Sicherheitswarnung Telekom Abuse Team

Otti58 · 05.02.2015, 20:15

Hallo zusammen,

anbei die Log Files zu dem schon öfters hier thematisierten Problem im Hinblick auf einen möglichen Befall durch einen Virus / Trojaner.

Ich hoffe ihr könntmir weiterhelfen!

Danke und Gruß

Otti

schrauber · 05.02.2015, 20:16

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Otti58 · 05.02.2015, 20:26

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Otmar (administrator) on OTMAR on 05-02-2015 19:54:23
Running from C:\Users\Otmar\Downloads
Loaded Profiles: Otmar (Available profiles: Otmar)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\LPT\srpts.exe
() C:\Program Files\004\rqpbhevlkc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Users\Otmar\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Users\Otmar\AppData\Local\LPT\srptm.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Users\Otmar\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dell) C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [fst_de_24] => [X]
HKLM-x32\...\Run: [t4pc_en_4] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Otmar\AppData\Local\Smartbar\Application\SnapDo.exe [28192 2014-04-08] (Smartbar)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [DellSystemDetect] => C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-16] (Dell)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\MountPoints2: {12489d96-e1e1-11e3-8254-342387dc639a} - "E:\Password.exe" 
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xvO1_5AhR4CQDq3J9AYj6Jzu-Pgt4dwv2FW5QH-F6QXsaoL-swnn5uHXHlMv_BDoBG-_
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfcsI6U553IdaRf-Wot8i0pkiNR0ZRc1IFh7ppsx2MCRPBnToIO03w4KOX39jN438xv856TwVW78HCk4jyBjxcrO_yTXUinhuT4ElncYqHCXOpJtvxIA9szxY9iSsiNSna1Hv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401698475&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {5CA394D9-0A3E-4AAE-8FE3-4F52A1DAB095} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {8C7A5C9F-0F4A-4635-BE91-B5ABC958716E} URL = 
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {B783C35F-94BA-4ABB-8214-1374C1BD7E73} URL = hxxp://search.findwide.com/serp?guid={DA3645C3-056D-4172-BF7B-AE737CF4E0D8}&action=default_search&k={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> No Name - {A6D030CA-393E-4DEC-BD1C-43F29D060812} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=scpp&ts=1401691376&from=cor&uid=HitachiXHTS547575A9E384_J2140054KWSTEBKWSTEBX

FireFox:
========
FF ProfilePath: C:\Users\Otmar\AppData\Roaming\Mozilla\Firefox\Profiles\vxva1dg4.default-1406699693556
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Otmar\AppData\Roaming\Mozilla\Firefox\Profiles\ebl332qe.default\extensions\quick_start@gmail.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-06] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-02] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-02] (globalUpdate) [File not signed]
R2 HPSLPSVC; C:\Users\Otmar\AppData\Local\Temp\7zS07EE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37920 2014-04-08] () <==== ATTENTION
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-06-02] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-06] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-25] (NetFilterSDK.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 19:54 - 2015-02-05 19:54 - 00023609 _____ () C:\Users\Otmar\Downloads\FRST.txt
2015-02-05 19:54 - 2015-02-05 19:54 - 00000000 ____D () C:\FRST
2015-02-05 19:53 - 2015-02-05 19:53 - 02131968 _____ (Farbar) C:\Users\Otmar\Downloads\FRST64.exe
2015-02-04 21:15 - 2015-02-04 22:14 - 00149255 _____ (Microsoft Corporation) C:\Users\Otmar\Downloads\Silverlight_x64(1).exe.part
2015-02-04 21:14 - 2015-02-04 22:14 - 00536939 _____ (Microsoft Corporation) C:\Users\Otmar\Downloads\Silverlight_x64.exe.part
2015-02-04 21:14 - 2015-02-04 21:15 - 13087456 _____ (Microsoft Corporation) C:\Users\Otmar\Downloads\Silverlight_x64(2).exe
2015-01-26 20:29 - 2015-01-26 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:00 - 2015-01-26 19:00 - 00012105 _____ () C:\Users\Otmar\Documents\Ausgaben  2014.docm
2015-01-26 18:56 - 2015-01-26 18:56 - 00012371 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2014.docm
2015-01-26 18:44 - 2015-01-26 19:57 - 00012437 _____ () C:\Users\Otmar\Documents\Weihnachtsmarkt 2014.docm
2015-01-26 18:35 - 2015-01-26 18:35 - 00012323 _____ () C:\Users\Otmar\Documents\weihnachtsmarkt 2013.docm
2015-01-25 11:10 - 2015-01-25 11:10 - 00000000 ____D () C:\ProgramData\HP
2015-01-25 10:56 - 2015-01-25 10:56 - 00000000 __SHD () C:\Users\Otmar\AppData\Local\EmieBrowserModeList
2015-01-25 10:54 - 2015-01-25 10:54 - 00000000 ____D () C:\Users\Otmar\AppData\Local\AAV
2015-01-25 10:53 - 2015-01-25 10:59 - 00002223 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-25 10:53 - 2015-01-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-25 10:53 - 2015-01-25 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-25 10:50 - 2015-01-25 10:54 - 00000000 ____D () C:\ProgramData\AAV
2015-01-25 07:44 - 2015-01-25 07:44 - 00026552 _____ () C:\Users\Otmar\Downloads\confirmation.htm
2015-01-25 07:44 - 2015-01-25 07:44 - 00000000 ____D () C:\Users\Otmar\Downloads\confirmation-Dateien
2015-01-19 18:09 - 2014-01-02 18:46 - 00010853 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2013.docm
2015-01-19 18:07 - 2014-01-02 18:59 - 00010637 _____ () C:\Users\Otmar\Documents\Ausgaben  2013.docm
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-16 18:25 - 2015-02-04 22:03 - 00000112 _____ () C:\ProgramData\g58oQn8i.dat
2015-01-14 06:24 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:24 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:24 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:23 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:23 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:23 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:23 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:23 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:23 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:23 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:23 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 05:52 - 2015-01-31 15:25 - 00000000 ____D () C:\Users\Otmar\AppData\Roaming\Compatibility Verifier
2015-01-10 05:43 - 2015-01-17 07:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-10 05:43 - 2015-01-17 07:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 19:53 - 2014-06-22 06:09 - 01050207 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 19:47 - 2014-11-05 07:19 - 00005124 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OTMAR-Otmar Otmar
2015-02-05 19:46 - 2014-05-19 09:23 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{450516F8-3DA2-41CF-945D-2507486248E4}
2015-02-05 19:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-05 19:43 - 2014-05-19 09:08 - 00000000 __RDO () C:\Users\Otmar\SkyDrive
2015-02-05 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-26 18:28 - 2014-11-07 20:13 - 00022754 _____ () C:\Users\Otmar\Documents\Kopie von Hörbücher.xlsx
2015-01-25 11:40 - 2014-05-19 09:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3141491611-4293368238-2896361332-1001
2015-01-24 21:20 - 2014-11-15 12:52 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-15 12:52 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-19 19:33 - 2014-11-06 20:14 - 00003197 _____ () C:\Windows\setupact.log
2015-01-18 09:16 - 2014-10-27 19:31 - 00000799 _____ () C:\Users\Otmar\Downloads\FRITZ!Box.htm
2015-01-17 10:46 - 2014-06-02 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 17:57 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:21 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-14 15:37 - 2014-05-21 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:35 - 2014-05-21 22:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-02 07:21 - 2014-06-02 09:42 - 0000314 _____ () C:\Users\Otmar\AppData\Roaming\aps.uninstall.scan.results
2014-06-02 07:18 - 2014-05-27 12:25 - 1705163 _____ (AnyProtect.com) C:\Users\Otmar\AppData\Local\AnyProtectScannerSetup.exe
2014-03-11 23:32 - 2014-03-11 23:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-16 18:25 - 2015-02-04 22:03 - 0000112 _____ () C:\ProgramData\g58oQn8i.dat
2014-03-12 00:08 - 2014-03-12 00:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-12 00:04 - 2014-03-12 00:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-12 00:06 - 2014-03-12 00:07 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-12 00:07 - 2014-03-12 00:08 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-12 00:04 - 2014-03-12 00:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\g58oQn8i.dat


Some content of TEMP:
====================
C:\Users\Otmar\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 23:09

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

Additional scan

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Otmar at 2015-02-05 19:55:25
Running from C:\Users\Otmar\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: -33554178.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.143 - Dell Inc.)
Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version:  - )
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MediaPlayer+ (HKLM-x32\...\MediaPlayer+) (Version: 1.34.5.22 - enter) <==== ATTENTION
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Snap.Do (HKLM-x32\...\{AB65D81D-303A-4DDB-AC7C-12C9CD9F67FB}) (Version: 11.71.1.16545 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\{fcdcc41a-27cf-454f-bcda-867d2966588c}) (Version: 11.71.1.16545 - ReSoft Ltd.) <==== ATTENTION
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Otmar\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-01-2015 20:02:59 Windows Update
25-01-2015 10:51:26 SteuerSparErklärung 2015 wurde installiert.
28-01-2015 20:24:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BEDC590-2D86-4E2E-8471-EF172A026F93} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {0CFD038D-D9A5-4878-87A0-16E648D0A598} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {27B67595-7D5A-4B45-9655-0F02C211C405} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {314818C5-A6AB-40B4-BAB3-F0B03324BBA7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {5933608A-9B41-44F9-A7AA-82B0057528E4} - System32\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-5 => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-5.exe <==== ATTENTION
Task: {94472F1E-C285-4263-9482-ACC629B67E33} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {B150A359-BBD6-46D1-8344-D7FE9B1300CF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OTMAR-Otmar Otmar => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {CBBBC0B7-5CCE-4ED4-A718-57701A83DD7D} - System32\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-4 => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-4.exe <==== ATTENTION
Task: {CFF4F8DE-7DCD-40BA-8938-9C161EE0578E} - System32\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-1 => C:\Program Files (x86)\Plus-HD-9.7\Plus-HD-9.7-codedownloader.exe <==== ATTENTION
Task: {E7A7E53E-6CA0-4388-8EBD-966C52CF9B43} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3141491611-4293368238-2896361332-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {EE4A13D8-1DE5-4FC1-8A5E-378BA705991C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] ()
Task: {F1B59641-6836-41FC-80BF-2C01B06F3F87} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {F522A72A-A18C-46BF-92BE-1EB1A73474EB} - System32\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-2 => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-2.exe <==== ATTENTION
Task: {F63D2E4A-B85E-47A8-98E8-B64AF113EDDC} - System32\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-3 => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-3.exe <==== ATTENTION
Task: {F81298E8-949A-4B9A-ABAC-4B270369B0A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-1.job => C:\Program Files (x86)\Plus-HD-9.7\Plus-HD-9.7-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-2.job => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-3.job => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-4.job => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-5.job => C:\Program Files (x86)\Plus-HD-9.7\87ca2a8b-2c21-40d9-9b89-2d00c43bd78c-5.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-09-04 20:13 - 2013-09-04 20:13 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-11-05 07:40 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00037920 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-06-02 07:19 - 2014-06-02 07:19 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2015-01-10 05:52 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Otmar\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2014-04-08 10:26 - 2014-04-08 10:26 - 00023072 _____ () C:\Users\Otmar\AppData\Local\LPT\srptm.exe
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-11-26 19:14 - 2014-11-26 19:14 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00081952 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00023072 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00081952 _____ () C:\Users\Otmar\AppData\Local\LPT\srpt.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00027680 _____ () C:\Program Files (x86)\LPT\sreu.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00066080 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00155680 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00027168 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00056864 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00165920 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00044064 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00054304 _____ () C:\Program Files (x86)\LPT\srprl.dll
2014-04-08 10:25 - 2014-04-08 10:25 - 00045600 _____ () C:\Program Files (x86)\LPT\lrrot.dll
2014-03-12 00:00 - 2013-08-28 11:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-10 05:52 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Otmar\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00023072 _____ () C:\Users\Otmar\AppData\Local\LPT\srptc.dll
2014-04-08 10:25 - 2014-04-08 10:25 - 00018976 _____ () C:\Users\Otmar\AppData\Local\LPT\Smartbar.Common.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00056864 _____ () C:\Users\Otmar\AppData\Local\LPT\srut.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00066080 _____ () C:\Users\Otmar\AppData\Local\LPT\sppsm.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00155680 _____ () C:\Users\Otmar\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00027168 _____ () C:\Users\Otmar\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00165920 _____ () C:\Users\Otmar\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00044064 _____ () C:\Users\Otmar\AppData\Local\LPT\srbu.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00024608 _____ () C:\Users\Otmar\AppData\Local\LPT\srpdm.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00054304 _____ () C:\Users\Otmar\AppData\Local\LPT\srprl.dll
2014-04-08 10:26 - 2014-04-08 10:26 - 00039456 _____ () C:\Users\Otmar\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-04-08 10:25 - 2014-04-08 10:25 - 00045600 _____ () C:\Users\Otmar\AppData\Local\LPT\lrrot.dll
2015-01-10 05:52 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Otmar\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2014-03-12 00:05 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-23 09:19 - 2014-11-23 09:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-11-23 09:25 - 2014-11-23 09:25 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-01-26 20:29 - 2015-01-26 20:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Otmar\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "upt4pc_en_4.exe"
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"

