AutoIt/Ippedo.A, Win32/Autorun.AHV!lnk

BigJu · 07.03.2015, 14:28

Hallo liebes Trojanerboard,

ich habe gestern etwas in einem Copyshop im Ausland gedruckt, dafür meinen USB-Stick mitgenommen (damit ich keine Passwörter und so eingeben muss). Nachdem ich nun aber meinen USB Stick erneut an meinen Laptop angeschlossen habe wurden von Microsoft Security Essentials 2 Würmer gefunden.
Ich weiß leider nicht wie ich die log-File von MSE bekommen, daher nur die Namen unter Verlauf:
Worm:AutoIt/Ippedo.A
Worm:Autorun.AHV!lnk
Habe natürlich wie ich jetzt realisiere ggf etwas vorzeitig einfach auf entfernen gedrückt.
Auf den USB Stick kann ich zugreifen, jedoch werden mir beim erneuten scannen Pfade Angezeigt die ich nicht sehe, auch nicht mit ausgeblendeten Ordnern.

Meine Frage soll sich jetzt aber nicht auf den USB beziehen, sondern auf den Laptop.
Ich habe MSE einen Scan vom Rechner machen lassen, ohne Fund. Kam mir etwas komisch vor, also noch mal mit Antivir (jeweils die Echtzeitscanner vom anderen deaktiviert) und Malwarebytes gemacht (jeweils die Echtzeitscanner vom anderen deaktiviert), auch ohne Fund, lediglich bei Antivir Warnungen die ich vorher schon bei jedem Scan hatte. Ich traue der Sache jedoch noch nicht so ganz recht, da ich mich wie gesagt zZ im Ausland befinde und das was ich nicht gebrauchen kann sind gehackte Onlinekonten.

Falls der Rechner clean ist schicke ich den USB einfach in die ewigen Jagdgründe, will nicht riskieren dass ich den Laptop dann doch noch infiziere.

Ich habe nun noch wie in der Anleitung die Logs mit FRST und GMER gemacht.
Alles zusammen ist dann in der .zip.

Vielen Dank schonmal für die Hilfe.

schrauber · 07.03.2015, 14:38

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

BigJu · 07.03.2015, 16:22

Oh, sorry. Dachte das wäre übersichtlicher. Dann hier nochmal:

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Johanna (administrator) on JOHANNA-LAP on 07-03-2015 06:40:03
Running from C:\Users\Johanna\Desktop
Loaded Profiles: Johanna (Available profiles: Johanna)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\PAStiSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-05] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\...\MountPoints2: {524cefe8-66cf-11e0-9a2f-0026b9b65a6d} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\...\MountPoints2: {b71f8d72-0511-11e0-9e4c-0026b9b65a6d} - E:\setup.exe /AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8697CDE3-7566-44C5-8F19-36A79F3FA310}&mid=77fe4773f37947d0be64d16fff52b39e-b2cd6f46b14504db1ee86f3f77f3409f3a9c1340&lang=de&ds=od011&pr=sa&d=2012-06-23 21:40:36&v=11.1.0.7&sap=hp
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={8697CDE3-7566-44C5-8F19-36A79F3FA310}&mid=77fe4773f37947d0be64d16fff52b39e-b2cd6f46b14504db1ee86f3f77f3409f3a9c1340&lang=de&ds=od011&pr=sa&d=2012-06-23 21:40:36&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={8697CDE3-7566-44C5-8F19-36A79F3FA310}&mid=77fe4773f37947d0be64d16fff52b39e-b2cd6f46b14504db1ee86f3f77f3409f3a9c1340&lang=de&ds=od011&pr=sa&d=2012-06-23 21:40:36&v=11.1.0.7&sap=dsp&q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default
FF DefaultSearchUrl: hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&query=
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\abs@avira.com [2015-02-04]
FF Extension: GlassMyFox - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2012-01-19]
FF Extension: NoScript - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-21]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2011-02-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 alssvc; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [382232 2008-06-03] (Dell Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [229458 2010-04-05] (IDT, Inc.)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 06:40 - 2015-03-07 06:42 - 00013022 _____ () C:\Users\Johanna\Desktop\FRST.txt
2015-03-07 06:39 - 2015-03-07 06:40 - 00000000 ____D () C:\FRST
2015-03-07 06:34 - 2015-03-07 06:35 - 00000636 _____ () C:\Users\Johanna\Desktop\defogger_disable.log
2015-03-07 06:34 - 2015-03-07 06:35 - 00000020 _____ () C:\Users\Johanna\defogger_reenable
2015-03-07 06:33 - 2015-03-07 06:33 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe
2015-03-07 06:32 - 2015-03-07 06:32 - 01132544 _____ (Farbar) C:\Users\Johanna\Desktop\FRST.exe
2015-03-07 06:32 - 2015-03-07 06:32 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe
2015-03-06 23:16 - 2015-03-07 01:05 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-03-06 23:07 - 2015-03-06 23:11 - 38804664 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\Windows-KB890830-V5.21.exe
2015-03-06 23:03 - 2015-03-06 23:03 - 00000488 __RSH () C:\ProgramData\ntuser.pol
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2015-03-06 15:51 - 2015-03-06 16:15 - 131861240 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\msert.exe
2015-03-02 16:22 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-02 16:22 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-02 16:21 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-27 19:35 - 2015-03-07 05:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 19:34 - 2015-02-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2015-02-27 19:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-27 19:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 18:18 - 2015-02-27 18:18 - 00098824 _____ () C:\Users\Johanna\Documents\cc_20150227_181759.reg
2015-02-27 17:57 - 2015-02-27 18:00 - 00000000 ____D () C:\Users\Johanna\Desktop\NZ
2015-02-27 11:33 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 12:32 - 2015-02-20 20:43 - 00017779 _____ () C:\Users\Johanna\Desktop\Tennis_2015.ods
2015-02-16 12:11 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 12:11 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 20:47 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 20:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 20:47 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 20:47 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-14 20:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-14 20:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 20:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 20:47 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 20:47 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 20:47 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 20:47 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 20:47 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-14 20:47 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-14 20:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 20:47 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-14 20:47 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-14 20:47 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 20:47 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 20:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 20:47 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-14 20:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 20:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 20:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 20:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 19:09 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 19:09 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 19:09 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 19:09 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 19:09 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 19:09 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 19:09 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 19:02 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-14 19:02 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 19:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 19:01 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-14 19:01 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-14 19:01 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-14 19:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 18:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-14 18:56 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-14 18:50 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 06:42 - 2010-12-05 11:49 - 01273640 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 06:36 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 06:36 - 2009-07-14 05:39 - 00158831 _____ () C:\Windows\setupact.log
2015-03-07 06:34 - 2010-12-05 12:40 - 00000000 ____D () C:\Users\Johanna
2015-03-07 06:33 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 06:33 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 04:56 - 2012-03-30 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 03:10 - 2014-03-01 10:32 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox
2015-03-06 23:15 - 2014-03-01 10:36 - 00000000 ___RD () C:\Users\Johanna\Dropbox
2015-03-06 16:06 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-06 14:58 - 2010-12-05 12:44 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 14:16 - 2010-12-05 12:51 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-27 22:51 - 2010-12-24 21:45 - 00374776 _____ () C:\Windows\PFRO.log
2015-02-27 22:41 - 2014-08-17 11:58 - 00000000 ____D () C:\Windows\rescache
2015-02-27 21:58 - 2014-11-05 00:21 - 00000000 ____D () C:\Users\Johanna\Desktop\Uni
2015-02-27 19:35 - 2011-11-21 09:06 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-27 19:22 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-02-27 19:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-27 18:13 - 2013-08-31 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-02-27 17:59 - 2010-12-11 11:19 - 00002417 _____ () C:\Users\Johanna\Desktop\Trillian.lnk
2015-02-27 17:59 - 2010-12-05 11:01 - 00000000 ____D () C:\Program Files\Trillian
2015-02-27 17:56 - 2013-01-29 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-27 17:56 - 2012-11-21 19:18 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-02-27 17:55 - 2011-03-20 19:53 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 17:35 - 2011-02-05 20:55 - 00000000 ____D () C:\Program Files\Derive 6
2015-02-20 11:57 - 2012-09-27 19:37 - 00000000 ____D () C:\ProgramData\Cisco
2015-02-20 11:57 - 2010-12-24 21:38 - 00000000 ____D () C:\Program Files\Cisco
2015-02-15 13:36 - 2009-07-14 05:33 - 00293816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 13:33 - 2014-12-16 21:01 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 13:33 - 2014-05-06 16:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 13:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-15 13:29 - 2013-08-10 00:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:10 - 2012-05-01 07:58 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-15 13:10 - 2011-01-27 17:13 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-15 13:09 - 2011-01-27 17:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-14 18:42 - 2014-03-01 10:36 - 00001026 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk
2015-02-14 18:42 - 2014-03-01 10:33 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-09 18:43 - 2013-10-09 22:44 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\texstudio
2015-02-05 12:56 - 2012-03-30 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 12:56 - 2011-06-07 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-06-23 19:29 - 2012-06-23 19:30 - 37456234 _____ (Google Inc.) C:\Program Files\A-SDK-installer_r18-windows.exe
2013-09-20 13:02 - 2013-09-20 13:02 - 153313362 _____ () C:\Program Files\openoffice1.cab
2013-09-20 13:00 - 2013-09-20 13:00 - 2269184 _____ () C:\Program Files\openoffice401.msi
2011-01-19 12:30 - 2011-01-19 12:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab
2011-01-19 12:34 - 2011-01-19 12:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi
2012-05-10 21:40 - 2012-05-10 21:40 - 17825480 _____ (pdfforge GbR) C:\Program Files\PDFCreator.exe
2013-09-20 13:00 - 2013-09-20 13:00 - 0475136 _____ () C:\Program Files\setup.exe
2013-09-20 13:00 - 2013-09-20 13:00 - 0000279 _____ () C:\Program Files\setup.ini
2013-05-27 14:57 - 2013-06-03 16:11 - 0000868 _____ () C:\Users\Johanna\AppData\Roaming\gnuplot_history
2013-08-27 20:52 - 2013-09-25 13:30 - 0000600 _____ () C:\Users\Johanna\AppData\Roaming\winscp.rnd
2013-08-28 13:07 - 2013-09-25 12:13 - 0000600 _____ () C:\Users\Johanna\AppData\Local\PUTTY.RND
2015-01-27 00:14 - 2015-01-27 00:14 - 0002165 _____ () C:\Users\Johanna\AppData\Local\recently-used.xbel
2013-01-29 17:13 - 2013-01-29 17:13 - 0007605 _____ () C:\Users\Johanna\AppData\Local\Resmon.ResmonCfg
2011-11-20 11:06 - 2011-11-20 11:06 - 0000000 _____ () C:\Users\Johanna\AppData\Local\{BDE000DD-25B2-4BA8-B06C-BC0EAB343718}

