03  ))))))))))))))))))))))))))))))
.
.
2014-11-03 15:39 . 2014-11-03 15:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-02 14:54 . 2014-11-02 14:54	--------	d-----w-	c:\program files (x86)\ESET
2014-11-01 21:14 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC1338C-3507-46C7-83AA-E938E812D821}\mpengine.dll
2014-10-29 16:59 . 2014-10-29 16:59	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 16:58 . 2014-10-29 16:58	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-10-29 16:58 . 2014-10-29 16:58	--------	d-----w-	c:\programdata\Malwarebytes
2014-10-29 16:58 . 2014-10-01 10:11	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-10-29 16:58 . 2014-10-01 10:11	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 16:58 . 2014-10-01 10:11	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-10-29 16:56 . 2014-10-29 16:56	--------	d-----w-	c:\users\NB-003\AppData\Roaming\Avira
2014-10-29 16:53 . 2014-10-29 16:52	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-29 16:52 . 2014-10-29 16:57	--------	d-----w-	C:\FRST
2014-10-29 16:50 . 2014-09-24 11:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-10-29 16:50 . 2014-09-24 11:44	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-29 16:50 . 2014-09-24 11:44	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-10-29 16:41 . 2014-10-29 16:50	--------	d-----w-	c:\program files (x86)\Avira
2014-10-29 16:41 . 2014-10-29 16:50	--------	d-----w-	c:\programdata\Avira
2014-10-29 16:40 . 2014-10-29 16:40	--------	d-----w-	c:\programdata\Package Cache
2014-10-29 16:32 . 2014-10-29 16:32	--------	d-----w-	c:\users\NB-003_1
2014-10-24 15:44 . 2014-10-24 15:45	--------	d-----w-	C:\AdwCleaner
2014-10-24 15:33 . 2014-10-25 15:59	--------	d-----w-	c:\users\NB-003\AppData\Roaming\TeamViewer
2014-10-24 15:33 . 2014-10-24 15:33	--------	d-----w-	c:\program files (x86)\TeamViewer
2014-10-22 16:51 . 2014-09-18 02:00	3241472	----a-w-	c:\windows\system32\msi.dll
2014-10-22 16:51 . 2014-09-18 01:32	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-22 16:50 . 2014-07-17 02:07	681984	----a-w-	c:\windows\system32\termsrv.dll
2014-10-22 16:50 . 2014-07-17 02:07	235520	----a-w-	c:\windows\system32\winsta.dll
2014-10-22 16:50 . 2014-07-17 01:40	157696	----a-w-	c:\windows\SysWow64\winsta.dll
2014-10-22 16:50 . 2014-07-17 01:21	212480	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2014-10-22 16:50 . 2014-07-17 02:07	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-10-22 16:50 . 2014-07-17 02:07	150528	----a-w-	c:\windows\system32\rdpcorekmts.dll
2014-10-22 16:50 . 2014-07-17 02:07	455168	----a-w-	c:\windows\system32\winlogon.exe
2014-10-22 16:50 . 2014-07-17 01:39	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-10-22 16:50 . 2014-07-17 02:07	22016	----a-w-	c:\windows\system32\credssp.dll
2014-10-22 16:50 . 2014-07-17 01:39	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-10-22 16:50 . 2014-07-17 01:21	39936	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2014-10-22 16:39 . 2014-09-29 00:58	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-22 16:39 . 2014-06-18 22:23	73880	----a-w-	c:\windows\system32\mscories.dll
2014-10-22 16:39 . 2014-06-18 22:23	1943696	----a-w-	c:\windows\system32\dfshim.dll
2014-10-22 16:39 . 2014-06-18 22:23	156312	----a-w-	c:\windows\system32\mscorier.dll
2014-10-22 16:39 . 2014-06-18 22:23	156824	----a-w-	c:\windows\SysWow64\mscorier.dll
2014-10-22 16:39 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\SysWow64\dfshim.dll
2014-10-22 16:39 . 2014-06-18 22:23	81560	----a-w-	c:\windows\SysWow64\mscories.dll
2014-10-22 16:39 . 2014-10-10 02:05	276480	----a-w-	c:\windows\system32\generaltel.dll