==================== Accounts: =============================

Administrator (S-1-5-21-3141491611-4293368238-2896361332-500 - Administrator - Disabled)
Gast (S-1-5-21-3141491611-4293368238-2896361332-501 - Limited - Disabled)
Otmar (S-1-5-21-3141491611-4293368238-2896361332-1001 - Administrator - Enabled) => C:\Users\Otmar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 07:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54b5ebf9
Name des fehlerhaften Moduls: KERNEL32.DLL, Version: 6.3.9600.17056, Zeitstempel: 0x532a2e6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00019072
ID des fehlerhaften Prozesses: 0x9278
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76901204

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76901204

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76899891

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76899891

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4907

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4907

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/02/2015 10:42:13 PM) (Source: DCOM) (EventID: 10010) (User: OTMAR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/02/2015 10:42:13 PM) (Source: DCOM) (EventID: 10010) (User: OTMAR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/31/2015 03:25:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/26/2015 09:48:27 PM) (Source: DCOM) (EventID: 10010) (User: OTMAR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/26/2015 09:48:27 PM) (Source: DCOM) (EventID: 10010) (User: OTMAR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 11:28:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/25/2015 11:26:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/25/2015 11:26:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/25/2015 11:26:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/19/2015 09:34:51 PM) (Source: DCOM) (EventID: 10010) (User: OTMAR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/05/2015 07:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054b5ebf9KERNEL32.DLL6.3.9600.17056532a2e6cc000000500019072927801d04096d9c4842fC:\Users\Otmar\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Windows\SYSTEM32\KERNEL32.DLLb0942758-ad66-11e4-826a-342387dc639a

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76901204

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76901204

Error: (02/05/2015 07:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76899891

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76899891

Error: (02/05/2015 07:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4907

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4907

Error: (02/04/2015 10:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 6024.96 MB
Available physical RAM: 3165.7 MB
Total Pagefile: 6984.96 MB
Available Pagefile: 2892.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:689.75 GB) (Free:606.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 217B4378)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 06.02.2015, 08:16

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Installer

LPT System Updater Service

MediaPlayer+

Snap.Do

Snap.Do Engine
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Otti58 · 06.02.2015, 21:16

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.06.07
  rootkit: v2015.02.03.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Otmar :: OTMAR [administrator]

06.02.2015 20:30:18
mbar-log-2015-02-06 (20-30-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 341113
Time elapsed: 32 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDS Killer

Code:

ATTFilter

21:07:09.0040 0x95e4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:07:09.0040 0x95e4  UEFI system
21:07:34.0478 0x95e4  ============================================================
21:07:34.0478 0x95e4  Current date / time: 2015/02/06 21:07:34.0478
21:07:34.0478 0x95e4  SystemInfo:
21:07:34.0478 0x95e4  
21:07:34.0478 0x95e4  OS Version: 6.3.9600 ServicePack: 0.0
21:07:34.0478 0x95e4  Product type: Workstation
21:07:34.0478 0x95e4  ComputerName: OTMAR
21:07:34.0478 0x95e4  UserName: Otmar
21:07:34.0478 0x95e4  Windows directory: C:\Windows
21:07:34.0478 0x95e4  System windows directory: C:\Windows
21:07:34.0478 0x95e4  Running under WOW64
21:07:34.0478 0x95e4  Processor architecture: Intel x64
21:07:34.0478 0x95e4  Number of processors: 4
21:07:34.0478 0x95e4  Page size: 0x1000
21:07:34.0478 0x95e4  Boot type: Normal boot
21:07:34.0478 0x95e4  ============================================================
21:07:35.0285 0x95e4  KLMD registered as C:\Windows\system32\drivers\57476065.sys
21:07:35.0968 0x95e4  System UUID: {735D6EA4-8647-02B7-B98C-EA63FDA59FE4}
21:07:37.0033 0x95e4  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:37.0052 0x95e4  ============================================================
21:07:37.0052 0x95e4  \Device\Harddisk0\DR0:
21:07:37.0052 0x95e4  GPT partitions:
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3CCFE3C9-3F62-4A41-9CF3-7E0C44E5B125}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {B3C0D175-A6CC-434C-87D7-4FABF4B13EFA}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D5937DCC-22F6-4F23-95D9-EEF039AF6C6A}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7FF4E8E7-89FF-4585-9202-E0EF4CC30E69}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xF5000
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B7AAEDE6-82B8-4F2D-AEB3-D9BF8FA6E866}, Name: Basic data partition, StartLBA 0x243800, BlocksNum 0x5637E800
21:07:37.0053 0x95e4  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0E6CFA13-B1C4-4320-A103-44483743C99C}, Name: Microsoft recovery partition, StartLBA 0x565C2000, BlocksNum 0xF83EF0
21:07:37.0053 0x95e4  MBR partitions:
21:07:37.0053 0x95e4  ============================================================
21:07:37.0083 0x95e4  C: <-> \Device\Harddisk0\DR0\Partition5
21:07:37.0083 0x95e4  ============================================================
21:07:37.0083 0x95e4  Initialize success
21:07:37.0083 0x95e4  ============================================================
21:09:05.0857 0x8bac  ============================================================
21:09:05.0857 0x8bac  Scan started
21:09:05.0857 0x8bac  Mode: Manual; SigCheck; TDLFS; 
21:09:05.0857 0x8bac  ============================================================
21:09:05.0857 0x8bac  KSN ping started
21:09:08.0343 0x8bac  KSN ping finished: true
21:09:09.0977 0x8bac  ================ Scan system memory ========================
21:09:09.0977 0x8bac  System memory - ok
21:09:09.0977 0x8bac  ================ Scan services =============================
21:09:10.0160 0x8bac  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
21:09:10.0264 0x8bac  1394ohci - ok
21:09:10.0295 0x8bac  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
21:09:10.0307 0x8bac  3ware - ok
21:09:10.0435 0x8bac  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:09:10.0445 0x8bac  AAV UpdateService - ok
21:09:10.0488 0x8bac  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:09:10.0520 0x8bac  ACPI - ok
21:09:10.0538 0x8bac  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
21:09:10.0551 0x8bac  acpiex - ok
21:09:10.0565 0x8bac  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
21:09:10.0597 0x8bac  acpipagr - ok
21:09:10.0612 0x8bac  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
21:09:10.0674 0x8bac  AcpiPmi - ok
21:09:10.0686 0x8bac  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
21:09:10.0722 0x8bac  acpitime - ok
21:09:10.0846 0x8bac  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:10.0861 0x8bac  AdobeFlashPlayerUpdateSvc - ok
21:09:10.0910 0x8bac  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
21:09:10.0945 0x8bac  ADP80XX - ok
21:09:10.0984 0x8bac  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:09:11.0090 0x8bac  AeLookupSvc - ok
21:09:11.0144 0x8bac  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:09:11.0152 0x8bac  AERTFilters - ok
21:09:11.0202 0x8bac  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
21:09:11.0405 0x8bac  AFD - ok
21:09:11.0466 0x8bac  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:09:11.0511 0x8bac  agp440 - ok
21:09:11.0538 0x8bac  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
21:09:11.0598 0x8bac  ahcache - ok
21:09:11.0622 0x8bac  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
21:09:11.0698 0x8bac  ALG - ok
21:09:11.0727 0x8bac  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
21:09:11.0791 0x8bac  AmdK8 - ok
21:09:11.0820 0x8bac  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
21:09:11.0859 0x8bac  AmdPPM - ok
21:09:11.0882 0x8bac  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:09:11.0894 0x8bac  amdsata - ok
21:09:11.0918 0x8bac  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:09:11.0936 0x8bac  amdsbs - ok
21:09:11.0951 0x8bac  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:09:11.0961 0x8bac  amdxata - ok
21:09:12.0027 0x8bac  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:09:12.0043 0x8bac  AntiVirSchedulerService - ok
21:09:12.0074 0x8bac  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:09:12.0089 0x8bac  AntiVirService - ok
21:09:12.0114 0x8bac  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\Windows\system32\drivers\appid.sys
21:09:12.0228 0x8bac  AppID - ok
21:09:12.0258 0x8bac  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:09:12.0317 0x8bac  AppIDSvc - ok
21:09:12.0350 0x8bac  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\Windows\System32\appinfo.dll
21:09:12.0433 0x8bac  Appinfo - ok
21:09:12.0485 0x8bac  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:12.0492 0x8bac  Apple Mobile Device - ok
21:09:12.0540 0x8bac  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
21:09:12.0639 0x8bac  AppReadiness - ok
21:09:12.0711 0x8bac  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
21:09:12.0827 0x8bac  AppXSvc - ok
21:09:12.0853 0x8bac  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:09:12.0867 0x8bac  arcsas - ok
21:09:12.0882 0x8bac  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:09:12.0892 0x8bac  atapi - ok
21:09:12.0927 0x8bac  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:09:13.0023 0x8bac  AudioEndpointBuilder - ok
21:09:13.0069 0x8bac  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:09:13.0105 0x8bac  Audiosrv - ok
21:09:13.0136 0x8bac  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:09:13.0149 0x8bac  avgntflt - ok
21:09:13.0169 0x8bac  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:09:13.0179 0x8bac  avipbb - ok
21:09:13.0201 0x8bac  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:09:13.0210 0x8bac  avkmgr - ok
21:09:13.0235 0x8bac  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:09:13.0316 0x8bac  AxInstSV - ok
21:09:13.0356 0x8bac  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:09:13.0383 0x8bac  b06bdrv - ok
21:09:13.0409 0x8bac  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
21:09:13.0463 0x8bac  BasicDisplay - ok
21:09:13.0502 0x8bac  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
21:09:13.0596 0x8bac  BasicRender - ok
21:09:13.0627 0x8bac  [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
21:09:13.0640 0x8bac  bcbtums - ok
21:09:13.0885 0x8bac  [ 626993CA204D0DE1C3023F635C013F2B, 264CF2883EBD7A005AA1D17BAEF367E489F11B93ABDFD0BDF87F50748A82A883 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl63a.sys
21:09:14.0157 0x8bac  BCM43XX - ok
21:09:14.0262 0x8bac  [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport   C:\Windows\system32\BtwRSupportService.exe
21:09:14.0344 0x8bac  BcmBtRSupport - ok
21:09:14.0372 0x8bac  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
21:09:14.0379 0x8bac  bcmfn2 - ok
21:09:14.0427 0x8bac  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:09:14.0508 0x8bac  BDESVC - ok
21:09:14.0522 0x8bac  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
21:09:14.0578 0x8bac  Beep - ok
21:09:14.0636 0x8bac  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\Windows\System32\bfe.dll
21:09:14.0736 0x8bac  BFE - ok
21:09:14.0852 0x8bac  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
21:09:14.0943 0x8bac  BITS - ok
21:09:14.0981 0x8bac  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:09:14.0998 0x8bac  Bonjour Service - ok
21:09:15.0022 0x8bac  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:09:15.0100 0x8bac  bowser - ok
21:09:15.0150 0x8bac  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:09:15.0221 0x8bac  BrokerInfrastructure - ok
21:09:15.0257 0x8bac  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\Windows\System32\browser.dll
21:09:15.0357 0x8bac  Browser - ok
21:09:15.0369 0x8bac  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
21:09:15.0415 0x8bac  BthAvrcpTg - ok
21:09:15.0488 0x8bac  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
21:09:15.0633 0x8bac  BthEnum - ok
21:09:15.0647 0x8bac  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
21:09:15.0675 0x8bac  BthHFEnum - ok
21:09:15.0691 0x8bac  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
21:09:15.0711 0x8bac  bthhfhid - ok
21:09:15.0751 0x8bac  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
21:09:15.0797 0x8bac  BthLEEnum - ok
21:09:15.0817 0x8bac  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
21:09:15.0839 0x8bac  BTHMODEM - ok
21:09:15.0882 0x8bac  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
21:09:15.0939 0x8bac  BthPan - ok
21:09:16.0017 0x8bac  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:09:16.0098 0x8bac  BTHPORT - ok
21:09:16.0129 0x8bac  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\Windows\system32\bthserv.dll
21:09:16.0152 0x8bac  bthserv - ok
21:09:16.0201 0x8bac  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:09:16.0229 0x8bac  BTHUSB - ok
21:09:16.0254 0x8bac  [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl        C:\Windows\system32\DRIVERS\btwampfl.sys
21:09:16.0266 0x8bac  btwampfl - ok
21:09:16.0283 0x8bac  [ 49665DD72F8DB515AB51D04984DB1D38, 8ABE06213D11309E6A2A6C21223852C33E28B4C9A5E9E6CAE20D4F6142F153F2 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:09:16.0296 0x8bac  btwaudio - ok
21:09:16.0317 0x8bac  [ 1611FFAFBB372A3BDA5ABDA3F9202882, D491A4F0F59B5C8779169C853F6CF27D13B59135335CCE243D3A54052B7B97A8 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:09:16.0332 0x8bac  btwavdt - ok
21:09:16.0402 0x8bac  [ DD2C038F5888B6F569851CCE361EFAEC, CE7EE853B058845D3E37C0DCD7498755D105EAFE7B7AD6915B736EC7123ED34F ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:09:16.0434 0x8bac  btwdins - ok
21:09:16.0446 0x8bac  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:09:16.0453 0x8bac  btwl2cap - ok
21:09:16.0468 0x8bac  [ BF79442906F4BB3DC4A81EA6B82EAD60, 2B67731D1C43C83A19CDC4ACE9605C9F3DA7347CC64C420DD00F8828227E939F ] btwrchid        C:\Windows\System32\drivers\btwrchid.sys
21:09:16.0475 0x8bac  btwrchid - ok
21:09:16.0500 0x8bac  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:09:16.0569 0x8bac  cdfs - ok
21:09:16.0604 0x8bac  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
21:09:16.0619 0x8bac  cdrom - ok
21:09:16.0646 0x8bac  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:09:16.0689 0x8bac  CertPropSvc - ok
21:09:16.0704 0x8bac  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
21:09:16.0724 0x8bac  circlass - ok
21:09:16.0768 0x8bac  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
21:09:16.0789 0x8bac  CLFS - ok
21:09:16.0934 0x8bac  [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
21:09:17.0001 0x8bac  ClickToRunSvc - ok
21:09:17.0032 0x8bac  [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
21:09:17.0041 0x8bac  CLVirtualDrive - ok
21:09:17.0055 0x8bac  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
21:09:17.0106 0x8bac  CmBatt - ok
21:09:17.0148 0x8bac  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:09:17.0177 0x8bac  CNG - ok
21:09:17.0201 0x8bac  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
21:09:17.0225 0x8bac  CompositeBus - ok
21:09:17.0230 0x8bac  COMSysApp - ok
21:09:17.0247 0x8bac  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
21:09:17.0299 0x8bac  condrv - ok
21:09:17.0396 0x8bac  [ 6DB7264A95FE984FFA072BA79FA087C8, CF180663B24B1660CD04CB26D8663FB7F357C9CF5731B315635D63B7DB76BCEC ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:09:17.0412 0x8bac  cphs - ok
21:09:17.0443 0x8bac  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:09:17.0524 0x8bac  CryptSvc - ok
21:09:17.0555 0x8bac  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
21:09:17.0567 0x8bac  dam - ok
21:09:17.0632 0x8bac  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:09:17.0836 0x8bac  DcomLaunch - ok