Some content of TEMP:
====================
C:\Users\Johanna\AppData\Local\Temp\avgnt.exe
C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpcvge.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 13:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Johanna at 2015-03-07 06:42:43
Running from C:\Users\Johanna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ambient Light Sensor (HKLM\...\{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}) (Version: 1.0.7 - Ihr Firmenname)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM\...\{C124D485-A8CF-4142-9EE3-A8A163FC792E}) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Dell Client System Update (HKLM\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.1.1 - Dell Inc.)
Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.230 - ALPS ELECTRIC CO., LTD.)
Derive 6 Demo (HKLM\...\Derive 6 Demo) (Version: 6.0 - Texas Instruments Incorporated)
Dropbox (HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Gurobi 5.5.0 (HKLM\...\{ECBE0F15-ABDD-DDB4-4033-3B6162FC63E3}) (Version: 5.5.0.0 - Gurobi Optimization, Inc.)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
HTC Sync (HKLM\...\{DB249302-FB94-4578-84FE-7B856C315779}) (Version: 3.0.5422 - HTC)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6274.0 - IDT)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.1 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PuTTY version 0.63 (HKLM\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python 2.7 matplotlib-1.2.1 (HKLM\...\matplotlib-py2.7) (Version:  - )
Python 2.7 numpy-1.7.1 (HKLM\...\numpy-py2.7) (Version:  - )
Python 2.7.5 (HKLM\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
Python 3.3 numpy-1.7.1 (HKLM\...\numpy-py3.3) (Version:  - )
Python 3.3.1 (HKLM\...\{b9ed8a90-8d53-3960-b93b-d383c65ffc80}) (Version: 3.3.1150 - Python Software Foundation)
SecureW2 EAP Suite 1.1.2 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Texmaker (HKLM\...\Texmaker) (Version:  - )
TeXstudio 2.6.2 (HKLM\...\TeXstudio_is1) (Version: 2.6.2 - Benito van der Zander)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.7 (HKLM\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1636702197-2669522382-2271460054-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-02-2015 22:40:34 Geplanter Prüfpunkt
02-03-2015 16:21:49 Windows Update
02-03-2015 17:21:16 Windows Update
06-03-2015 23:06:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05660C41-2736-439F-8D00-48C4D3D3825B} - System32\Tasks\{7009F2CE-D670-40E2-A303-A6545AA9FFB4} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)
Task: {0FDC99DD-B5A9-4F84-AE61-7C658541E4E4} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-08-18] ()
Task: {29573184-A325-4B0D-981D-FCD03DEA316B} - System32\Tasks\{CE79E5A8-5641-47E4-B0EA-04A60CAAD639} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.59.112/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {52499F0C-B1A3-4A1D-9444-D7D5AB211915} - System32\Tasks\{F1F477FA-8A14-4B1C-9645-DCE72DBFABD7} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)
Task: {57735A1D-0CDE-4114-8A63-A2AA3229D6A4} - System32\Tasks\{EE626A73-BF75-4BFD-8D3C-7E1E03254176} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)
Task: {58EEB9E7-F41B-47D2-97F6-0D7076618FC9} - System32\Tasks\{3C07037D-CFD5-45C6-AE1F-A88B64DB05A7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-07] (Skype Technologies S.A.)
Task: {68C4AA42-B8F2-4756-9EAE-B01E73174C66} - \Ad-Aware Update (Weekly) No Task File <==== ATTENTION
Task: {B660E57D-E6CC-44B0-9457-5A466BD3334E} - System32\Tasks\{4D4B3EA0-B998-44FA-ABEF-53687B2A38A9} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)
Task: {D35A2B07-B691-4605-B4E5-67CA40775836} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DF210C95-B66B-4568-B10A-139F21705F58} - System32\Tasks\{7F99E331-DBBA-4028-BF6D-E6FFBC12FDDB} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)
Task: {EDF6DC4F-D104-4318-9953-70E2EE17C343} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {FA546F08-CBC4-4171-9F5D-6F8ABB97C60A} - System32\Tasks\{E3A43CC2-6BA5-44D2-9B21-2891F998B790} => C:\Program Files\TI Education\Derive 6 Demo\Derive6.exe [2003-09-15] (Texas Instruments Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-03-20 22:21 - 2005-01-14 16:32 - 00053248 _____ () C:\Windows\System32\PAStiSvc.exe
2015-01-26 17:34 - 2015-01-26 17:34 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Johanna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