2014-10-22 16:39 . 2014-10-10 02:05	507392	----a-w-	c:\windows\system32\aepdu.dll
2014-10-22 16:39 . 2014-10-10 02:00	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-10-21 17:58 . 2014-08-29 02:07	44032	----a-w-	c:\windows\system32\tsgqec.dll
2014-10-21 17:58 . 2014-08-29 02:07	322560	----a-w-	c:\windows\system32\aaclient.dll
2014-10-21 17:58 . 2014-08-29 02:06	1125888	----a-w-	c:\windows\system32\mstsc.exe
2014-10-21 17:58 . 2014-08-29 01:44	37376	----a-w-	c:\windows\SysWow64\tsgqec.dll
2014-10-21 17:58 . 2014-08-29 01:44	4922368	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-10-21 17:58 . 2014-08-29 01:44	269312	----a-w-	c:\windows\SysWow64\aaclient.dll
2014-10-21 17:58 . 2014-08-29 01:44	1050112	----a-w-	c:\windows\SysWow64\mstsc.exe
2014-10-21 17:58 . 2014-08-29 02:07	5780480	----a-w-	c:\windows\system32\mstscax.dll
2014-10-21 17:58 . 2014-08-29 02:07	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2014-10-21 17:58 . 2014-09-04 05:23	424448	----a-w-	c:\windows\system32\rastls.dll
2014-10-21 17:58 . 2014-09-04 05:04	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-10-21 17:54 . 2014-09-13 01:58	77312	----a-w-	c:\windows\system32\packager.dll
2014-10-21 17:54 . 2014-09-13 01:40	67072	----a-w-	c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-02 14:28 . 2014-06-12 17:30	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-10-28 05:34 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-21 17:47 . 2013-04-29 09:44	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-09-29 19:58 . 2014-07-02 17:05	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-29 19:58 . 2014-07-02 17:05	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:08 . 2014-10-02 18:12	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-02 18:12	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-26 14:05	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-26 14:05	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-25 17:45 . 2014-08-25 17:22	140352	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-08-25 17:45 . 2014-08-25 17:22	792128	----a-w-	c:\windows\system32\drivers\klif.sys
2014-08-23 02:07 . 2014-08-29 15:45	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 15:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-01-09 6000936]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"GDataRegistrationNotifier"="c:\program files (x86)\G Data\InternetSecurity\RegNotifier\RegistrationNotifier.exe" [2012-12-10 2331672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-09-24 703736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
vabtimer.lnk - c:\program files (x86)\PC-VAB\VABTimer.exe [2014-1-13 1984512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SERVEREXP2008;SQL Server-Agent (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 MSSQL$SERVEREXP2008;SQL Server (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-02 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tsv1862blaichach.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Power2GoExpress - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk - c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-03  16:41:42
ComboFix-quarantined-files.txt  2014-11-03 15:41
.
Vor Suchlauf: 14 Verzeichnis(se), 609.177.477.120 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 610.612.133.888 Bytes frei
.
- - End Of File - - 9E673A633442C24D6FF2311EE99C5A0A
A36C5E4F47E84449FF07ED3517B43A31
MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.11.2014
Suchlauf-Zeit: 17:03:40
Logdatei: MBAM_aktuell.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.03
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: NB-003