21:09:17.0878 0x8bac  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:09:17.0964 0x8bac  defragsvc - ok
21:09:18.0012 0x8bac  [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn        C:\Windows\System32\drivers\DellRbtn.sys
21:09:18.0104 0x8bac  DellRbtn - ok
21:09:18.0157 0x8bac  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
21:09:18.0253 0x8bac  DeviceAssociationService - ok
21:09:18.0285 0x8bac  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
21:09:18.0350 0x8bac  DeviceInstall - ok
21:09:18.0386 0x8bac  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
21:09:18.0497 0x8bac  Dfsc - ok
21:09:18.0542 0x8bac  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:09:18.0667 0x8bac  Dhcp - ok
21:09:18.0694 0x8bac  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
21:09:18.0707 0x8bac  disk - ok
21:09:18.0726 0x8bac  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
21:09:18.0800 0x8bac  dmvsc - ok
21:09:18.0832 0x8bac  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:09:18.0908 0x8bac  Dnscache - ok
21:09:18.0943 0x8bac  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\Windows\System32\dot3svc.dll
21:09:18.0978 0x8bac  dot3svc - ok
21:09:19.0024 0x8bac  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:09:19.0061 0x8bac  dot4 - ok
21:09:19.0080 0x8bac  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\Windows\System32\drivers\Dot4Prt.sys
21:09:19.0086 0x8bac  Dot4Print - ok
21:09:19.0100 0x8bac  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:09:19.0107 0x8bac  dot4usb - ok
21:09:19.0132 0x8bac  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\Windows\system32\dps.dll
21:09:19.0215 0x8bac  DPS - ok
21:09:19.0262 0x8bac  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:09:19.0285 0x8bac  drmkaud - ok
21:09:19.0319 0x8bac  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
21:09:19.0356 0x8bac  DsmSvc - ok
21:09:19.0436 0x8bac  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:09:19.0500 0x8bac  DXGKrnl - ok
21:09:19.0518 0x8bac  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\Windows\System32\eapsvc.dll
21:09:19.0543 0x8bac  Eaphost - ok
21:09:19.0674 0x8bac  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:09:19.0823 0x8bac  ebdrv - ok
21:09:19.0856 0x8bac  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\Windows\System32\lsass.exe
21:09:19.0869 0x8bac  EFS - ok
21:09:19.0894 0x8bac  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
21:09:19.0908 0x8bac  EhStorClass - ok
21:09:19.0926 0x8bac  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:09:19.0940 0x8bac  EhStorTcgDrv - ok
21:09:19.0954 0x8bac  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
21:09:19.0964 0x8bac  ErrDev - ok
21:09:20.0000 0x8bac  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\Windows\system32\es.dll
21:09:20.0059 0x8bac  EventSystem - ok
21:09:20.0091 0x8bac  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:09:20.0130 0x8bac  exfat - ok
21:09:20.0154 0x8bac  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:09:20.0173 0x8bac  fastfat - ok
21:09:20.0219 0x8bac  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\Windows\system32\fxssvc.exe
21:09:20.0287 0x8bac  Fax - ok
21:09:20.0306 0x8bac  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
21:09:20.0330 0x8bac  fdc - ok
21:09:20.0357 0x8bac  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\Windows\system32\fdPHost.dll
21:09:20.0444 0x8bac  fdPHost - ok
21:09:20.0463 0x8bac  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
21:09:20.0494 0x8bac  FDResPub - ok
21:09:20.0525 0x8bac  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\Windows\system32\fhsvc.dll
21:09:20.0619 0x8bac  fhsvc - ok
21:09:20.0651 0x8bac  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:09:20.0664 0x8bac  FileInfo - ok
21:09:20.0687 0x8bac  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:09:20.0713 0x8bac  Filetrace - ok
21:09:20.0732 0x8bac  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
21:09:20.0757 0x8bac  flpydisk - ok
21:09:20.0794 0x8bac  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:09:20.0814 0x8bac  FltMgr - ok
21:09:20.0895 0x8bac  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\Windows\system32\FntCache.dll
21:09:21.0004 0x8bac  FontCache - ok
21:09:21.0077 0x8bac  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:21.0087 0x8bac  FontCache3.0.0.0 - ok
21:09:21.0096 0x8bac  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:09:21.0108 0x8bac  FsDepends - ok
21:09:21.0120 0x8bac  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:09:21.0132 0x8bac  Fs_Rec - ok
21:09:21.0182 0x8bac  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:09:21.0210 0x8bac  fvevol - ok
21:09:21.0228 0x8bac  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
21:09:21.0253 0x8bac  FxPPM - ok
21:09:21.0281 0x8bac  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:09:21.0292 0x8bac  gagp30kx - ok
21:09:21.0395 0x8bac  [ E49C66240C7043A805B5C83A6FD6BEB0, C3FA9B6D94B76AA6AF7A6F600E9FBC6BFC2851A88026CA27C225E59DB59B5294 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
21:09:21.0411 0x8bac  Garmin Core Update Service - ok
21:09:21.0456 0x8bac  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:21.0462 0x8bac  GEARAspiWDM - ok
21:09:21.0483 0x8bac  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
21:09:21.0502 0x8bac  gencounter - ok
21:09:21.0527 0x8bac  globalUpdate - ok
21:09:21.0530 0x8bac  globalUpdatem - ok
21:09:21.0562 0x8bac  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
21:09:21.0576 0x8bac  GPIOClx0101 - ok
21:09:21.0646 0x8bac  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:09:21.0743 0x8bac  gpsvc - ok
21:09:21.0780 0x8bac  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
21:09:21.0787 0x8bac  grmnusb - ok
21:09:21.0824 0x8bac  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:21.0865 0x8bac  HdAudAddService - ok
21:09:21.0899 0x8bac  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
21:09:21.0932 0x8bac  HDAudBus - ok
21:09:21.0966 0x8bac  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
21:09:21.0986 0x8bac  HidBatt - ok
21:09:22.0010 0x8bac  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
21:09:22.0034 0x8bac  HidBth - ok
21:09:22.0054 0x8bac  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
21:09:22.0078 0x8bac  hidi2c - ok
21:09:22.0105 0x8bac  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
21:09:22.0131 0x8bac  HidIr - ok
21:09:22.0157 0x8bac  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\Windows\system32\hidserv.dll
21:09:22.0181 0x8bac  hidserv - ok
21:09:22.0217 0x8bac  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
21:09:22.0319 0x8bac  HidUsb - ok
21:09:22.0342 0x8bac  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:09:22.0374 0x8bac  hkmsvc - ok
21:09:22.0403 0x8bac  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:22.0463 0x8bac  HomeGroupListener - ok
21:09:22.0511 0x8bac  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:22.0588 0x8bac  HomeGroupProvider - ok
21:09:22.0599 0x8bac  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:09:22.0610 0x8bac  HpSAMD - ok
21:09:22.0836 0x8bac  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Users\Otmar\AppData\Local\Temp\7zS07EE\hpslpsvc64.dll
21:09:22.0876 0x8bac  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
21:09:25.0348 0x8bac  Detect skipped due to KSN trusted
21:09:25.0348 0x8bac  HPSLPSVC - ok
21:09:25.0434 0x8bac  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:09:25.0477 0x8bac  HTTP - ok
21:09:25.0506 0x8bac  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:09:25.0516 0x8bac  hwpolicy - ok
21:09:25.0535 0x8bac  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
21:09:25.0564 0x8bac  hyperkbd - ok
21:09:25.0598 0x8bac  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
21:09:25.0620 0x8bac  HyperVideo - ok
21:09:25.0645 0x8bac  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
21:09:25.0676 0x8bac  i8042prt - ok
21:09:25.0701 0x8bac  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
21:09:25.0709 0x8bac  iaLPSSi_GPIO - ok
21:09:25.0728 0x8bac  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
21:09:25.0738 0x8bac  iaLPSSi_I2C - ok
21:09:25.0774 0x8bac  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
21:09:25.0798 0x8bac  iaStorA - ok
21:09:25.0840 0x8bac  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
21:09:25.0868 0x8bac  iaStorAV - ok
21:09:25.0954 0x8bac  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:09:26.0045 0x8bac  IAStorDataMgrSvc - ok
21:09:26.0081 0x8bac  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:09:26.0105 0x8bac  iaStorV - ok
21:09:26.0110 0x8bac  IEEtwCollectorService - ok
21:09:26.0275 0x8bac  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:09:26.0478 0x8bac  igfx - ok
21:09:26.0546 0x8bac  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:09:26.0595 0x8bac  IKEEXT - ok
21:09:26.0622 0x8bac  [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:09:26.0630 0x8bac  intaud_WaveExtensible - ok
21:09:26.0751 0x8bac  [ 2BEE14AC102CF1259AC99ABF53291A8B, 45FAF81302E7A575D378A67F4EF75C89FDDE3B16AC3155BB2803A54D3A7B0DD3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:26.0889 0x8bac  IntcAzAudAddService - ok
21:09:26.0936 0x8bac  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:09:26.0959 0x8bac  IntcDAud - ok
21:09:27.0007 0x8bac  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
21:09:27.0045 0x8bac  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
21:09:29.0510 0x8bac  Detect skipped due to KSN trusted
21:09:29.0510 0x8bac  Intel(R) Capability Licensing Service Interface - ok
21:09:29.0582 0x8bac  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:09:29.0613 0x8bac  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:09:29.0627 0x8bac  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:09:29.0636 0x8bac  intelide - ok
21:09:29.0670 0x8bac  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
21:09:29.0681 0x8bac  intelpep - ok
21:09:29.0713 0x8bac  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
21:09:29.0744 0x8bac  intelppm - ok
21:09:29.0770 0x8bac  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:29.0796 0x8bac  IpFilterDriver - ok
21:09:29.0852 0x8bac  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:09:29.0951 0x8bac  iphlpsvc - ok
21:09:29.0990 0x8bac  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
21:09:30.0109 0x8bac  IPMIDRV - ok
21:09:30.0146 0x8bac  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:09:30.0238 0x8bac  IPNAT - ok
21:09:30.0277 0x8bac  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:09:30.0298 0x8bac  iPod Service - ok
21:09:30.0316 0x8bac  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:09:30.0339 0x8bac  IRENUM - ok
21:09:30.0367 0x8bac  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:09:30.0378 0x8bac  isapnp - ok
21:09:30.0424 0x8bac  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
21:09:30.0446 0x8bac  iScsiPrt - ok
21:09:30.0474 0x8bac  [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
21:09:30.0482 0x8bac  iwdbus - ok
21:09:30.0541 0x8bac  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:09:30.0551 0x8bac  jhi_service - ok
21:09:30.0568 0x8bac  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
21:09:30.0581 0x8bac  kbdclass - ok
21:09:30.0603 0x8bac  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
21:09:30.0633 0x8bac  kbdhid - ok
21:09:30.0647 0x8bac  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
21:09:30.0690 0x8bac  kdnic - ok
21:09:30.0723 0x8bac  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
21:09:30.0736 0x8bac  KeyIso - ok
21:09:30.0752 0x8bac  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:09:30.0764 0x8bac  KSecDD - ok
21:09:30.0804 0x8bac  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:09:30.0819 0x8bac  KSecPkg - ok
21:09:30.0833 0x8bac  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:09:30.0844 0x8bac  ksthunk - ok
21:09:30.0875 0x8bac  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:09:30.0896 0x8bac  KtmRm - ok
21:09:30.0943 0x8bac  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:09:31.0062 0x8bac  LanmanServer - ok
21:09:31.0094 0x8bac  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:31.0115 0x8bac  LanmanWorkstation - ok
21:09:31.0162 0x8bac  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
21:09:31.0249 0x8bac  lfsvc - ok
21:09:31.0267 0x8bac  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:09:31.0298 0x8bac  lltdio - ok
21:09:31.0338 0x8bac  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:09:31.0368 0x8bac  lltdsvc - ok
21:09:31.0386 0x8bac  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:09:31.0443 0x8bac  lmhosts - ok
21:09:31.0493 0x8bac  [ 6DC3A4E939B0F3EE16B54C5EC431D8C1, 81F626F07E8797E87D2070CC97BFE8088A23352539DE8CE156F86E2BD85C4ABC ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:09:31.0510 0x8bac  LMS - ok