==================== Accounts: =============================

Administrator (S-1-5-21-1636702197-2669522382-2271460054-500 - Administrator - Disabled)
Gast (S-1-5-21-1636702197-2669522382-2271460054-501 - Limited - Disabled)
Johanna (S-1-5-21-1636702197-2669522382-2271460054-1000 - Administrator - Enabled) => C:\Users\Johanna

==================== Faulty Device Manager Devices =============

Name: Intel(R) 82567LM Gigabit Network Connection
Description: Intel(R) 82567LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1yexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom USH
Description: Broadcom USH
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 06:16:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1636702197-2669522382-2271460054-1000}/">.

Error: (02/16/2015 09:15:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1a78
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/10/2015 00:28:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/09/2015 09:52:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 00:45:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/31/2015 06:59:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/30/2015 00:19:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/27/2015 00:33:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 06:20:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2015 02:59:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/07/2015 06:37:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/07/2015 03:10:29 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/06/2015 11:05:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/06/2015 11:04:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.193.1657.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.7.0205.00

	Quellpfad: 4.7.0205.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (03/06/2015 05:49:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.193.1657.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.7.0205.00

	Quellpfad: 4.7.0205.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (03/06/2015 04:19:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/06/2015 04:19:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/06/2015 04:19:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/06/2015 04:19:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/06/2015 04:19:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (02/27/2015 06:16:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1636702197-2669522382-2271460054-1000}/

Error: (02/16/2015 09:15:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251a7801d04a250ec4d991C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll999f851f-b618-11e4-a873-fc4454a61a4c

Error: (02/10/2015 00:28:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (02/09/2015 09:52:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (02/05/2015 00:45:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/31/2015 06:59:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/30/2015 00:19:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/27/2015 00:33:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/25/2015 06:20:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/25/2015 02:59:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 1999.92 MB
Available physical RAM: 959.73 MB
Total Pagefile: 3999.84 MB
Available Pagefile: 2608.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:35.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: C502C502)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER.txt

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-07 13:12:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BJKT-75F4T0 rev.11.01A11 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\Johanna\AppData\Local\Temp\axliykow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495                                                                                                                                                                         8248A9E5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                             824C4312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\PS Driver for Universal Print@Dependent Files                                                                            ???p?????????????????????????????????????????n??????????????? ???????n?????n?????n?-??"?????l???????????SW\{eeab7790-c514-11d1-b42b-00805fc1270e}???????{00000000-0000-0000-ffff-ffffffffffff}??????{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0010?no???V?6?`?k?k?k?h?j?`?k?k??IPBusEnum Root Enumerator?????:??o????????h?????6.1.7600.16385??????RAS Async Adapter???{4d36e97d-e325-11ce-bfc1-08002be10318}????????V????????g????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????n???????e???}??S?????????????????X?????????????USB??????????l???????h???? n????? ?????? n???????????m?-??????????????????????s?????? ??????????????x????n?n????? ?????? n?????????????-?????????????????f???n?n?????m??? ?????? n?????n???????1??L????????? ??????????????n???n???n??92f}??? ???????n?????n???????1????????????&???????????????????????? ???????n?????n???????1????????????????????? ???????n???????????n?1?????????????????????????n???????????????????????????????????n?
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                             0x2A 0x5C 0xE5 0x5D ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                       0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                    0x31 0x5B 0xB7 0xBD ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                               0xDC 0x4F 0x82 0xC4 ...
Reg    HKLM\SYSTEM\ControlSet002\Control\Print\Environments\Windows NT x86\Drivers\Version-3\PS Driver for Universal Print@Dependent Files                                                                                ??????????N?????????????????????????????? ???????h?????????????-??"???????????????????E??|???????????????????????????????????0??7???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??{4??? ???????{??????????????????????????Standardvolume????????N????????????D??????????????????????????????????????N??????t?????D????????????????????? ??????????????????.NT?????wpdfs.inf???wpdfs.inf????????????5???????????????????e???????a??Microsoft????????????????????????????8??s?????????????????????????????????N??????|?????|????{71a27cdd-812a-11d0-bec7-08002be2092f}?:6.??? ???????f???????????????????u?????s????????????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?ice??6.1.7600.16385??????hid_device_system_mouse?ta??6.1.7601.18328???????????????4???????????7???????????????????????????????.???????????????????????????????e????????????????????????????????????????????????????????????????????N??????{???????z???????????&?????s????HID_Inst?????????????????????y????????????N??????????????s??? "??????????????p????????????T
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                    0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                 0x2A 0x5C 0xE5 0x5D ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                           0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                        0x31 0x5B 0xB7 0xBD ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                   0xDC 0x4F 0x82 0xC4 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                                                                                                                 
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@2091B54E                                                                                                                        1675
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\drucker.uni-kl.de\Printers\{7EFE61D8-DB43-4338-915E-A66DDC9450B2}\PrinterDriverData@DependentFiles  ????????????? ????????????????????????????f?????3????????????????????????????????3??????????????????????????????????????? ???????????????? ?????????????????3???????????????????????????????WindowsUpdateAgent??????????????????????????????????????????????\\?\C:\Windows\SoftwareDistribution\Download\789964dc09c1e02ed5d01e6a0a200879\??????????p???????????????? ??????????????????? ???????????????????3???????????????????????????????????????3???????????????????????????????????????3??????????????????????????????????????? ????????????????????????????f??????????????3??p???????????????????????????????????? ????????????????????????????n?????7????????????????????????????????7??????????????????????????????????????? ??????????????????????????????????7???????????????????????????????? &?????????????????WindowsUpdateAgent????????x?????????????????Package_for_KB2654428_RTM~31bf3856ad364e35~x86~~6.1.1.0.mum?????????????????????????\\?\C:\Windows\SoftwareDistribution\Download\789964dc09c1e02ed5d01e6a0a200879\??????????P??????????