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368997
Verstrichene Zeit: 31 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Adware Cleaner:

Code:
ATTFilter
# AdwCleaner v4.002 - Bericht erstellt am 03/11/2014 um 17:39:23
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : NB-003 - NB-003-TSV
# Gestartet von : C:\Users\NB-003\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 de)


*************************

AdwCleaner[R0].txt - [7306 octets] - [24/10/2014 16:44:26]
AdwCleaner[S0].txt - [950 octets] - [03/11/2014 17:39:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1009 octets] ##########
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Professional x64
Ran by NB-003 on 03.11.2014 at 18:20:48,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\NB-003\AppData\Roaming\mozilla\firefox\profiles\wodv3eh0.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.11.2014 at 18:23:47,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by NB-003 (administrator) on NB-003-TSV on 03-11-2014 18:24:59
Running from C:\Users\NB-003\Downloads
Loaded Profile: NB-003 (Available profiles: NB-003 & NB-003_1)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\cofire.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [GDataRegistrationNotifier] => C:\Program Files (x86)\G Data\InternetSecurity\RegNotifier\RegistrationNotifier.exe [2331672 2012-12-10] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vabtimer.lnk
ShortcutTarget: vabtimer.lnk -> C:\Program Files (x86)\PC-VAB\VABTimer.exe (Schäfer VAB GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tsv1862blaichach.de/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1602883323-1665739586-4230331772-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default
FF Homepage: hxxp://www.tsv1862blaichach.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\NB-003\AppData\Roaming\Mozilla\Firefox\Profiles\wodv3eh0.default\Extensions\abs@avira.com [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx []
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx []
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-09] (Lenovo.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [114288 2014-09-27] (Mozilla Foundation)
R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S2 avp; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe" -r [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41712 2013-05-29] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 18:23 - 2014-11-03 18:24 - 00000759 _____ () C:\Users\NB-003\Desktop\JRT.txt
2014-11-03 18:20 - 2014-11-03 18:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-03 17:46 - 2014-11-03 17:47 - 01706939 _____ (Thisisu) C:\Users\NB-003\Desktop\JRT.exe
2014-11-03 17:45 - 2014-11-03 17:45 - 00001089 _____ () C:\Users\NB-003\Desktop\AdwCleaner[S0].txt
2014-11-03 17:36 - 2014-11-03 17:36 - 01998336 _____ () C:\Users\NB-003\Desktop\AdwCleaner_4.002.exe
2014-11-03 17:36 - 2014-11-03 17:36 - 00001212 _____ () C:\Users\NB-003\Desktop\MBAM_aktuell.txt
2014-11-03 17:01 - 2014-11-03 17:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\NB-003\Downloads\mbam-setup-2.0.3.1025(2).exe
2014-11-03 16:43 - 2014-11-03 16:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\NB-003\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-11-03 16:41 - 2014-11-03 16:41 - 00017247 _____ () C:\ComboFix.txt
2014-11-03 16:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 16:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 16:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 16:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 16:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 16:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 16:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 16:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 16:13 - 2014-11-03 16:13 - 05591672 ____R (Swearware) C:\Users\NB-003\Desktop\ComboFix.exe
2014-11-02 15:54 - 2014-11-02 15:54 - 02347384 _____ (ESET) C:\Users\NB-003\Downloads\esetsmartinstaller_deu.exe
2014-11-02 15:54 - 2014-11-02 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-30 20:15 - 2014-10-30 20:15 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Macromedia
2014-10-30 20:15 - 2014-10-30 20:15 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Macromedia
2014-10-30 20:08 - 2014-10-30 20:08 - 05591672 ____R (Swearware) C:\Users\NB-003_1\Desktop\ComboFix.exe
2014-10-30 20:08 - 2014-10-30 20:08 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Avira
2014-10-30 20:06 - 2014-10-30 20:06 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Mozilla
2014-10-30 20:06 - 2014-10-30 20:06 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Mozilla
2014-10-30 20:04 - 2014-10-30 20:04 - 00110472 _____ () C:\Users\NB-003_1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-30 19:59 - 2014-11-03 16:41 - 00000000 ____D () C:\Qoobox
2014-10-30 19:58 - 2014-11-03 16:40 - 00000000 ____D () C:\Windows\erdnt
2014-10-30 19:57 - 2014-10-30 19:57 - 05591672 _____ (Swearware) C:\Users\NB-003\Downloads\ComboFix(1).exe
2014-10-29 20:18 - 2014-10-29 20:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\NB-003\Downloads\tdsskiller.exe
2014-10-29 18:47 - 2014-10-29 18:47 - 00001292 _____ () C:\Users\NB-003\Desktop\Malware.txt
2014-10-29 17:59 - 2014-11-03 17:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 17:58 - 2014-11-03 16:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-29 17:58 - 2014-11-03 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-29 17:58 - 2014-11-03 16:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-29 17:58 - 2014-10-29 17:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 17:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 17:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 17:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 17:56 - 2014-10-29 17:57 - 00030752 _____ () C:\Users\NB-003\Downloads\Addition.txt
2014-10-29 17:56 - 2014-10-29 17:56 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Avira