21:09:31.0539 0x8bac  [ 9B7B8F61A11A05617DC379D0860E32A5, 8296BECF01014FAC9864316140FC574A6011F23495F1F6323638E3111807EA2F ] LPTSystemUpdater C:\Program Files (x86)\LPT\srpts.exe
21:09:31.0547 0x8bac  LPTSystemUpdater - ok
21:09:31.0587 0x8bac  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:09:31.0659 0x8bac  LSI_SAS - ok
21:09:31.0678 0x8bac  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:09:31.0690 0x8bac  LSI_SAS2 - ok
21:09:31.0696 0x8bac  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
21:09:31.0708 0x8bac  LSI_SAS3 - ok
21:09:31.0720 0x8bac  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
21:09:31.0732 0x8bac  LSI_SSS - ok
21:09:31.0784 0x8bac  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\Windows\System32\lsm.dll
21:09:31.0850 0x8bac  LSM - ok
21:09:31.0894 0x8bac  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:09:31.0918 0x8bac  luafv - ok
21:09:31.0944 0x8bac  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
21:09:31.0955 0x8bac  megasas - ok
21:09:31.0990 0x8bac  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
21:09:32.0018 0x8bac  megasr - ok
21:09:32.0053 0x8bac  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\System32\drivers\TeeDriverx64.sys
21:09:32.0064 0x8bac  MEIx64 - ok
21:09:32.0098 0x8bac  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\Windows\system32\mmcss.dll
21:09:32.0142 0x8bac  MMCSS - ok
21:09:32.0161 0x8bac  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
21:09:32.0186 0x8bac  Modem - ok
21:09:32.0202 0x8bac  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
21:09:32.0275 0x8bac  monitor - ok
21:09:32.0281 0x8bac  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
21:09:32.0291 0x8bac  mouclass - ok
21:09:32.0297 0x8bac  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
21:09:32.0318 0x8bac  mouhid - ok
21:09:32.0339 0x8bac  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:09:32.0351 0x8bac  mountmgr - ok
21:09:32.0385 0x8bac  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:32.0397 0x8bac  MozillaMaintenance - ok
21:09:32.0413 0x8bac  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:09:32.0444 0x8bac  mpsdrv - ok
21:09:32.0505 0x8bac  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:09:32.0560 0x8bac  MpsSvc - ok
21:09:32.0596 0x8bac  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:09:32.0637 0x8bac  MRxDAV - ok
21:09:32.0684 0x8bac  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:32.0769 0x8bac  mrxsmb - ok
21:09:32.0817 0x8bac  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:32.0902 0x8bac  mrxsmb10 - ok
21:09:32.0942 0x8bac  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:33.0012 0x8bac  mrxsmb20 - ok
21:09:33.0046 0x8bac  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
21:09:33.0143 0x8bac  MsBridge - ok
21:09:33.0170 0x8bac  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\Windows\System32\msdtc.exe
21:09:33.0202 0x8bac  MSDTC - ok
21:09:33.0229 0x8bac  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:09:33.0240 0x8bac  Msfs - ok
21:09:33.0251 0x8bac  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
21:09:33.0262 0x8bac  msgpiowin32 - ok
21:09:33.0280 0x8bac  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:09:33.0308 0x8bac  mshidkmdf - ok
21:09:33.0326 0x8bac  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
21:09:33.0337 0x8bac  mshidumdf - ok
21:09:33.0351 0x8bac  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:09:33.0362 0x8bac  msisadrv - ok
21:09:33.0393 0x8bac  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:09:33.0409 0x8bac  MSiSCSI - ok
21:09:33.0414 0x8bac  msiserver - ok
21:09:33.0424 0x8bac  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:09:33.0447 0x8bac  MSKSSRV - ok
21:09:33.0479 0x8bac  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
21:09:33.0513 0x8bac  MsLldp - ok
21:09:33.0529 0x8bac  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:33.0558 0x8bac  MSPCLOCK - ok
21:09:33.0581 0x8bac  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:09:33.0600 0x8bac  MSPQM - ok
21:09:33.0630 0x8bac  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:09:33.0652 0x8bac  MsRPC - ok
21:09:33.0661 0x8bac  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
21:09:33.0672 0x8bac  mssmbios - ok
21:09:33.0688 0x8bac  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:09:33.0709 0x8bac  MSTEE - ok
21:09:33.0737 0x8bac  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
21:09:33.0763 0x8bac  MTConfig - ok
21:09:33.0769 0x8bac  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
21:09:33.0781 0x8bac  Mup - ok
21:09:33.0803 0x8bac  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
21:09:33.0815 0x8bac  mvumis - ok
21:09:33.0848 0x8bac  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
21:09:33.0885 0x8bac  napagent - ok
21:09:33.0936 0x8bac  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:09:33.0970 0x8bac  NativeWifiP - ok
21:09:34.0008 0x8bac  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
21:09:34.0043 0x8bac  NcaSvc - ok
21:09:34.0061 0x8bac  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
21:09:34.0129 0x8bac  NcbService - ok
21:09:34.0144 0x8bac  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
21:09:34.0207 0x8bac  NcdAutoSetup - ok
21:09:34.0282 0x8bac  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:09:34.0328 0x8bac  NDIS - ok
21:09:34.0346 0x8bac  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:34.0363 0x8bac  NdisCap - ok
21:09:34.0406 0x8bac  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
21:09:34.0555 0x8bac  NdisImPlatform - ok
21:09:34.0569 0x8bac  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:34.0582 0x8bac  NdisTapi - ok
21:09:34.0598 0x8bac  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:34.0626 0x8bac  Ndisuio - ok
21:09:34.0650 0x8bac  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
21:09:34.0680 0x8bac  NdisVirtualBus - ok
21:09:34.0718 0x8bac  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:34.0761 0x8bac  NdisWan - ok
21:09:34.0769 0x8bac  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:34.0787 0x8bac  NdisWanLegacy - ok
21:09:34.0805 0x8bac  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:09:34.0864 0x8bac  NDProxy - ok
21:09:34.0926 0x8bac  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
21:09:34.0958 0x8bac  Ndu - ok
21:09:34.0986 0x8bac  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:09:35.0020 0x8bac  NetBIOS - ok
21:09:35.0043 0x8bac  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:09:35.0084 0x8bac  NetBT - ok
21:09:35.0118 0x8bac  [ 9E34BF0784E087F7366DBD2BDA01C8EB, 299B4D9DFFC409FDC8AB8678190164E286D16A93F8FEBCE1DA649D2F748A0D1D ] netfilter64     C:\Windows\system32\drivers\netfilter64.sys
21:09:35.0130 0x8bac  netfilter64 - ok
21:09:35.0145 0x8bac  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
21:09:35.0157 0x8bac  Netlogon - ok
21:09:35.0188 0x8bac  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
21:09:35.0208 0x8bac  Netman - ok
21:09:35.0239 0x8bac  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
21:09:35.0273 0x8bac  netprofm - ok
21:09:35.0339 0x8bac  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:35.0353 0x8bac  NetTcpPortSharing - ok
21:09:35.0386 0x8bac  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
21:09:35.0417 0x8bac  netvsc - ok
21:09:35.0462 0x8bac  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:09:35.0504 0x8bac  NlaSvc - ok
21:09:35.0515 0x8bac  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:09:35.0547 0x8bac  Npfs - ok
21:09:35.0567 0x8bac  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
21:09:35.0596 0x8bac  npsvctrig - ok
21:09:35.0620 0x8bac  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\Windows\system32\nsisvc.dll
21:09:35.0647 0x8bac  nsi - ok
21:09:35.0670 0x8bac  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:09:35.0700 0x8bac  nsiproxy - ok
21:09:35.0789 0x8bac  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:09:35.0863 0x8bac  Ntfs - ok
21:09:35.0878 0x8bac  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
21:09:35.0907 0x8bac  Null - ok
21:09:35.0939 0x8bac  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:09:35.0955 0x8bac  nvraid - ok
21:09:35.0971 0x8bac  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:09:35.0985 0x8bac  nvstor - ok
21:09:36.0006 0x8bac  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:09:36.0019 0x8bac  nv_agp - ok
21:09:36.0062 0x8bac  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:36.0074 0x8bac  ose - ok
21:09:36.0116 0x8bac  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:09:36.0220 0x8bac  p2pimsvc - ok
21:09:36.0257 0x8bac  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:09:36.0338 0x8bac  p2psvc - ok
21:09:36.0354 0x8bac  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
21:09:36.0386 0x8bac  Parport - ok
21:09:36.0410 0x8bac  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:09:36.0423 0x8bac  partmgr - ok
21:09:36.0455 0x8bac  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:09:36.0549 0x8bac  PcaSvc - ok
21:09:36.0602 0x8bac  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
21:09:36.0622 0x8bac  pci - ok
21:09:36.0635 0x8bac  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:09:36.0644 0x8bac  pciide - ok
21:09:36.0673 0x8bac  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:09:36.0753 0x8bac  pcmcia - ok
21:09:36.0774 0x8bac  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:09:36.0786 0x8bac  pcw - ok
21:09:36.0824 0x8bac  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
21:09:36.0836 0x8bac  pdc - ok
21:09:36.0889 0x8bac  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:09:36.0938 0x8bac  PEAUTH - ok
21:09:37.0026 0x8bac  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:09:37.0075 0x8bac  PerfHost - ok
21:09:37.0144 0x8bac  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\Windows\system32\pla.dll
21:09:37.0218 0x8bac  pla - ok
21:09:37.0253 0x8bac  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:09:37.0267 0x8bac  PlugPlay - ok
21:09:37.0287 0x8bac  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:09:37.0310 0x8bac  PNRPAutoReg - ok
21:09:37.0338 0x8bac  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:09:37.0358 0x8bac  PNRPsvc - ok
21:09:37.0391 0x8bac  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:09:37.0415 0x8bac  PolicyAgent - ok
21:09:37.0451 0x8bac  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\Windows\system32\umpo.dll
21:09:37.0507 0x8bac  Power - ok
21:09:37.0652 0x8bac  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
21:09:37.0778 0x8bac  PrintNotify - ok
21:09:37.0813 0x8bac  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
21:09:37.0845 0x8bac  Processor - ok
21:09:37.0884 0x8bac  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:09:37.0940 0x8bac  ProfSvc - ok
21:09:37.0955 0x8bac  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:09:37.0984 0x8bac  Psched - ok
21:09:38.0028 0x8bac  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\Windows\system32\qwave.dll
21:09:38.0052 0x8bac  QWAVE - ok
21:09:38.0081 0x8bac  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:09:38.0096 0x8bac  QWAVEdrv - ok
21:09:38.0105 0x8bac  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:09:38.0119 0x8bac  RasAcd - ok
21:09:38.0146 0x8bac  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\Windows\System32\rasauto.dll
21:09:38.0163 0x8bac  RasAuto - ok
21:09:38.0207 0x8bac  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
21:09:38.0294 0x8bac  RasMan - ok
21:09:38.0306 0x8bac  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:38.0321 0x8bac  RasPppoe - ok
21:09:38.0377 0x8bac  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:09:38.0582 0x8bac  rdbss - ok
21:09:38.0632 0x8bac  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
21:09:38.0669 0x8bac  rdpbus - ok
21:09:38.0692 0x8bac  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:09:38.0741 0x8bac  RDPDR - ok
21:09:38.0788 0x8bac  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:38.0798 0x8bac  RdpVideoMiniport - ok
21:09:38.0838 0x8bac  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:09:38.0855 0x8bac  rdyboost - ok
21:09:38.0908 0x8bac  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
21:09:38.0949 0x8bac  ReFS - ok
21:09:38.0986 0x8bac  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:09:39.0006 0x8bac  RemoteAccess - ok
21:09:39.0029 0x8bac  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:09:39.0061 0x8bac  RemoteRegistry - ok
21:09:39.0103 0x8bac  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
21:09:39.0140 0x8bac  RFCOMM - ok
21:09:39.0214 0x8bac  [ CBE300DA6064C31F2AC4ED8A0722BEF0, D98D41937E36390426F521713AF2BAA1E49E750BBEAC420D1BD770EB303F1E4F ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:09:39.0225 0x8bac  RichVideo - ok
21:09:39.0251 0x8bac  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:09:39.0266 0x8bac  RpcEptMapper - ok
21:09:39.0283 0x8bac  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
21:09:39.0296 0x8bac  RpcLocator - ok