---- EOF - GMER 2.1 ----

Der Antivir log ist leider deutlich zu groß >1000000 Zeichen, waren aber wie gesagt Warnungen die schon zumindest teilweise länger bestehen.

schrauber · 08.03.2015, 08:33

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

BigJu · 08.03.2015, 13:49

Hallo,
MBAR hat nach dem Scan gesagt dass kein Cleanup notwendig wäre, TDSSKiller hat eine Bedrohung gefunden, hier die logs:

TDSS:

Code:

ATTFilter

12:41:08.0297 0x1048  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:41:17.0173 0x1048  ============================================================
12:41:17.0173 0x1048  Current date / time: 2015/03/08 12:41:17.0173
12:41:17.0173 0x1048  SystemInfo:
12:41:17.0173 0x1048  
12:41:17.0173 0x1048  OS Version: 6.1.7601 ServicePack: 1.0
12:41:17.0173 0x1048  Product type: Workstation
12:41:17.0173 0x1048  ComputerName: JOHANNA-LAP
12:41:17.0173 0x1048  UserName: Johanna
12:41:17.0173 0x1048  Windows directory: C:\Windows
12:41:17.0173 0x1048  System windows directory: C:\Windows
12:41:17.0173 0x1048  Processor architecture: Intel x86
12:41:17.0173 0x1048  Number of processors: 2
12:41:17.0173 0x1048  Page size: 0x1000
12:41:17.0173 0x1048  Boot type: Normal boot
12:41:17.0173 0x1048  ============================================================
12:41:19.0872 0x1048  KLMD registered as C:\Windows\system32\drivers\55977576.sys
12:41:20.0043 0x1048  System UUID: {42F9C7E0-6260-9750-7078-243589B675CB}
12:41:20.0667 0x1048  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:41:20.0683 0x1048  ============================================================
12:41:20.0683 0x1048  \Device\Harddisk0\DR0:
12:41:20.0683 0x1048  MBR partitions:
12:41:20.0683 0x1048  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
12:41:20.0683 0x1048  ============================================================
12:41:20.0699 0x1048  C: <-> \Device\Harddisk0\DR0\Partition1
12:41:20.0699 0x1048  ============================================================
12:41:20.0699 0x1048  Initialize success
12:41:20.0699 0x1048  ============================================================
12:41:44.0535 0x10a4  ============================================================
12:41:44.0535 0x10a4  Scan started
12:41:44.0535 0x10a4  Mode: Manual; SigCheck; TDLFS; 
12:41:44.0535 0x10a4  ============================================================
12:41:44.0535 0x10a4  KSN ping started
12:41:44.0660 0x10a4  KSN ping finished: false
12:41:45.0986 0x10a4  ================ Scan system memory ========================
12:41:45.0986 0x10a4  System memory - ok
12:41:45.0986 0x10a4  ================ Scan services =============================
12:41:46.0173 0x10a4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:41:46.0345 0x10a4  1394ohci - ok
12:41:46.0423 0x10a4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:41:46.0485 0x10a4  ACPI - ok
12:41:46.0517 0x10a4  [ 79D6B28027C398B728CE7CD0570248B0, 2BB31BFF659BA864D5C64170EF0B5C4A9A1DE5700DA42028A85847C91DCEE676 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
12:41:46.0595 0x10a4  acpials - ok
12:41:46.0626 0x10a4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:41:46.0719 0x10a4  AcpiPmi - ok
12:41:46.0797 0x10a4  [ 27A563BEEFCE364823EAAA789A3F7EAE, 371EF141AEBDD00F9CCAD62B742B59A4D0C97EA449E9C14E3BE66EC7FFFF9D2C ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
12:41:46.0860 0x10a4  acsock - ok
12:41:46.0985 0x10a4  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:47.0031 0x10a4  AdobeARMservice - ok
12:41:47.0156 0x10a4  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:41:47.0219 0x10a4  AdobeFlashPlayerUpdateSvc - ok
12:41:47.0281 0x10a4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:41:47.0359 0x10a4  adp94xx - ok
12:41:47.0375 0x10a4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:41:47.0406 0x10a4  adpahci - ok
12:41:47.0437 0x10a4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:41:47.0453 0x10a4  adpu320 - ok
12:41:47.0484 0x10a4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:41:47.0655 0x10a4  AeLookupSvc - ok
12:41:47.0796 0x10a4  [ 827DBC22C96EECF6D36A13162FABAFD3, EBBC04A6AD3BC83E3791569C1120BBBB59AF70512FA2CEB6A8BA2A257F3F6C32 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
12:41:47.0874 0x10a4  AESTFilters - ok
12:41:47.0952 0x10a4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
12:41:48.0061 0x10a4  AFD - ok
12:41:48.0108 0x10a4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:41:48.0155 0x10a4  agp440 - ok
12:41:48.0170 0x10a4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:41:48.0186 0x10a4  aic78xx - ok
12:41:48.0217 0x10a4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:41:48.0279 0x10a4  ALG - ok
12:41:48.0342 0x10a4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:41:48.0373 0x10a4  aliide - ok
12:41:48.0482 0x10a4  [ 5E14E9877BB47BABDCFB33CDCC4136ED, B81356F9B3616BFC9F024C85EA9C546AFF50A15C65746156AB472C27D151D9BF ] alssvc          C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
12:41:48.0545 0x10a4  alssvc - ok
12:41:48.0560 0x10a4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:41:48.0576 0x10a4  amdagp - ok
12:41:48.0607 0x10a4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:41:48.0623 0x10a4  amdide - ok
12:41:48.0654 0x10a4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:41:48.0716 0x10a4  AmdK8 - ok
12:41:48.0732 0x10a4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:41:48.0779 0x10a4  AmdPPM - ok
12:41:48.0841 0x10a4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:41:48.0888 0x10a4  amdsata - ok
12:41:48.0903 0x10a4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:41:48.0935 0x10a4  amdsbs - ok
12:41:48.0950 0x10a4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:41:48.0950 0x10a4  amdxata - ok
12:41:49.0075 0x10a4  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:41:49.0122 0x10a4  AntiVirSchedulerService - ok
12:41:49.0169 0x10a4  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:41:49.0215 0x10a4  AntiVirService - ok
12:41:49.0278 0x10a4  [ C51EC0615EF781B00B7389521F397132, BCFD99D09D4EA96FF0AB401B9310842C6AC095389B680856E0E99124BC719BF0 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
12:41:49.0325 0x10a4  ApfiltrService - ok
12:41:49.0371 0x10a4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
12:41:49.0449 0x10a4  AppID - ok
12:41:49.0496 0x10a4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:41:49.0559 0x10a4  AppIDSvc - ok
12:41:49.0590 0x10a4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:41:49.0668 0x10a4  Appinfo - ok
12:41:49.0715 0x10a4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:41:49.0808 0x10a4  AppMgmt - ok
12:41:49.0839 0x10a4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:41:49.0886 0x10a4  arc - ok
12:41:49.0902 0x10a4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:41:49.0917 0x10a4  arcsas - ok
12:41:50.0058 0x10a4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:41:50.0136 0x10a4  aspnet_state - ok
12:41:50.0167 0x10a4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:41:50.0323 0x10a4  AsyncMac - ok
12:41:50.0354 0x10a4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:41:50.0385 0x10a4  atapi - ok
12:41:50.0463 0x10a4  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:50.0588 0x10a4  AudioEndpointBuilder - ok
12:41:50.0619 0x10a4  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:41:50.0682 0x10a4  Audiosrv - ok
12:41:50.0729 0x10a4  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:41:50.0744 0x10a4  avgntflt - ok
12:41:50.0775 0x10a4  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:41:50.0791 0x10a4  avipbb - ok
12:41:50.0822 0x10a4  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:41:50.0838 0x10a4  avkmgr - ok
12:41:50.0900 0x10a4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:41:51.0009 0x10a4  AxInstSV - ok