2014-10-29 17:53 - 2014-11-03 18:24 - 00013990 _____ () C:\Users\NB-003\Downloads\FRST.txt
2014-10-29 17:53 - 2014-10-29 17:52 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-29 17:52 - 2014-11-03 18:25 - 00000000 ____D () C:\FRST
2014-10-29 17:50 - 2014-10-29 17:52 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\NB-003\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-29 17:50 - 2014-10-29 17:50 - 02114560 _____ (Farbar) C:\Users\NB-003\Downloads\FRST64.exe
2014-10-29 17:50 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-29 17:50 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-29 17:50 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-10-29 17:41 - 2014-10-29 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-29 17:41 - 2014-10-29 17:41 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-29 17:40 - 2014-10-29 17:40 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\NB-003\Downloads\avira_de_av___ws.exe
2014-10-29 17:40 - 2014-10-29 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-29 17:35 - 2014-10-29 17:35 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\MAGIX
2014-10-29 17:35 - 2014-10-29 17:35 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Xara
2014-10-29 17:33 - 2014-10-30 20:03 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-29 17:33 - 2014-10-29 17:33 - 00001432 _____ () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-29 17:32 - 2014-10-29 17:33 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\VirtualStore
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Vorlagen
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Startmenü
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Netzwerkumgebung
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Lokale Einstellungen
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Eigene Dateien
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Druckumgebung
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Documents\Eigene Musik
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Documents\Eigene Bilder
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Local\Verlauf
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\AppData\Local\Anwendungsdaten
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 _SHDL () C:\Users\NB-003_1\Anwendungsdaten
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 ____D () C:\Users\NB-003_1
2014-10-29 17:32 - 2013-12-12 21:07 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Microsoft Help
2014-10-29 17:32 - 2013-10-14 09:03 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\PwrMgr
2014-10-29 17:32 - 2013-10-14 08:35 - 00001987 _____ () C:\Users\NB-003_1\Desktop\Microsoft Office.lnk
2014-10-29 17:32 - 2013-08-01 15:43 - 00000000 ____D () C:\Users\NB-003_1\AppData\Local\Lenovo
2014-10-29 17:32 - 2013-08-01 13:30 - 00000000 ____D () C:\Users\NB-003_1\AppData\Roaming\Adobe
2014-10-29 17:32 - 2013-04-29 13:17 - 00000000 ___RD () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 17:32 - 2013-04-29 13:17 - 00000000 ___RD () C:\Users\NB-003_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 17:32 - 2010-11-21 03:50 - 00000020 ___SH () C:\Users\NB-003_1\ntuser.ini
2014-10-26 21:05 - 2014-10-26 21:05 - 06126536 _____ (Tim Kosse) C:\Users\NB-003\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-26 20:55 - 2014-10-26 20:55 - 00001128 _____ () C:\Users\Public\Desktop\MAGIX Web Designer 10 Premium.lnk
2014-10-26 20:55 - 2014-10-26 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-10-26 20:42 - 2014-10-26 20:53 - 01038704 _____ (Amazon Services LLC) C:\Users\NB-003\Downloads\MAGIX_Web_Designer_10_Premium_Downloader(2).exe
2014-10-25 18:15 - 2014-10-25 18:15 - 00013422 _____ () C:\Users\NB-003\Documents\Werte Heike.xlsx
2014-10-24 16:45 - 2014-10-24 16:45 - 01054912 _____ (Adobe) C:\Users\NB-003\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-24 16:44 - 2014-11-03 17:39 - 00000000 ____D () C:\AdwCleaner
2014-10-24 16:33 - 2014-10-25 16:59 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\TeamViewer
2014-10-24 16:33 - 2014-10-24 16:33 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-24 16:33 - 2014-10-24 16:33 - 00001173 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-24 16:33 - 2014-10-24 16:33 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-24 16:32 - 2014-10-24 16:32 - 06626832 _____ (TeamViewer GmbH) C:\Users\NB-003\Downloads\TeamViewer_Setup_de.exe
2014-10-22 17:51 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-22 17:51 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-22 17:50 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-22 17:50 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-22 17:50 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-22 17:50 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-22 17:50 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-22 17:50 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-22 17:50 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-22 17:40 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-22 17:40 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-22 17:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-22 17:40 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-22 17:40 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-22 17:40 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-22 17:40 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-22 17:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-22 17:40 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-22 17:40 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-22 17:40 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-22 17:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-22 17:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-22 17:40 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-22 17:40 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-22 17:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-22 17:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-22 17:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-22 17:40 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-22 17:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-22 17:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-22 17:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-22 17:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-22 17:40 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-22 17:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-22 17:40 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-22 17:40 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-22 17:40 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-22 17:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-22 17:40 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-22 17:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-22 17:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-22 17:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-22 17:40 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-22 17:40 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-22 17:40 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-22 17:40 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-22 17:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-22 17:40 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-22 17:40 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-22 17:40 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-22 17:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-22 17:40 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-22 17:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-22 17:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-22 17:40 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-22 17:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-22 17:40 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-22 17:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-22 17:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-22 17:40 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-22 17:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-22 17:39 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-22 17:39 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-22 17:39 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-22 17:39 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-22 17:39 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-22 17:39 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 18:58 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 18:58 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-21 18:58 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-21 18:58 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 18:58 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-21 18:58 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-21 18:58 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-21 18:58 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-21 18:54 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 18:54 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 18:50 - 2014-10-12 18:50 - 00000000 ____D () C:\Users\NB-003\Desktop\MAGIX Web Designer 10 Premium (Download)
2014-10-12 18:49 - 2014-10-12 18:49 - 01038704 _____ (Amazon Services LLC) C:\Users\NB-003\Downloads\MAGIX_Web_Designer_10_Premium_Downloader(1).exe
2014-10-04 18:55 - 2014-10-04 18:55 - 00000879 _____ () C:\Users\NB-003\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 18:20 - 2009-07-14 05:45 - 00006640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 18:20 - 2009-07-14 05:45 - 00006640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 18:16 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-03 18:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 18:11 - 2014-08-09 20:04 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Skype
2014-11-03 18:09 - 2013-10-17 21:40 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-11-03 18:08 - 2009-07-14 05:51 - 00074871 _____ () C:\Windows\setupact.log
2014-11-03 17:51 - 2013-10-16 09:06 - 01891944 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 17:41 - 2010-11-21 04:47 - 00371918 _____ () C:\Windows\PFRO.log
2014-11-03 17:25 - 2014-07-02 18:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 16:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-03 16:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-03 15:54 - 2010-11-21 07:50 - 00784178 _____ () C:\Windows\system32\perfh007.dat
2014-11-03 15:54 - 2010-11-21 07:50 - 00181060 _____ () C:\Windows\system32\perfc007.dat
2014-11-03 15:54 - 2009-07-14 06:13 - 01845382 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 15:45 - 2013-10-16 10:52 - 00110472 _____ () C:\Users\NB-003\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 15:28 - 2014-06-12 18:30 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-02 15:28 - 2014-06-12 18:30 - 00007076 _____ () C:\Windows\LkmdfCoInst.log
2014-10-30 19:10 - 2009-07-14 05:45 - 00414280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 22:10 - 2014-07-20 15:15 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\FileZilla
2014-10-26 20:55 - 2014-08-02 16:41 - 00000000 ___RD () C:\Users\NB-003\Documents\MAGIX
2014-10-24 16:08 - 2014-05-16 13:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-24 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 15:51 - 2013-10-16 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 17:42 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 18:54 - 2013-10-16 12:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 18:47 - 2013-04-29 10:44 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 18:59 - 2014-07-20 15:23 - 00000000 ____D () C:\Program Files (x86)\WebSite X5 v10 - Free
2014-10-11 16:10 - 2014-05-28 18:49 - 00000000 ____D () C:\Users\NB-003\Desktop\TSV 1862 Blaichach e.V
2014-10-05 18:22 - 2014-07-02 19:53 - 00000000 ____D () C:\Users\NB-003\AppData\Roaming\7-PDFSplitMerge
2014-10-04 18:56 - 2014-07-20 16:07 - 00000000 ____D () C:\Users\NB-003\.gimp-2.8