21:09:39.0354 0x8bac  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\Windows\system32\rpcss.dll
21:09:39.0384 0x8bac  RpcSs - ok
21:09:39.0427 0x8bac  rqpbhevlkc64 - ok
21:09:39.0455 0x8bac  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:09:39.0485 0x8bac  rspndr - ok
21:09:39.0527 0x8bac  [ 4EC89C0725CE4B98994B88F19B30C288, 4FA73C24A2E18D04CE27EEF17C9AE847D0251B711F60D116139F6166F90CD08F ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
21:09:39.0545 0x8bac  RSUSBVSTOR - ok
21:09:39.0582 0x8bac  [ DDF3EFB4AD226C61D0ADA6E779E3D968, 5B14B35321F10D974B9F47D60C9DAA527A2C907029C242A6F4214E6012A046DA ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:09:39.0593 0x8bac  RtkAudioService - ok
21:09:39.0636 0x8bac  [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
21:09:39.0665 0x8bac  RTL8168 - ok
21:09:39.0691 0x8bac  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
21:09:39.0710 0x8bac  s3cap - ok
21:09:39.0745 0x8bac  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\Windows\system32\lsass.exe
21:09:39.0757 0x8bac  SamSs - ok
21:09:39.0771 0x8bac  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:09:39.0784 0x8bac  sbp2port - ok
21:09:39.0808 0x8bac  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:09:39.0841 0x8bac  SCardSvr - ok
21:09:39.0867 0x8bac  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
21:09:39.0901 0x8bac  ScDeviceEnum - ok
21:09:39.0919 0x8bac  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:09:39.0934 0x8bac  scfilter - ok
21:09:40.0003 0x8bac  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
21:09:40.0110 0x8bac  Schedule - ok
21:09:40.0136 0x8bac  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:09:40.0154 0x8bac  SCPolicySvc - ok
21:09:40.0188 0x8bac  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
21:09:40.0206 0x8bac  sdbus - ok
21:09:40.0248 0x8bac  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
21:09:40.0260 0x8bac  sdstor - ok
21:09:40.0283 0x8bac  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:09:40.0309 0x8bac  secdrv - ok
21:09:40.0339 0x8bac  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
21:09:40.0367 0x8bac  seclogon - ok
21:09:40.0391 0x8bac  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
21:09:40.0426 0x8bac  SENS - ok
21:09:40.0460 0x8bac  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:09:40.0509 0x8bac  SensrSvc - ok
21:09:40.0531 0x8bac  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
21:09:40.0542 0x8bac  SerCx - ok
21:09:40.0578 0x8bac  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
21:09:40.0592 0x8bac  SerCx2 - ok
21:09:40.0607 0x8bac  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
21:09:40.0618 0x8bac  Serenum - ok
21:09:40.0646 0x8bac  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
21:09:40.0659 0x8bac  Serial - ok
21:09:40.0667 0x8bac  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
21:09:40.0678 0x8bac  sermouse - ok
21:09:40.0734 0x8bac  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:09:40.0819 0x8bac  SessionEnv - ok
21:09:40.0832 0x8bac  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
21:09:40.0860 0x8bac  sfloppy - ok
21:09:40.0908 0x8bac  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:09:41.0035 0x8bac  SharedAccess - ok
21:09:41.0075 0x8bac  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:41.0124 0x8bac  ShellHWDetection - ok
21:09:41.0141 0x8bac  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:09:41.0151 0x8bac  SiSRaid2 - ok
21:09:41.0174 0x8bac  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:09:41.0188 0x8bac  SiSRaid4 - ok
21:09:41.0212 0x8bac  [ AE4C16C40AE62CC9B57B6C2B8C115E68, C1C9EC75749F1309531BC6DF0A3ED36BF1646371289412999883099DB6472912 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
21:09:41.0218 0x8bac  SmbDrv - ok
21:09:41.0237 0x8bac  [ A4B4F8AAE42DA4279796D54E9619DAA1, FE2D333E073E6DE0EBFCD1AC1A86BDE86265B421C2ECAECABF1AFDBA453D401A ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
21:09:41.0244 0x8bac  SmbDrvI - ok
21:09:41.0272 0x8bac  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\Windows\System32\smphost.dll
21:09:41.0382 0x8bac  smphost - ok
21:09:41.0403 0x8bac  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:09:41.0427 0x8bac  SNMPTRAP - ok
21:09:41.0467 0x8bac  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
21:09:41.0491 0x8bac  spaceport - ok
21:09:41.0506 0x8bac  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
21:09:41.0517 0x8bac  SpbCx - ok
21:09:41.0553 0x8bac  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\Windows\System32\spoolsv.exe
21:09:41.0627 0x8bac  Spooler - ok
21:09:41.0854 0x8bac  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
21:09:42.0134 0x8bac  sppsvc - ok
21:09:42.0191 0x8bac  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:09:42.0246 0x8bac  srv - ok
21:09:42.0296 0x8bac  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:09:42.0325 0x8bac  srv2 - ok
21:09:42.0351 0x8bac  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:09:42.0366 0x8bac  srvnet - ok
21:09:42.0394 0x8bac  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:09:42.0433 0x8bac  SSDPSRV - ok
21:09:42.0453 0x8bac  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:09:42.0471 0x8bac  SstpSvc - ok
21:09:42.0502 0x8bac  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:09:42.0514 0x8bac  stexstor - ok
21:09:42.0549 0x8bac  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
21:09:42.0655 0x8bac  stisvc - ok
21:09:42.0694 0x8bac  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
21:09:42.0707 0x8bac  storahci - ok
21:09:42.0737 0x8bac  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
21:09:42.0748 0x8bac  storflt - ok
21:09:42.0765 0x8bac  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
21:09:42.0777 0x8bac  stornvme - ok
21:09:42.0795 0x8bac  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\Windows\system32\storsvc.dll
21:09:42.0829 0x8bac  StorSvc - ok
21:09:42.0859 0x8bac  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:09:42.0869 0x8bac  storvsc - ok
21:09:42.0895 0x8bac  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\Windows\system32\svsvc.dll
21:09:42.0931 0x8bac  svsvc - ok
21:09:42.0945 0x8bac  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
21:09:42.0954 0x8bac  swenum - ok
21:09:43.0012 0x8bac  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\Windows\System32\swprv.dll
21:09:43.0101 0x8bac  swprv - ok
21:09:43.0148 0x8bac  [ 90EA1D0A7BCB873EE5075ACCD9636D98, 1D80A8B582B3DC7F1C9AEED33EA3B33F5D7A6BD73D55619035455F5C14D14817 ] SynTP           C:\Windows\System32\drivers\SynTP.sys
21:09:43.0170 0x8bac  SynTP - ok
21:09:43.0244 0x8bac  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\Windows\system32\sysmain.dll
21:09:43.0327 0x8bac  SysMain - ok
21:09:43.0367 0x8bac  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:09:43.0449 0x8bac  SystemEventsBroker - ok
21:09:43.0477 0x8bac  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:43.0494 0x8bac  TabletInputService - ok
21:09:43.0514 0x8bac  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:09:43.0566 0x8bac  TapiSrv - ok
21:09:43.0679 0x8bac  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:09:43.0775 0x8bac  Tcpip - ok
21:09:43.0841 0x8bac  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:09:43.0930 0x8bac  TCPIP6 - ok
21:09:43.0992 0x8bac  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:09:44.0049 0x8bac  tcpipreg - ok
21:09:44.0081 0x8bac  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:09:44.0106 0x8bac  tdx - ok
21:09:44.0121 0x8bac  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
21:09:44.0131 0x8bac  terminpt - ok
21:09:44.0189 0x8bac  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\Windows\System32\termsrv.dll
21:09:44.0265 0x8bac  TermService - ok
21:09:44.0292 0x8bac  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
21:09:44.0328 0x8bac  Themes - ok
21:09:44.0354 0x8bac  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:09:44.0367 0x8bac  THREADORDER - ok
21:09:44.0397 0x8bac  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
21:09:44.0436 0x8bac  TimeBroker - ok
21:09:44.0473 0x8bac  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
21:09:44.0491 0x8bac  TPM - ok
21:09:44.0509 0x8bac  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
21:09:44.0533 0x8bac  TrkWks - ok
21:09:44.0591 0x8bac  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:44.0735 0x8bac  TrustedInstaller - ok
21:09:44.0752 0x8bac  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:09:44.0791 0x8bac  TsUsbFlt - ok
21:09:44.0801 0x8bac  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
21:09:44.0820 0x8bac  TsUsbGD - ok
21:09:44.0851 0x8bac  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:09:44.0868 0x8bac  tunnel - ok
21:09:44.0884 0x8bac  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:09:44.0897 0x8bac  uagp35 - ok
21:09:44.0915 0x8bac  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
21:09:44.0926 0x8bac  UASPStor - ok
21:09:44.0964 0x8bac  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
21:09:44.0979 0x8bac  UCX01000 - ok
21:09:45.0003 0x8bac  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:09:45.0027 0x8bac  udfs - ok
21:09:45.0047 0x8bac  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
21:09:45.0061 0x8bac  UEFI - ok
21:09:45.0088 0x8bac  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:09:45.0119 0x8bac  UI0Detect - ok
21:09:45.0147 0x8bac  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:09:45.0160 0x8bac  uliagpkx - ok
21:09:45.0182 0x8bac  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
21:09:45.0207 0x8bac  umbus - ok
21:09:45.0230 0x8bac  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
21:09:45.0254 0x8bac  UmPass - ok
21:09:45.0294 0x8bac  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:09:45.0328 0x8bac  UmRdpService - ok
21:09:45.0364 0x8bac  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
21:09:45.0408 0x8bac  upnphost - ok
21:09:45.0441 0x8bac  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
21:09:45.0489 0x8bac  USBAAPL64 - ok
21:09:45.0524 0x8bac  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
21:09:45.0544 0x8bac  usbccgp - ok
21:09:45.0563 0x8bac  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
21:09:45.0576 0x8bac  usbcir - ok
21:09:45.0608 0x8bac  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
21:09:45.0620 0x8bac  usbehci - ok
21:09:45.0665 0x8bac  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
21:09:45.0693 0x8bac  usbhub - ok
21:09:45.0748 0x8bac  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
21:09:45.0774 0x8bac  USBHUB3 - ok
21:09:45.0818 0x8bac  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
21:09:46.0002 0x8bac  usbohci - ok
21:09:46.0016 0x8bac  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
21:09:46.0055 0x8bac  usbprint - ok
21:09:46.0099 0x8bac  [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:09:46.0122 0x8bac  usbscan - ok
21:09:46.0164 0x8bac  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
21:09:46.0179 0x8bac  USBSTOR - ok
21:09:46.0217 0x8bac  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
21:09:46.0244 0x8bac  usbuhci - ok
21:09:46.0272 0x8bac  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:09:46.0307 0x8bac  usbvideo - ok
21:09:46.0343 0x8bac  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
21:09:46.0366 0x8bac  USBXHCI - ok
21:09:46.0379 0x8bac  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:09:46.0392 0x8bac  VaultSvc - ok
21:09:46.0404 0x8bac  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:09:46.0416 0x8bac  vdrvroot - ok
21:09:46.0484 0x8bac  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\Windows\System32\vds.exe
21:09:46.0561 0x8bac  vds - ok
21:09:46.0588 0x8bac  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
21:09:46.0604 0x8bac  VerifierExt - ok
21:09:46.0657 0x8bac  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
21:09:46.0690 0x8bac  vhdmp - ok
21:09:46.0720 0x8bac  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:09:46.0730 0x8bac  viaide - ok
21:09:46.0750 0x8bac  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:09:46.0763 0x8bac  vmbus - ok
21:09:46.0774 0x8bac  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
21:09:46.0784 0x8bac  VMBusHID - ok
21:09:46.0832 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
21:09:46.0940 0x8bac  vmicguestinterface - ok
21:09:46.0955 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
21:09:46.0978 0x8bac  vmicheartbeat - ok
21:09:46.0994 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
21:09:47.0018 0x8bac  vmickvpexchange - ok
21:09:47.0033 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\Windows\System32\ICSvc.dll
21:09:47.0055 0x8bac  vmicrdv - ok
21:09:47.0070 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
21:09:47.0096 0x8bac  vmicshutdown - ok
21:09:47.0111 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
21:09:47.0135 0x8bac  vmictimesync - ok
21:09:47.0150 0x8bac  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\Windows\System32\ICSvc.dll