12:41:51.0072 0x10a4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:41:51.0181 0x10a4  b06bdrv - ok
12:41:51.0212 0x10a4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:41:51.0290 0x10a4  b57nd60x - ok
12:41:51.0337 0x10a4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:41:51.0415 0x10a4  BDESVC - ok
12:41:51.0431 0x10a4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:41:51.0524 0x10a4  Beep - ok
12:41:51.0602 0x10a4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:41:51.0727 0x10a4  BFE - ok
12:41:51.0805 0x10a4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
12:41:51.0914 0x10a4  BITS - ok
12:41:51.0930 0x10a4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:41:51.0945 0x10a4  blbdrive - ok
12:41:51.0977 0x10a4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:41:52.0039 0x10a4  bowser - ok
12:41:52.0055 0x10a4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:41:52.0148 0x10a4  BrFiltLo - ok
12:41:52.0164 0x10a4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:41:52.0211 0x10a4  BrFiltUp - ok
12:41:52.0273 0x10a4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:41:52.0367 0x10a4  Browser - ok
12:41:52.0398 0x10a4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:41:52.0445 0x10a4  Brserid - ok
12:41:52.0460 0x10a4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:41:52.0507 0x10a4  BrSerWdm - ok
12:41:52.0523 0x10a4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:41:52.0569 0x10a4  BrUsbMdm - ok
12:41:52.0569 0x10a4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:41:52.0601 0x10a4  BrUsbSer - ok
12:41:52.0632 0x10a4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:41:52.0679 0x10a4  BTHMODEM - ok
12:41:52.0741 0x10a4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:41:52.0819 0x10a4  bthserv - ok
12:41:52.0850 0x10a4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:41:52.0928 0x10a4  cdfs - ok
12:41:52.0991 0x10a4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:41:53.0053 0x10a4  cdrom - ok
12:41:53.0115 0x10a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:41:53.0178 0x10a4  CertPropSvc - ok
12:41:53.0193 0x10a4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:41:53.0225 0x10a4  circlass - ok
12:41:53.0256 0x10a4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:41:53.0318 0x10a4  CLFS - ok
12:41:53.0396 0x10a4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:53.0427 0x10a4  clr_optimization_v2.0.50727_32 - ok
12:41:53.0505 0x10a4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:53.0583 0x10a4  clr_optimization_v4.0.30319_32 - ok
12:41:53.0615 0x10a4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:41:53.0646 0x10a4  CmBatt - ok
12:41:53.0693 0x10a4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:41:53.0724 0x10a4  cmdide - ok
12:41:53.0786 0x10a4  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:41:53.0880 0x10a4  CNG - ok
12:41:53.0911 0x10a4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:41:53.0958 0x10a4  Compbatt - ok
12:41:53.0989 0x10a4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:41:54.0051 0x10a4  CompositeBus - ok
12:41:54.0067 0x10a4  COMSysApp - ok
12:41:54.0098 0x10a4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:41:54.0114 0x10a4  crcdisk - ok
12:41:54.0176 0x10a4  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:41:54.0270 0x10a4  CryptSvc - ok
12:41:54.0348 0x10a4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
12:41:54.0473 0x10a4  CSC - ok
12:41:54.0551 0x10a4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
12:41:54.0629 0x10a4  CscService - ok
12:41:54.0675 0x10a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:41:54.0753 0x10a4  DcomLaunch - ok
12:41:54.0847 0x10a4  [ 4A557869C542B26264EA727C11B6670E, 0D18562C348428DF951A21697E35C66E6C23981D96FADDCB13254E865344AE21 ] dcpsysmgrsvc    C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
12:41:54.0909 0x10a4  dcpsysmgrsvc - ok
12:41:54.0941 0x10a4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:41:55.0034 0x10a4  defragsvc - ok
12:41:55.0112 0x10a4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:41:55.0175 0x10a4  DfsC - ok
12:41:55.0237 0x10a4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:41:55.0346 0x10a4  Dhcp - ok
12:41:55.0377 0x10a4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:41:55.0455 0x10a4  discache - ok
12:41:55.0502 0x10a4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:41:55.0518 0x10a4  Disk - ok
12:41:55.0565 0x10a4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:41:55.0627 0x10a4  Dnscache - ok
12:41:55.0689 0x10a4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:41:55.0767 0x10a4  dot3svc - ok
12:41:55.0830 0x10a4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:41:55.0908 0x10a4  DPS - ok
12:41:55.0955 0x10a4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:41:56.0079 0x10a4  drmkaud - ok
12:41:56.0173 0x10a4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:41:56.0220 0x10a4  DXGKrnl - ok
12:41:56.0298 0x10a4  [ 44A91D98D6719B49BCD649A863225B5C, C73479E537517885450083692CDA6EB0E05B69C5C4F4526542C0884AA82037A3 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6232.sys
12:41:56.0345 0x10a4  e1yexpress - ok
12:41:56.0376 0x10a4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:41:56.0423 0x10a4  EapHost - ok
12:41:56.0594 0x10a4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:41:56.0781 0x10a4  ebdrv - ok
12:41:56.0828 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\Windows\System32\lsass.exe
12:41:56.0891 0x10a4  EFS - ok
12:41:56.0969 0x10a4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:41:57.0093 0x10a4  ehRecvr - ok
12:41:57.0125 0x10a4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:41:57.0218 0x10a4  ehSched - ok
12:41:57.0312 0x10a4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:41:57.0374 0x10a4  elxstor - ok
12:41:57.0405 0x10a4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:41:57.0468 0x10a4  ErrDev - ok
12:41:57.0530 0x10a4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:41:57.0593 0x10a4  EventSystem - ok
12:41:57.0749 0x10a4  [ A57BE3307ADA2FC086B5B43135735283, 97979F5D716449DC33FE22804E497D790A82DE08366F83F5614B321F8A9560DE ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:41:57.0827 0x10a4  EvtEng - ok
12:41:57.0858 0x10a4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:41:57.0905 0x10a4  exfat - ok
12:41:57.0936 0x10a4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:41:58.0014 0x10a4  fastfat - ok
12:41:58.0092 0x10a4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:41:58.0217 0x10a4  Fax - ok
12:41:58.0232 0x10a4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:41:58.0295 0x10a4  fdc - ok
12:41:58.0310 0x10a4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:41:58.0373 0x10a4  fdPHost - ok
12:41:58.0388 0x10a4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:41:58.0419 0x10a4  FDResPub - ok
12:41:58.0435 0x10a4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:41:58.0451 0x10a4  FileInfo - ok
12:41:58.0451 0x10a4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:41:58.0497 0x10a4  Filetrace - ok
12:41:58.0513 0x10a4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:41:58.0544 0x10a4  flpydisk - ok
12:41:58.0607 0x10a4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:41:58.0638 0x10a4  FltMgr - ok
12:41:58.0747 0x10a4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
12:41:58.0856 0x10a4  FontCache - ok
12:41:58.0919 0x10a4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:41:58.0950 0x10a4  FontCache3.0.0.0 - ok
12:41:58.0965 0x10a4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:41:59.0012 0x10a4  FsDepends - ok
12:41:59.0059 0x10a4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:41:59.0106 0x10a4  Fs_Rec - ok
12:41:59.0168 0x10a4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:41:59.0231 0x10a4  fvevol - ok
12:41:59.0246 0x10a4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:41:59.0262 0x10a4  gagp30kx - ok