Some content of TEMP:
====================
C:\Users\NB-003\AppData\Local\Temp\avgnt.exe
C:\Users\NB-003\AppData\Local\Temp\Quarantine.exe
C:\Users\NB-003\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 22:26

==================== End Of Log ============================
--- --- ---

--- --- ---


vielen Dank nochmal!

Alt 08.11.2014, 07:58   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: User Passwort gelöscht, Programme laufen nicht mehr - Standard

Win7: User Passwort gelöscht, Programme laufen nicht mehr



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: User Passwort gelöscht, Programme laufen nicht mehr
antivirus, avira, computer, desktop, device driver, downloader, ebanking, excel, fehlercode 0x40000015, fehlercode 0x5, fehlercode 0xc0000006, fehlercode windows, festplatte, flash player, homepage, kaspersky, mozilla, pup.mailpassview, pwmtr64v.dll, registry, scan, server, software, svchost.exe, usb


« Windows 7 TR/Badur.iiop.6 wie vollständig löschen | Proxy stellt sich immer auf 127.0.0.1:9880 nach hijack durch websearches »


Ähnliche Themen: Win7: User Passwort gelöscht, Programme laufen nicht mehr


  1. Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr
    Log-Analyse und Auswertung - 21.07.2014 (26)
  2. Win7: Einige wenige Programme funktionieren nicht mehr und Laptop wird langsam.
    Log-Analyse und Auswertung - 25.05.2014 (20)
  3. 2x Windows 7 - Kaspersky fand Trojaner - Programme laufen nicht richtig
    Mülltonne - 17.03.2014 (1)
  4. Programme werden nicht mehr ausgeführt, Installationen laufen nicht...
    Log-Analyse und Auswertung - 18.04.2013 (15)
  5. Win7 64Bit: Programme öffnen sich nicht - USB und mehr funzt nicht.
    Alles rund um Windows - 28.10.2012 (7)
  6. Internet Explorer und alle Programme und Downloads die über ihn laufen funktionieren nicht
    Log-Analyse und Auswertung - 25.09.2012 (6)
  7. Ich kann nur mehr bediengt klicken.. Programme laufen Fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (8)
  8. mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (
    Log-Analyse und Auswertung - 18.04.2012 (28)
  9. mediashifting.com, avira deaktiviert und manche programme laufen nicht mehr ...
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  10. Trojaner von AV entdeckt und gelöscht aber jetzt funktionieren die meisten Programme nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (16)
  11. Programme lassen sich von einem User nicht mehr ausführen
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (4)
  12. Win7, die meisten Programme starten nicht mehr.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (5)
  13. In Vista laufen div. Programme nicht mehr an (vmtl. wg. Berechtigungsproblemen)
    Alles rund um Windows - 07.03.2010 (25)
  14. Antivirus 2010 entfernt (?), Antivir und andere Programme laufen nicht
    Log-Analyse und Auswertung - 03.02.2010 (18)
  15. Kann nicht mehr auf Webseiten mit User/Passwort zugreifen!
    Log-Analyse und Auswertung - 29.11.2008 (0)
  16. exe-Programme laufen nicht mehr, kommt nur noch "öffnen mit"
    Log-Analyse und Auswertung - 07.11.2008 (0)
  17. Programme laufen nicht richtig, 6viren mit antivir
    Log-Analyse und Auswertung - 19.10.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: User Passwort gelöscht, Programme laufen nicht mehr - Hallo! Vor einiger Zeit war plötzlich mein Zugangspasswort zu Windows gelöscht und einige Programme funktionieren nicht mehr (nur Fehlermeldungen...). Ebenso ist die Kaspersky Internet Security deaktiviert und ich kann sie - Win7: User Passwort gelöscht, Programme laufen nicht mehr...
Archiv
Du betrachtest: Win7: User Passwort gelöscht, Programme laufen nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19