21:09:47.0171 0x8bac  vmicvss - ok
21:09:47.0206 0x8bac  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:09:47.0219 0x8bac  volmgr - ok
21:09:47.0234 0x8bac  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:09:47.0255 0x8bac  volmgrx - ok
21:09:47.0301 0x8bac  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:09:47.0322 0x8bac  volsnap - ok
21:09:47.0338 0x8bac  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
21:09:47.0349 0x8bac  vpci - ok
21:09:47.0380 0x8bac  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:09:47.0397 0x8bac  vsmraid - ok
21:09:47.0469 0x8bac  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\Windows\system32\vssvc.exe
21:09:47.0535 0x8bac  VSS - ok
21:09:47.0573 0x8bac  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
21:09:47.0592 0x8bac  VSTXRAID - ok
21:09:47.0638 0x8bac  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:09:47.0726 0x8bac  vwifibus - ok
21:09:47.0768 0x8bac  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:47.0794 0x8bac  vwififlt - ok
21:09:47.0815 0x8bac  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:09:47.0826 0x8bac  vwifimp - ok
21:09:47.0859 0x8bac  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\Windows\system32\w32time.dll
21:09:47.0885 0x8bac  W32Time - ok
21:09:47.0902 0x8bac  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
21:09:47.0913 0x8bac  WacomPen - ok
21:09:47.0995 0x8bac  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
21:09:48.0127 0x8bac  wbengine - ok
21:09:48.0166 0x8bac  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:09:48.0270 0x8bac  WbioSrvc - ok
21:09:48.0319 0x8bac  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
21:09:48.0370 0x8bac  Wcmsvc - ok
21:09:48.0411 0x8bac  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:09:48.0542 0x8bac  wcncsvc - ok
21:09:48.0573 0x8bac  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:48.0630 0x8bac  WcsPlugInService - ok
21:09:48.0662 0x8bac  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
21:09:48.0672 0x8bac  WdBoot - ok
21:09:48.0726 0x8bac  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:09:48.0761 0x8bac  Wdf01000 - ok
21:09:48.0781 0x8bac  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
21:09:48.0799 0x8bac  WdFilter - ok
21:09:48.0828 0x8bac  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:09:48.0860 0x8bac  WdiServiceHost - ok
21:09:48.0865 0x8bac  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:09:48.0884 0x8bac  WdiSystemHost - ok
21:09:48.0918 0x8bac  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
21:09:48.0930 0x8bac  WdNisDrv - ok
21:09:48.0959 0x8bac  WdNisSvc - ok
21:09:48.0997 0x8bac  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\Windows\System32\webclnt.dll
21:09:49.0020 0x8bac  WebClient - ok
21:09:49.0048 0x8bac  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:09:49.0077 0x8bac  Wecsvc - ok
21:09:49.0099 0x8bac  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
21:09:49.0117 0x8bac  WEPHOSTSVC - ok
21:09:49.0155 0x8bac  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:09:49.0235 0x8bac  wercplsupport - ok
21:09:49.0275 0x8bac  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:09:49.0307 0x8bac  WerSvc - ok
21:09:49.0338 0x8bac  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
21:09:49.0351 0x8bac  WFPLWFS - ok
21:09:49.0379 0x8bac  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
21:09:49.0394 0x8bac  WiaRpc - ok
21:09:49.0423 0x8bac  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:09:49.0432 0x8bac  WIMMount - ok
21:09:49.0435 0x8bac  WinDefend - ok
21:09:49.0479 0x8bac  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:09:49.0526 0x8bac  WinHttpAutoProxySvc - ok
21:09:49.0587 0x8bac  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:09:49.0604 0x8bac  Winmgmt - ok
21:09:49.0707 0x8bac  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:09:49.0835 0x8bac  WinRM - ok
21:09:49.0870 0x8bac  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:49.0895 0x8bac  WinUsb - ok
21:09:49.0969 0x8bac  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\Windows\System32\wlansvc.dll
21:09:50.0024 0x8bac  WlanSvc - ok
21:09:50.0111 0x8bac  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
21:09:50.0185 0x8bac  wlidsvc - ok
21:09:50.0203 0x8bac  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
21:09:50.0224 0x8bac  WmiAcpi - ok
21:09:50.0250 0x8bac  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:09:50.0306 0x8bac  wmiApSrv - ok
21:09:50.0332 0x8bac  WMPNetworkSvc - ok
21:09:50.0364 0x8bac  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
21:09:50.0380 0x8bac  Wof - ok
21:09:50.0460 0x8bac  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
21:09:50.0552 0x8bac  workfolderssvc - ok
21:09:50.0587 0x8bac  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
21:09:50.0599 0x8bac  wpcfltr - ok
21:09:50.0624 0x8bac  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:09:50.0659 0x8bac  WPCSvc - ok
21:09:50.0690 0x8bac  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:09:50.0827 0x8bac  WPDBusEnum - ok
21:09:50.0861 0x8bac  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
21:09:50.0872 0x8bac  WpdUpFltr - ok
21:09:50.0893 0x8bac  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:09:50.0934 0x8bac  ws2ifsl - ok
21:09:50.0976 0x8bac  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:09:51.0063 0x8bac  wscsvc - ok
21:09:51.0067 0x8bac  WSearch - ok
21:09:51.0197 0x8bac  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\Windows\System32\WSService.dll
21:09:51.0353 0x8bac  WSService - ok
21:09:51.0493 0x8bac  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:09:51.0682 0x8bac  wuauserv - ok
21:09:51.0715 0x8bac  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:09:51.0777 0x8bac  WudfPf - ok
21:09:51.0801 0x8bac  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
21:09:51.0816 0x8bac  WUDFRd - ok
21:09:51.0825 0x8bac  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
21:09:51.0839 0x8bac  WUDFSensorLP - ok
21:09:51.0861 0x8bac  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:09:51.0890 0x8bac  wudfsvc - ok
21:09:51.0923 0x8bac  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:51.0938 0x8bac  WUDFWpdFs - ok
21:09:51.0947 0x8bac  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:51.0963 0x8bac  WUDFWpdMtp - ok
21:09:52.0008 0x8bac  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:09:52.0038 0x8bac  WwanSvc - ok
21:09:52.0050 0x8bac  ================ Scan global ===============================
21:09:52.0096 0x8bac  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
21:09:52.0141 0x8bac  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
21:09:52.0178 0x8bac  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
21:09:52.0226 0x8bac  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
21:09:52.0237 0x8bac  [ Global ] - ok
21:09:52.0238 0x8bac  ================ Scan MBR ==================================
21:09:52.0247 0x8bac  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:09:52.0399 0x8bac  \Device\Harddisk0\DR0 - ok
21:09:52.0399 0x8bac  ================ Scan VBR ==================================
21:09:52.0434 0x8bac  [ 2CF3C5A8EE508FA3104FF1515E19D70F ] \Device\Harddisk0\DR0\Partition1
21:09:52.0447 0x8bac  \Device\Harddisk0\DR0\Partition1 - ok
21:09:52.0457 0x8bac  [ 811461FF8990BC0DCDEBA31FC954CEFA ] \Device\Harddisk0\DR0\Partition2
21:09:52.0466 0x8bac  \Device\Harddisk0\DR0\Partition2 - ok
21:09:52.0474 0x8bac  [ 0D52EBCA2192D37E8762FC6A8E0C2F78 ] \Device\Harddisk0\DR0\Partition3
21:09:52.0475 0x8bac  \Device\Harddisk0\DR0\Partition3 - ok
21:09:52.0484 0x8bac  [ 1BAB517E8B5B014D01E515D1BB47FBA8 ] \Device\Harddisk0\DR0\Partition4
21:09:52.0496 0x8bac  \Device\Harddisk0\DR0\Partition4 - ok
21:09:52.0507 0x8bac  [ B55EE2C68500ECE42D1F89B4D894A268 ] \Device\Harddisk0\DR0\Partition5
21:09:52.0524 0x8bac  \Device\Harddisk0\DR0\Partition5 - ok
21:09:52.0559 0x8bac  [ 068F1105387B046DC75F47CEED27162B ] \Device\Harddisk0\DR0\Partition6
21:09:52.0590 0x8bac  \Device\Harddisk0\DR0\Partition6 - ok
21:09:52.0591 0x8bac  ================ Scan generic autorun ======================
21:09:52.0887 0x8bac  [ 5BAD798CBAB39F3A56A9CD495320F67E, 668FB3F30DD99CBF9EBDDF4C079636DFD2C7693B3506AC8A6DD1B3CA4B5BAF11 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:09:53.0052 0x8bac  RTHDVCPL - ok
21:09:53.0129 0x95dc  Object required for P2P: [ D5C3776CBD8BC307DCCA3FD4CE667A37 ] SessionEnv
21:09:53.0146 0x8bac  [ 59F8DA04498B80D58FD8638370C5C84F, 522F347F1F1B3991FDC60FF3CE8F8ABB2EDFE65C569D18EF5ACB690FD1BADC82 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:09:53.0182 0x8bac  RtHDVBg - ok
21:09:53.0221 0x8bac  [ 59F8DA04498B80D58FD8638370C5C84F, 522F347F1F1B3991FDC60FF3CE8F8ABB2EDFE65C569D18EF5ACB690FD1BADC82 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:09:53.0259 0x8bac  RtHDVBg_PushButton - ok
21:09:53.0458 0x8bac  [ 9709A4AE6D5D6B047AC2ED0A0C129879, EFABC304C70A548A4B5217CCEC2ADE832EC433AED38E4B1EE5CC2D91F30DF764 ] c:\Program Files\Dell\QuickSet\QuickSet.exe
21:09:53.0594 0x8bac  QuickSet - ok
21:09:53.0659 0x8bac  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:09:53.0693 0x8bac  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:09:56.0142 0x8bac  Detect skipped due to KSN trusted
21:09:56.0143 0x8bac  IAStorIcon - ok
21:09:56.0201 0x8bac  [ ED77575498921FE61B53A5EBB1F4136B, C52D3451F34E5115A1AAA424DC8F0A7A2AA3468726BA1873F0BCCFE1480FCB57 ] C:\Windows\system32\igfxtray.exe
21:09:56.0218 0x8bac  IgfxTray - ok
21:09:56.0257 0x8bac  [ C89C68961854E7A67946BE47D44EFAF4, 954EE4BF56F9602B6275B6F852BBB5F739147B3D1395AC07A02BDE0027828CFF ] C:\Windows\system32\igfxpers.exe
21:09:56.0281 0x8bac  Persistence - ok
21:09:56.0337 0x8bac  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
21:09:56.0362 0x8bac  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
21:09:58.0821 0x8bac  Detect skipped due to KSN trusted
21:09:58.0821 0x8bac  QuickTime Task - ok
21:09:58.0919 0x8bac  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
21:09:58.0928 0x8bac  iTunesHelper - ok
21:09:59.0004 0x8bac  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
21:09:59.0025 0x8bac  avgnt - ok
21:09:59.0163 0x8bac  [ E620F441DA4D40862E497971B1207002, E72C51944C7EF136B58DF94CB20F75A897F8141CC5AE4588441FA095728FC7B0 ] C:\Users\Otmar\AppData\Local\Smartbar\Application\SnapDo.exe
21:09:59.0171 0x8bac  Browser Infrastructure Helper - ok
21:09:59.0287 0x8bac  [ 496EFC8A18F27B923C825F9E8D6A6D1D, FCC0B7605F1EBE10A92D603385FA006EC0937A0EB00FEF9CB20847EFE6A082A6 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
21:09:59.0308 0x8bac  GarminExpressTrayApp - ok
21:09:59.0394 0x8bac  [ 8D6D691AA7AA121AC048BA594AD7E647, 8583202D26BA894F30C222EF1DA155427E738DA7DF6C7EBDAA982DE070B88095 ] C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
21:09:59.0407 0x8bac  DellSystemDetect - ok
21:09:59.0408 0x8bac  Waiting for KSN requests completion. In queue: 153
21:10:00.0409 0x8bac  Waiting for KSN requests completion. In queue: 153
21:10:01.0410 0x8bac  Waiting for KSN requests completion. In queue: 153
21:10:01.0949 0x9a84  Object required for P2P: [ 48430B0313FC1CFE3D2400553F1A93CD ] USBXHCI
21:10:02.0410 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:03.0411 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:04.0412 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:05.0413 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:06.0413 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:07.0414 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:08.0415 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:09.0415 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:10.0416 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:11.0417 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:12.0418 0x8bac  Waiting for KSN requests completion. In queue: 89
21:10:13.0132 0x95dc  Object send P2P result: false
21:10:13.0418 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:14.0419 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:15.0420 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:16.0420 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:17.0421 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:18.0422 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:19.0423 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:20.0423 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:21.0424 0x8bac  Waiting for KSN requests completion. In queue: 82
21:10:21.0951 0x9a84  Object send P2P result: false
21:10:22.0470 0x8bac  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
21:10:22.0470 0x8bac  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
21:10:22.0581 0x8bac  Win FW state via NFP2: enabled
21:10:25.0036 0x8bac  ============================================================
21:10:25.0036 0x8bac  Scan finished
21:10:25.0036 0x8bac  ============================================================
21:10:25.0043 0x0c08  Detected object count: 0
21:10:25.0043 0x0c08  Actual detected object count: 0