12:41:59.0355 0x10a4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:41:59.0418 0x10a4  gpsvc - ok
12:41:59.0433 0x10a4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:41:59.0496 0x10a4  hcw85cir - ok
12:41:59.0574 0x10a4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:59.0652 0x10a4  HdAudAddService - ok
12:41:59.0667 0x10a4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:41:59.0714 0x10a4  HDAudBus - ok
12:41:59.0730 0x10a4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:41:59.0792 0x10a4  HidBatt - ok
12:41:59.0823 0x10a4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:41:59.0870 0x10a4  HidBth - ok
12:41:59.0886 0x10a4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:41:59.0933 0x10a4  HidIr - ok
12:41:59.0964 0x10a4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
12:42:00.0026 0x10a4  hidserv - ok
12:42:00.0104 0x10a4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:42:00.0198 0x10a4  HidUsb - ok
12:42:00.0245 0x10a4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:42:00.0338 0x10a4  hkmsvc - ok
12:42:00.0369 0x10a4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:42:00.0463 0x10a4  HomeGroupListener - ok
12:42:00.0525 0x10a4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:42:00.0588 0x10a4  HomeGroupProvider - ok
12:42:00.0650 0x10a4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:42:00.0697 0x10a4  HpSAMD - ok
12:42:00.0728 0x10a4  [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:42:00.0791 0x10a4  HTCAND32 - ok
12:42:00.0869 0x10a4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:42:00.0962 0x10a4  HTTP - ok
12:42:00.0993 0x10a4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:42:01.0025 0x10a4  hwpolicy - ok
12:42:01.0071 0x10a4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:42:01.0118 0x10a4  i8042prt - ok
12:42:01.0196 0x10a4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:42:01.0259 0x10a4  iaStorV - ok
12:42:01.0383 0x10a4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:42:01.0461 0x10a4  idsvc - ok
12:42:01.0493 0x10a4  IEEtwCollectorService - ok
12:42:01.0867 0x10a4  [ C5589781F75DE0BFB26E221649C80D00, 949AC24AF8669F9FF71DB30A502AF8BA17D892A0E86708418469B15F084A9D72 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:42:02.0257 0x10a4  igfx - ok
12:42:02.0304 0x10a4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:42:02.0319 0x10a4  iirsp - ok
12:42:02.0413 0x10a4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:42:02.0600 0x10a4  IKEEXT - ok
12:42:02.0678 0x10a4  [ 81486F0EB4238B65C317F97DE246C4AC, 31F4250D82C51660A561236AE1902EA938E9042919722046E361FD7C74FC6C29 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:42:02.0834 0x10a4  IntcHdmiAddService - ok
12:42:02.0850 0x10a4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:42:02.0897 0x10a4  intelide - ok
12:42:02.0912 0x10a4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:42:02.0959 0x10a4  intelppm - ok
12:42:02.0990 0x10a4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:42:03.0099 0x10a4  IPBusEnum - ok
12:42:03.0115 0x10a4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:42:03.0177 0x10a4  IpFilterDriver - ok
12:42:03.0240 0x10a4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:42:03.0396 0x10a4  iphlpsvc - ok
12:42:03.0443 0x10a4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:42:03.0505 0x10a4  IPMIDRV - ok
12:42:03.0536 0x10a4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:42:03.0599 0x10a4  IPNAT - ok
12:42:03.0630 0x10a4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:42:03.0723 0x10a4  IRENUM - ok
12:42:03.0770 0x10a4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:42:03.0817 0x10a4  isapnp - ok
12:42:03.0864 0x10a4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:42:03.0926 0x10a4  iScsiPrt - ok
12:42:03.0957 0x10a4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:42:03.0989 0x10a4  kbdclass - ok
12:42:04.0051 0x10a4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:42:04.0082 0x10a4  kbdhid - ok
12:42:04.0098 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\Windows\system32\lsass.exe
12:42:04.0129 0x10a4  KeyIso - ok
12:42:04.0176 0x10a4  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:42:04.0207 0x10a4  KSecDD - ok
12:42:04.0238 0x10a4  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:42:04.0285 0x10a4  KSecPkg - ok
12:42:04.0332 0x10a4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:42:04.0457 0x10a4  KtmRm - ok
12:42:04.0488 0x10a4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:42:04.0581 0x10a4  LanmanServer - ok
12:42:04.0613 0x10a4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:42:04.0691 0x10a4  LanmanWorkstation - ok
12:42:04.0737 0x10a4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:42:04.0800 0x10a4  lltdio - ok
12:42:04.0831 0x10a4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:42:04.0909 0x10a4  lltdsvc - ok
12:42:04.0940 0x10a4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:42:04.0956 0x10a4  lmhosts - ok
12:42:05.0003 0x10a4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:42:05.0003 0x10a4  LSI_FC - ok
12:42:05.0018 0x10a4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:42:05.0034 0x10a4  LSI_SAS - ok
12:42:05.0049 0x10a4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:42:05.0065 0x10a4  LSI_SAS2 - ok
12:42:05.0081 0x10a4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:42:05.0096 0x10a4  LSI_SCSI - ok
12:42:05.0112 0x10a4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:42:05.0190 0x10a4  luafv - ok
12:42:05.0237 0x10a4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:42:05.0283 0x10a4  Mcx2Svc - ok
12:42:05.0330 0x10a4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:42:05.0346 0x10a4  megasas - ok
12:42:05.0377 0x10a4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:42:05.0408 0x10a4  MegaSR - ok
12:42:05.0455 0x10a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:42:05.0486 0x10a4  MMCSS - ok
12:42:05.0517 0x10a4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:42:05.0580 0x10a4  Modem - ok
12:42:05.0611 0x10a4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:42:05.0658 0x10a4  monitor - ok
12:42:05.0705 0x10a4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:42:05.0736 0x10a4  mouclass - ok
12:42:05.0767 0x10a4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:42:05.0814 0x10a4  mouhid - ok
12:42:05.0861 0x10a4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:42:05.0892 0x10a4  mountmgr - ok
12:42:05.0970 0x10a4  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:42:06.0001 0x10a4  MozillaMaintenance - ok
12:42:06.0063 0x10a4  [ 7D2484C4995A3DB47345EFED2A0B579E, 55B3CDE0BEF743874793679692A6C744B2771C85A0FEE1904F28A51EEE9C0CEB ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:42:06.0126 0x10a4  MpFilter - ok
12:42:06.0173 0x10a4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:42:06.0188 0x10a4  mpio - ok
12:42:06.0204 0x10a4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:42:06.0251 0x10a4  mpsdrv - ok
12:42:06.0313 0x10a4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:42:06.0391 0x10a4  MpsSvc - ok
12:42:06.0422 0x10a4  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:42:06.0438 0x10a4  MRxDAV - ok
12:42:06.0485 0x10a4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:06.0547 0x10a4  mrxsmb - ok
12:42:06.0609 0x10a4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:06.0687 0x10a4  mrxsmb10 - ok
12:42:06.0719 0x10a4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:06.0750 0x10a4  mrxsmb20 - ok
12:42:06.0797 0x10a4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:42:06.0828 0x10a4  msahci - ok
12:42:06.0890 0x10a4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:42:06.0921 0x10a4  msdsm - ok
12:42:06.0937 0x10a4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:42:06.0984 0x10a4  MSDTC - ok
12:42:07.0031 0x10a4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:42:07.0124 0x10a4  Msfs - ok
12:42:07.0140 0x10a4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:42:07.0218 0x10a4  mshidkmdf - ok
12:42:07.0249 0x10a4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:42:07.0280 0x10a4  msisadrv - ok
12:42:07.0327 0x10a4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:42:07.0421 0x10a4  MSiSCSI - ok
12:42:07.0421 0x10a4  msiserver - ok
12:42:07.0483 0x10a4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:42:07.0577 0x10a4  MSKSSRV - ok
12:42:07.0701 0x10a4  [ F26F7A5B18C717E57E3B6B306ABEC00B, 4C49C67A48F6B77E38A7FD28C960C92DFF371ACF0722C6EE4DF5F4B382937870 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:42:07.0748 0x10a4  MsMpSvc - ok
12:42:07.0748 0x10a4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:07.0811 0x10a4  MSPCLOCK - ok
12:42:07.0811 0x10a4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:42:07.0857 0x10a4  MSPQM - ok
12:42:07.0889 0x10a4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:42:07.0904 0x10a4  MsRPC - ok
12:42:07.0951 0x10a4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:42:07.0967 0x10a4  mssmbios - ok
12:42:07.0982 0x10a4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:42:07.0998 0x10a4  MSTEE - ok
12:42:08.0013 0x10a4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:42:08.0060 0x10a4  MTConfig - ok
12:42:08.0091 0x10a4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:42:08.0107 0x10a4  Mup - ok
12:42:08.0169 0x10a4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
12:42:08.0294 0x10a4  napagent - ok
12:42:08.0341 0x10a4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:42:08.0435 0x10a4  NativeWifiP - ok
12:42:08.0497 0x10a4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:42:08.0544 0x10a4  NDIS - ok
12:42:08.0575 0x10a4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:08.0622 0x10a4  NdisCap - ok
12:42:08.0653 0x10a4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:08.0715 0x10a4  NdisTapi - ok
12:42:08.0762 0x10a4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:08.0793 0x10a4  Ndisuio - ok
12:42:08.0840 0x10a4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:08.0918 0x10a4  NdisWan - ok
12:42:08.0965 0x10a4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:42:09.0027 0x10a4  NDProxy - ok
12:42:09.0043 0x10a4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:42:09.0105 0x10a4  NetBIOS - ok
12:42:09.0152 0x10a4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:42:09.0215 0x10a4  NetBT - ok
12:42:09.0230 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon        C:\Windows\system32\lsass.exe
12:42:09.0246 0x10a4  Netlogon - ok
12:42:09.0277 0x10a4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:42:09.0371 0x10a4  Netman - ok
12:42:09.0417 0x10a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:42:09.0573 0x10a4  NetMsmqActivator - ok
12:42:09.0605 0x10a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:42:09.0651 0x10a4  NetPipeActivator - ok
12:42:09.0683 0x10a4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:42:09.0761 0x10a4  netprofm - ok
12:42:09.0807 0x10a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:42:09.0854 0x10a4  NetTcpActivator - ok
12:42:09.0870 0x10a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:42:09.0917 0x10a4  NetTcpPortSharing - ok
12:42:10.0182 0x10a4  [ EF51B405AD8ACAAE6F0231290D20F516, 2BBD53127E1375E36590ECBA9DA6AAD133E850A90D5B5610DED99D37987CAADD ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
12:42:10.0478 0x10a4  NETw5s32 - ok
12:42:10.0681 0x10a4  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
12:42:10.0899 0x10a4  netw5v32 - ok
12:42:10.0946 0x10a4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:42:10.0962 0x10a4  nfrd960 - ok
12:42:10.0993 0x10a4  [ 94B8279FC0E27A8253944DFA47FC4A83, D799003BD163200F7DE0EC882756EF08AA70C45BF0518E3BC6DB8B8FB74BF663 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:42:11.0009 0x10a4  NisDrv - ok
12:42:11.0087 0x10a4  [ 1452F52471F2DC1515DD6C35B42FF06E, 57A2858B24D0C9C229A4C76F85DB453E867921C2B4E41835211C4EB5EBE99DE8 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
12:42:11.0165 0x10a4  NisSrv - ok
12:42:11.0211 0x10a4  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:42:11.0243 0x10a4  NlaSvc - ok
12:42:11.0289 0x10a4  [ 48FB907B069524F2DC7BA62A0762850C, 069FDABF61DEA0D74753D6E76601898D21E8C0E74C98413706FA48CBEB0BECEF ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
12:42:11.0399 0x10a4  nmwcd - ok
12:42:11.0445 0x10a4  [ 2914CEB789964141AC6E22C6BC980C42, CD0B1D59C1A37A5E558839A1F4760A219A47D58089459A474A5419DDE3F831C8 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
12:42:11.0508 0x10a4  nmwcdc - ok
12:42:11.0523 0x10a4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:42:11.0555 0x10a4  Npfs - ok
12:42:11.0586 0x10a4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:42:11.0648 0x10a4  nsi - ok
12:42:11.0679 0x10a4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:42:11.0742 0x10a4  nsiproxy - ok
12:42:11.0867 0x10a4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:42:11.0945 0x10a4  Ntfs - ok
12:42:11.0960 0x10a4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:42:11.0991 0x10a4  Null - ok
12:42:12.0054 0x10a4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:42:12.0085 0x10a4  nvraid - ok
12:42:12.0163 0x10a4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:42:12.0210 0x10a4  nvstor - ok
12:42:12.0257 0x10a4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:42:12.0303 0x10a4  nv_agp - ok
12:42:12.0350 0x10a4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:42:12.0397 0x10a4  ohci1394 - ok
12:42:12.0444 0x10a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:42:12.0522 0x10a4  p2pimsvc - ok
12:42:12.0553 0x10a4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:42:12.0584 0x10a4  p2psvc - ok
12:42:12.0662 0x10a4  [ 2085D5168FC0C56BB13304D180D244B6, 388C589AA71DDEC27891A2D862EA7BF5665208F25652F761534F65981B6B3DBF ] PAC7311         C:\Windows\system32\DRIVERS\PA707UCM.SYS
12:42:12.0756 0x10a4  PAC7311 - ok
12:42:12.0787 0x10a4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:42:12.0818 0x10a4  Parport - ok
12:42:12.0849 0x10a4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:42:12.0881 0x10a4  partmgr - ok
12:42:12.0881 0x10a4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:42:12.0912 0x10a4  Parvdm - ok
12:42:12.0927 0x10a4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:42:13.0005 0x10a4  PcaSvc - ok
12:42:13.0052 0x10a4  [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:42:13.0130 0x10a4  pccsmcfd - ok
12:42:13.0161 0x10a4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
12:42:13.0208 0x10a4  pci - ok
12:42:13.0255 0x10a4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:42:13.0271 0x10a4  pciide - ok
12:42:13.0286 0x10a4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:42:13.0317 0x10a4  pcmcia - ok
12:42:13.0317 0x10a4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:42:13.0349 0x10a4  pcw - ok
12:42:13.0380 0x10a4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:42:13.0473 0x10a4  PEAUTH - ok
12:42:13.0583 0x10a4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:42:13.0692 0x10a4  PeerDistSvc - ok
12:42:13.0817 0x10a4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
12:42:13.0957 0x10a4  pla - ok
12:42:14.0113 0x10a4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:42:14.0378 0x10a4  PlugPlay - ok
12:42:14.0409 0x10a4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:42:14.0456 0x10a4  PNRPAutoReg - ok
12:42:14.0487 0x10a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:42:14.0550 0x10a4  PNRPsvc - ok
12:42:14.0581 0x10a4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:42:14.0643 0x10a4  PolicyAgent - ok
12:42:14.0690 0x10a4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