schrauber · 07.02.2015, 12:23

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Otti58 · 07.02.2015, 14:50

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.02.2015
Suchlauf-Zeit: 13:16:50
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.07.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Otmar

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341592
Verstrichene Zeit: 29 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 07/02/2015 um 14:29:59
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Otmar - OTMAR
# Gestarted von : C:\Users\Otmar\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Otmar\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Otmar\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Otmar\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Otmar\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Otmar\AppData\Roaming\aps.uninstall.scan.results

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchApp

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Otmar\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Otmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555825544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566826644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555825544}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566826644}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B783C35F-94BA-4ABB-8214-1374C1BD7E73}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [10356 Bytes] - [07/02/2015 14:20:23]
AdwCleaner[S0].txt - [10138 Bytes] - [07/02/2015 14:29:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10198  Bytes] ##########

--- --- ---

[/CODE]

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Otmar on 07.02.2015 at 14:37:10,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544824444}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544824444}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544824444}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544824444}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Otmar\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Otmar\appdata\locallow\pcdr"



~~~ FireFox

Emptied folder: C:\Users\Otmar\AppData\Roaming\mozilla\firefox\profiles\vxva1dg4.default-1406699693556\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2015 at 14:39:04,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Otmar (administrator) on OTMAR on 07-02-2015 14:47:23
Running from C:\Users\Otmar\Downloads
Loaded Profiles: Otmar (Available profiles: Otmar)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dell) C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [DellSystemDetect] => C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-16] (Dell)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\MountPoints2: {12489d96-e1e1-11e3-8254-342387dc639a} - "E:\Password.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {5CA394D9-0A3E-4AAE-8FE3-4F52A1DAB095} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {8C7A5C9F-0F4A-4635-BE91-B5ABC958716E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> No Name - {A6D030CA-393E-4DEC-BD1C-43F29D060812} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Otmar\AppData\Roaming\Mozilla\Firefox\Profiles\vxva1dg4.default-1406699693556
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-06] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Users\Otmar\AppData\Local\Temp\7zS07EE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-06] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 14:39 - 2015-02-07 14:39 - 00001431 _____ () C:\Users\Otmar\Desktop\JRT.txt
2015-02-07 14:34 - 2015-02-07 14:35 - 01388274 _____ (Thisisu) C:\Users\Otmar\Downloads\JRT.exe
2015-02-07 14:19 - 2015-02-07 14:30 - 00000000 ____D () C:\AdwCleaner
2015-02-07 14:19 - 2015-02-07 14:19 - 02112512 _____ () C:\Users\Otmar\Downloads\AdwCleaner_4.110.exe
2015-02-07 14:10 - 2015-02-07 14:10 - 00001190 _____ () C:\Users\Otmar\Desktop\mbam.txt
2015-02-07 13:15 - 2015-02-07 13:15 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 13:15 - 2015-02-07 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 13:15 - 2015-02-07 13:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 13:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 13:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 13:13 - 2015-02-07 13:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Otmar\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-06 21:06 - 2015-02-06 21:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Otmar\Downloads\tdsskiller.exe
2015-02-06 19:46 - 2015-02-07 13:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 19:46 - 2015-02-07 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 19:46 - 2015-02-06 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 19:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 19:43 - 2015-02-06 21:06 - 00000000 ____D () C:\Users\Otmar\Desktop\mbar
2015-02-06 19:42 - 2015-02-06 19:43 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Otmar\Downloads\mbar-1.08.3.1004.exe
2015-02-06 19:31 - 2015-02-06 19:31 - 00001286 _____ () C:\Users\Otmar\Desktop\Revo Uninstaller.lnk
2015-02-06 19:31 - 2015-02-06 19:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-06 19:29 - 2015-02-06 19:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Otmar\Downloads\revosetup95.exe
2015-02-05 19:55 - 2015-02-05 19:56 - 00027399 _____ () C:\Users\Otmar\Downloads\Addition.txt
2015-02-05 19:54 - 2015-02-07 14:47 - 00014283 _____ () C:\Users\Otmar\Downloads\FRST.txt
2015-02-05 19:54 - 2015-02-07 14:47 - 00000000 ____D () C:\FRST
2015-02-05 19:53 - 2015-02-05 19:53 - 02131968 _____ (Farbar) C:\Users\Otmar\Downloads\FRST64.exe
2015-02-04 21:14 - 2015-02-04 21:15 - 13087456 _____ (Microsoft Corporation) C:\Users\Otmar\Downloads\Silverlight_x64(2).exe
2015-01-26 20:29 - 2015-01-26 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:00 - 2015-01-26 19:00 - 00012105 _____ () C:\Users\Otmar\Documents\Ausgaben  2014.docm
2015-01-26 18:56 - 2015-01-26 18:56 - 00012371 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2014.docm
2015-01-26 18:44 - 2015-01-26 19:57 - 00012437 _____ () C:\Users\Otmar\Documents\Weihnachtsmarkt 2014.docm
2015-01-26 18:35 - 2015-01-26 18:35 - 00012323 _____ () C:\Users\Otmar\Documents\weihnachtsmarkt 2013.docm
2015-01-25 11:10 - 2015-01-25 11:10 - 00000000 ____D () C:\ProgramData\HP
2015-01-25 10:56 - 2015-01-25 10:56 - 00000000 __SHD () C:\Users\Otmar\AppData\Local\EmieBrowserModeList
2015-01-25 10:54 - 2015-01-25 10:54 - 00000000 ____D () C:\Users\Otmar\AppData\Local\AAV
2015-01-25 10:53 - 2015-01-25 10:59 - 00002223 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-25 10:53 - 2015-01-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-25 10:53 - 2015-01-25 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-25 10:50 - 2015-01-25 10:54 - 00000000 ____D () C:\ProgramData\AAV
2015-01-25 07:44 - 2015-01-25 07:44 - 00026552 _____ () C:\Users\Otmar\Downloads\confirmation.htm
2015-01-25 07:44 - 2015-01-25 07:44 - 00000000 ____D () C:\Users\Otmar\Downloads\confirmation-Dateien
2015-01-19 18:09 - 2014-01-02 18:46 - 00010853 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2013.docm
2015-01-19 18:07 - 2014-01-02 18:59 - 00010637 _____ () C:\Users\Otmar\Documents\Ausgaben  2013.docm
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-16 18:25 - 2015-02-04 22:03 - 00000112 _____ () C:\ProgramData\g58oQn8i.dat
2015-01-14 06:24 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:24 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:24 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:23 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:23 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:23 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:23 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:23 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:23 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:23 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:23 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 14:47 - 2014-11-05 07:19 - 00005124 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OTMAR-Otmar Otmar
2015-02-07 14:42 - 2014-05-19 09:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3141491611-4293368238-2896361332-1001
2015-02-07 14:35 - 2014-06-22 06:09 - 01595370 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 14:33 - 2014-05-19 09:08 - 00000000 ___DO () C:\Users\Otmar\SkyDrive
2015-02-07 14:31 - 2014-11-06 20:14 - 00003429 _____ () C:\Windows\setupact.log
2015-02-07 14:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 14:30 - 2014-11-07 19:43 - 00463052 _____ () C:\Windows\PFRO.log
2015-02-07 14:30 - 2014-05-29 04:22 - 00001097 _____ () C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-07 14:30 - 2014-05-29 04:22 - 00001067 _____ () C:\Users\Otmar\Desktop\Search.lnk
2015-02-07 14:30 - 2014-05-19 09:06 - 00001009 _____ () C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 14:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-07 14:13 - 2014-06-02 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 14:13 - 2013-08-22 15:44 - 00491720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 14:10 - 2014-05-29 04:28 - 00000000 ____D () C:\Users\Otmar\AppData\Local\com
2015-02-07 14:10 - 2014-03-12 00:16 - 00000000 ____D () C:\Temp
2015-02-07 14:10 - 2014-03-12 00:11 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-07 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-07 09:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 09:35 - 2014-05-19 09:23 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{450516F8-3DA2-41CF-945D-2507486248E4}
2015-02-05 19:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-26 18:28 - 2014-11-07 20:13 - 00022754 _____ () C:\Users\Otmar\Documents\Kopie von Hörbücher.xlsx
2015-01-24 21:20 - 2014-11-15 12:52 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-15 12:52 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 09:16 - 2014-10-27 19:31 - 00000799 _____ () C:\Users\Otmar\Downloads\FRITZ!Box.htm
2015-01-14 15:37 - 2014-05-21 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:35 - 2014-05-21 22:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-11 23:32 - 2014-03-11 23:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-16 18:25 - 2015-02-04 22:03 - 0000112 _____ () C:\ProgramData\g58oQn8i.dat
2014-03-12 00:08 - 2014-03-12 00:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-12 00:04 - 2014-03-12 00:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-12 00:06 - 2014-03-12 00:07 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-12 00:07 - 2014-03-12 00:08 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-12 00:04 - 2014-03-12 00:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\g58oQn8i.dat


Some content of TEMP:
====================
C:\Users\Otmar\AppData\Local\Temp\avgnt.exe
C:\Users\Otmar\AppData\Local\Temp\Quarantine.exe
C:\Users\Otmar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 23:09

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

schrauber · 08.02.2015, 08:55

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Otti58 · 08.02.2015, 13:52

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e413cdca00aec64a86c37cabed7b75e2
# engine=22362
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 12:40:48
# local_time=2015-02-08 01:40:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 55029 23772246 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7347246 22857754 0 0
# scanned=258224
# found=11
# cleaned=0
# scan_time=11679
sh=04048E5F849C17A7D085A4F265CF19FDED930C5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3141491611-4293368238-2896361332-1001\$R9D19WX\58024.crx"
sh=5F9CCBDCC7AF4AB25A73B636EBCE0B0CA5E92225 ft=1 fh=24bd3d4bb082217f vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3141491611-4293368238-2896361332-1001\$R9D19WX\Uninstall.exe"
sh=9BA6DC699104472080E202066F9A6194C861BBC4 ft=1 fh=644180d9ce5cd441 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Otmar\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=50A844EC797C7B349568096C0673E00290A7498C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Temp\InstallFilter64.msi"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Otmar\Downloads\ReimageRepair(1).exe"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Otmar\Downloads\ReimageRepair.exe"
sh=D32F0995412989CBDEFF94FF75E9CDF25799CE2C ft=1 fh=022ce81ee5d3fbec vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Otmar\Downloads\SharePod - CHIP-Downloader.exe"
sh=A67142491EA3867E44BEC9AB17D7BBB30BDD1805 ft=1 fh=cd5c35e896d99c55 vn="Variante von Win32/AdWare.CouponAmazing.B Anwendung" ac=I fn="C:\Windows\Temp\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237Eie.exe"
sh=3DEEFB16E53E462DEC3F8E0BD4E21A6991460CEF ft=1 fh=0080dc61b784d694 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\Windows\Temp\aaccee\aabbcc.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 	13.0.0.214 Flash Player out of Date!  
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Otmar (administrator) on OTMAR on 08-02-2015 13:49:36
Running from C:\Users\Otmar\Downloads
Loaded Profiles: Otmar (Available profiles: Otmar)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
Failed to access process -> csrss.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\Run: [DellSystemDetect] => C:\Users\Otmar\AppData\Local\Apps\2.0\BPVLMOTC.N35\E1X2804B.536\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-16] (Dell)
HKU\S-1-5-21-3141491611-4293368238-2896361332-1001\...\MountPoints2: {12489d96-e1e1-11e3-8254-342387dc639a} - "E:\Password.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {5CA394D9-0A3E-4AAE-8FE3-4F52A1DAB095} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
SearchScopes: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> {8C7A5C9F-0F4A-4635-BE91-B5ABC958716E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3141491611-4293368238-2896361332-1001 -> No Name - {A6D030CA-393E-4DEC-BD1C-43F29D060812} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Otmar\AppData\Roaming\Mozilla\Firefox\Profiles\vxva1dg4.default-1406699693556
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-06] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Users\Otmar\AppData\Local\Temp\7zS07EE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-06] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:49 - 2015-02-08 13:49 - 00000000 ____D () C:\Users\Otmar\Downloads\FRST-OlderVersion
2015-02-08 13:47 - 2015-02-08 13:47 - 00852594 _____ () C:\Users\Otmar\Downloads\SecurityCheck.exe
2015-02-08 10:21 - 2015-02-08 10:21 - 02347384 _____ (ESET) C:\Users\Otmar\Downloads\esetsmartinstaller_deu.exe
2015-02-07 14:39 - 2015-02-07 14:39 - 00001431 _____ () C:\Users\Otmar\Desktop\JRT.txt
2015-02-07 14:34 - 2015-02-07 14:35 - 01388274 _____ (Thisisu) C:\Users\Otmar\Downloads\JRT.exe
2015-02-07 14:19 - 2015-02-07 14:30 - 00000000 ____D () C:\AdwCleaner
2015-02-07 14:19 - 2015-02-07 14:19 - 02112512 _____ () C:\Users\Otmar\Downloads\AdwCleaner_4.110.exe
2015-02-07 14:10 - 2015-02-07 14:10 - 00001190 _____ () C:\Users\Otmar\Desktop\mbam.txt
2015-02-07 13:15 - 2015-02-07 13:15 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 13:15 - 2015-02-07 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 13:15 - 2015-02-07 13:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 13:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 13:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 13:13 - 2015-02-07 13:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Otmar\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-06 21:06 - 2015-02-06 21:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Otmar\Downloads\tdsskiller.exe
2015-02-06 19:46 - 2015-02-07 13:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 19:46 - 2015-02-07 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 19:46 - 2015-02-06 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 19:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 19:43 - 2015-02-06 21:06 - 00000000 ____D () C:\Users\Otmar\Desktop\mbar
2015-02-06 19:42 - 2015-02-06 19:43 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Otmar\Downloads\mbar-1.08.3.1004.exe
2015-02-06 19:31 - 2015-02-06 19:31 - 00001286 _____ () C:\Users\Otmar\Desktop\Revo Uninstaller.lnk
2015-02-06 19:31 - 2015-02-06 19:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-06 19:29 - 2015-02-06 19:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Otmar\Downloads\revosetup95.exe
2015-02-05 19:55 - 2015-02-05 19:56 - 00027399 _____ () C:\Users\Otmar\Downloads\Addition.txt
2015-02-05 19:54 - 2015-02-08 13:49 - 00014375 _____ () C:\Users\Otmar\Downloads\FRST.txt
2015-02-05 19:54 - 2015-02-08 13:49 - 00000000 ____D () C:\FRST
2015-02-05 19:53 - 2015-02-08 13:49 - 02132992 _____ (Farbar) C:\Users\Otmar\Downloads\FRST64.exe
2015-02-04 21:14 - 2015-02-04 21:15 - 13087456 _____ (Microsoft Corporation) C:\Users\Otmar\Downloads\Silverlight_x64(2).exe
2015-01-26 20:29 - 2015-01-26 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:00 - 2015-01-26 19:00 - 00012105 _____ () C:\Users\Otmar\Documents\Ausgaben  2014.docm
2015-01-26 18:56 - 2015-01-26 18:56 - 00012371 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2014.docm
2015-01-26 18:44 - 2015-01-26 19:57 - 00012437 _____ () C:\Users\Otmar\Documents\Weihnachtsmarkt 2014.docm
2015-01-26 18:35 - 2015-01-26 18:35 - 00012323 _____ () C:\Users\Otmar\Documents\weihnachtsmarkt 2013.docm
2015-01-25 11:10 - 2015-01-25 11:10 - 00000000 ____D () C:\ProgramData\HP
2015-01-25 10:56 - 2015-01-25 10:56 - 00000000 __SHD () C:\Users\Otmar\AppData\Local\EmieBrowserModeList
2015-01-25 10:54 - 2015-01-25 10:54 - 00000000 ____D () C:\Users\Otmar\AppData\Local\AAV
2015-01-25 10:53 - 2015-01-25 10:59 - 00002223 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-25 10:53 - 2015-01-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-25 10:53 - 2015-01-25 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-25 10:50 - 2015-01-25 10:54 - 00000000 ____D () C:\ProgramData\AAV
2015-01-25 07:44 - 2015-01-25 07:44 - 00026552 _____ () C:\Users\Otmar\Downloads\confirmation.htm
2015-01-25 07:44 - 2015-01-25 07:44 - 00000000 ____D () C:\Users\Otmar\Downloads\confirmation-Dateien
2015-01-19 18:09 - 2014-01-02 18:46 - 00010853 _____ () C:\Users\Otmar\Documents\Sonstige Ausgaben2013.docm
2015-01-19 18:07 - 2014-01-02 18:59 - 00010637 _____ () C:\Users\Otmar\Documents\Ausgaben  2013.docm
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-17 07:21 - 2015-01-17 07:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-16 18:25 - 2015-02-04 22:03 - 00000112 _____ () C:\ProgramData\g58oQn8i.dat
2015-01-14 06:24 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:24 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:24 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:23 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:23 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:23 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:23 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:23 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:23 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:23 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:23 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:23 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:23 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:23 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:23 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 06:23 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:23 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:23 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-08 11:50 - 2014-11-09 10:56 - 00000000 ____D () C:\Users\Otmar\AppData\Local\Windows Live
2015-02-08 11:34 - 2014-06-22 06:09 - 01666808 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 10:12 - 2014-03-11 23:45 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 10:12 - 2013-08-23 00:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 10:12 - 2013-08-23 00:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 10:10 - 2014-11-06 20:14 - 00005021 _____ () C:\Windows\setupact.log
2015-02-08 08:10 - 2014-11-05 07:19 - 00005124 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OTMAR-Otmar Otmar
2015-02-08 08:00 - 2014-05-19 09:23 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{450516F8-3DA2-41CF-945D-2507486248E4}
2015-02-08 07:59 - 2014-05-19 09:08 - 00000000 ___DO () C:\Users\Otmar\SkyDrive
2015-02-07 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 14:55 - 2014-05-19 09:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3141491611-4293368238-2896361332-1001
2015-02-07 14:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 14:30 - 2014-11-07 19:43 - 00463052 _____ () C:\Windows\PFRO.log
2015-02-07 14:30 - 2014-05-29 04:22 - 00001097 _____ () C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-07 14:30 - 2014-05-29 04:22 - 00001067 _____ () C:\Users\Otmar\Desktop\Search.lnk
2015-02-07 14:30 - 2014-05-19 09:06 - 00001009 _____ () C:\Users\Otmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 14:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-07 14:13 - 2014-06-02 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 14:13 - 2014-03-12 00:11 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-07 14:13 - 2013-08-22 15:44 - 00491720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 14:10 - 2014-05-29 04:28 - 00000000 ____D () C:\Users\Otmar\AppData\Local\com
2015-02-07 14:10 - 2014-03-12 00:16 - 00000000 ____D () C:\Temp
2015-02-05 19:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-26 18:28 - 2014-11-07 20:13 - 00022754 _____ () C:\Users\Otmar\Documents\Kopie von Hörbücher.xlsx
2015-01-24 21:20 - 2014-11-15 12:52 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-15 12:52 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 09:16 - 2014-10-27 19:31 - 00000799 _____ () C:\Users\Otmar\Downloads\FRITZ!Box.htm
2015-01-14 15:37 - 2014-05-21 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:35 - 2014-05-21 22:05 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-11 23:32 - 2014-03-11 23:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-16 18:25 - 2015-02-04 22:03 - 0000112 _____ () C:\ProgramData\g58oQn8i.dat
2014-03-12 00:08 - 2014-03-12 00:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-12 00:04 - 2014-03-12 00:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-12 00:06 - 2014-03-12 00:07 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-12 00:07 - 2014-03-12 00:08 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-12 00:04 - 2014-03-12 00:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\g58oQn8i.dat


Some content of TEMP:
====================
C:\Users\Otmar\AppData\Local\Temp\avgnt.exe
C:\Users\Otmar\AppData\Local\Temp\Quarantine.exe
C:\Users\Otmar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 23:09

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

schrauber · 08.02.2015, 18:11

Flash Player updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin
C:\Temp\InstallFilter64.msi

C:\Users\Otmar\Downloads\ReimageRepair(1).exe

C:\Users\Otmar\Downloads\ReimageRepair.exe

C:\Users\Otmar\Downloads\SharePod - CHIP-Downloader.exe

C:\Windows\Temp\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237Eie.exe

C:\Windows\Temp\aaccee
C:\ProgramData\g58oQn8i.dat
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Otti58 · 08.02.2015, 19:51

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Otmar at 2015-02-08 19:13:00 Run:1
Running from C:\Users\Otmar\Downloads
Loaded Profiles: Otmar (Available profiles: Otmar)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
C:\Temp\InstallFilter64.msi

C:\Users\Otmar\Downloads\ReimageRepair(1).exe

C:\Users\Otmar\Downloads\ReimageRepair.exe

C:\Users\Otmar\Downloads\SharePod - CHIP-Downloader.exe

C:\Windows\Temp\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237Eie.exe

C:\Windows\Temp\aaccee
C:\ProgramData\g58oQn8i.dat
Emptytemp:
*****************

C:\$Recycle.Bin => Moved successfully.
C:\Temp\InstallFilter64.msi => Moved successfully.
C:\Users\Otmar\Downloads\ReimageRepair(1).exe => Moved successfully.
C:\Users\Otmar\Downloads\ReimageRepair.exe => Moved successfully.
C:\Users\Otmar\Downloads\SharePod - CHIP-Downloader.exe => Moved successfully.
"C:\Windows\Temp\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237Eie.exe" => File/Directory not found.
C:\Windows\Temp\aaccee => Moved successfully.
C:\ProgramData\g58oQn8i.dat => Moved successfully.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:23:43 ====

Vielen herzlichen Dank für die Hilfe

Ist bezüglich dem unten genannten File noch etwas zu veranlassen oder kann ich Delfix drüber laufen lassen?

"C:\Windows\Temp\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237Eie.exe" => File/Directory not found.

schrauber · 09.02.2015, 06:45

Nee, wir haben ja die Temps komplett geleert

Otti58 · 09.02.2015, 20:40

Hallo Schrauber,

keine Probleme mehr! Vielen Dank für deine Unterstüzung

Ich werde euch definitiv weiter empfehlen!

schrauber · 10.02.2015, 07:01

Gern Geschehen

09.02.2015, 06:45	#12
schrauber /// the machine /// TB-Ausbilder	Sicherheitswarnung Telekom Abuse Team Nee, wir haben ja die Temps komplett geleert __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.02.2015, 07:01	#14
schrauber /// the machine /// TB-Ausbilder	Sicherheitswarnung Telekom Abuse Team Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Sicherheitswarnung Telekom Abuse Team

Log-Analyse und Auswertung: Sicherheitswarnung Telekom Abuse Team