12:42:14.0721 0x10a4  Power - ok
12:42:14.0753 0x10a4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:42:14.0784 0x10a4  PptpMiniport - ok
12:42:14.0799 0x10a4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:42:14.0815 0x10a4  Processor - ok
12:42:14.0846 0x10a4  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:42:14.0909 0x10a4  ProfSvc - ok
12:42:14.0924 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:42:14.0955 0x10a4  ProtectedStorage - ok
12:42:14.0971 0x10a4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:42:15.0033 0x10a4  Psched - ok
12:42:15.0127 0x10a4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:42:15.0221 0x10a4  ql2300 - ok
12:42:15.0236 0x10a4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:42:15.0252 0x10a4  ql40xx - ok
12:42:15.0267 0x10a4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:42:15.0299 0x10a4  QWAVE - ok
12:42:15.0314 0x10a4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:42:15.0345 0x10a4  QWAVEdrv - ok
12:42:15.0377 0x10a4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:42:15.0439 0x10a4  RasAcd - ok
12:42:15.0470 0x10a4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:15.0533 0x10a4  RasAgileVpn - ok
12:42:15.0548 0x10a4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:42:15.0626 0x10a4  RasAuto - ok
12:42:15.0657 0x10a4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:15.0720 0x10a4  Rasl2tp - ok
12:42:15.0751 0x10a4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
12:42:15.0813 0x10a4  RasMan - ok
12:42:15.0845 0x10a4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:15.0938 0x10a4  RasPppoe - ok
12:42:15.0969 0x10a4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:42:16.0063 0x10a4  RasSstp - ok
12:42:16.0094 0x10a4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:42:16.0141 0x10a4  rdbss - ok
12:42:16.0157 0x10a4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:16.0172 0x10a4  rdpbus - ok
12:42:16.0219 0x10a4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:16.0313 0x10a4  RDPCDD - ok
12:42:16.0359 0x10a4  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:42:16.0437 0x10a4  RDPDR - ok
12:42:16.0484 0x10a4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:42:16.0547 0x10a4  RDPENCDD - ok
12:42:16.0578 0x10a4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:42:16.0656 0x10a4  RDPREFMP - ok
12:42:16.0687 0x10a4  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:42:16.0781 0x10a4  RDPWD - ok
12:42:16.0843 0x10a4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:42:16.0905 0x10a4  rdyboost - ok
12:42:16.0999 0x10a4  [ A171029D6B6C2D93C22861A347F43C2A, 2736C33ED524E8AB6A1E2EFD477C278F32B9A171B7675210E707C8C07E09FEB6 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:42:17.0046 0x10a4  RegSrvc - ok
12:42:17.0077 0x10a4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:42:17.0124 0x10a4  RemoteAccess - ok
12:42:17.0139 0x10a4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:42:17.0186 0x10a4  RemoteRegistry - ok
12:42:17.0202 0x10a4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:42:17.0295 0x10a4  RpcEptMapper - ok
12:42:17.0327 0x10a4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:42:17.0389 0x10a4  RpcLocator - ok
12:42:17.0436 0x10a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
12:42:17.0498 0x10a4  RpcSs - ok
12:42:17.0514 0x10a4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:42:17.0529 0x10a4  rspndr - ok
12:42:17.0576 0x10a4  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:42:17.0654 0x10a4  s3cap - ok
12:42:17.0670 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs           C:\Windows\system32\lsass.exe
12:42:17.0685 0x10a4  SamSs - ok
12:42:17.0717 0x10a4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:42:17.0732 0x10a4  sbp2port - ok
12:42:17.0779 0x10a4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:42:17.0857 0x10a4  SCardSvr - ok
12:42:17.0873 0x10a4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:42:17.0919 0x10a4  scfilter - ok
12:42:18.0044 0x10a4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
12:42:18.0107 0x10a4  Schedule - ok
12:42:18.0138 0x10a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:42:18.0169 0x10a4  SCPolicySvc - ok
12:42:18.0232 0x10a4  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\drivers\sdbus.sys
12:42:18.0294 0x10a4  sdbus - ok
12:42:18.0325 0x10a4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:42:18.0419 0x10a4  SDRSVC - ok
12:42:18.0481 0x10a4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:42:18.0544 0x10a4  secdrv - ok
12:42:18.0544 0x10a4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:42:18.0606 0x10a4  seclogon - ok
12:42:18.0637 0x10a4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
12:42:18.0668 0x10a4  SENS - ok
12:42:18.0700 0x10a4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:42:18.0746 0x10a4  SensrSvc - ok
12:42:18.0793 0x10a4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:42:18.0856 0x10a4  Serenum - ok
12:42:18.0871 0x10a4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:42:18.0918 0x10a4  Serial - ok
12:42:18.0934 0x10a4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:42:18.0965 0x10a4  sermouse - ok
12:42:19.0105 0x10a4  [ 7D3903AF48E6C1DC2704EAFCB608D031, 95B0F3F4958357C919ADF31D76744D16810325C7313767395521838F65DB3FE0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:42:19.0152 0x10a4  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
12:42:19.0261 0x10a4  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
12:42:19.0308 0x10a4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:42:19.0402 0x10a4  SessionEnv - ok
12:42:19.0448 0x10a4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:42:19.0495 0x10a4  sffdisk - ok
12:42:19.0511 0x10a4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:42:19.0526 0x10a4  sffp_mmc - ok
12:42:19.0542 0x10a4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:42:19.0558 0x10a4  sffp_sd - ok
12:42:19.0573 0x10a4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:42:19.0604 0x10a4  sfloppy - ok
12:42:19.0636 0x10a4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:42:19.0714 0x10a4  SharedAccess - ok
12:42:19.0760 0x10a4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:42:19.0854 0x10a4  ShellHWDetection - ok
12:42:19.0870 0x10a4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:42:19.0885 0x10a4  sisagp - ok
12:42:19.0916 0x10a4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:42:19.0932 0x10a4  SiSRaid2 - ok
12:42:19.0963 0x10a4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:42:19.0979 0x10a4  SiSRaid4 - ok
12:42:20.0072 0x10a4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:42:20.0135 0x10a4  SkypeUpdate - ok
12:42:20.0166 0x10a4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:42:20.0213 0x10a4  Smb - ok
12:42:20.0260 0x10a4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:42:20.0322 0x10a4  SNMPTRAP - ok
12:42:20.0338 0x10a4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:42:20.0369 0x10a4  spldr - ok
12:42:20.0416 0x10a4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
12:42:20.0525 0x10a4  Spooler - ok
12:42:20.0681 0x10a4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
12:42:20.0852 0x10a4  sppsvc - ok
12:42:20.0962 0x10a4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:42:21.0008 0x10a4  sppuinotify - ok
12:42:21.0133 0x10a4  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\System32\Drivers\sptd.sys
12:42:21.0180 0x10a4  sptd - ok
12:42:21.0242 0x10a4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:42:21.0320 0x10a4  srv - ok
12:42:21.0352 0x10a4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:42:21.0398 0x10a4  srv2 - ok
12:42:21.0430 0x10a4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:42:21.0461 0x10a4  srvnet - ok
12:42:21.0508 0x10a4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:42:21.0554 0x10a4  SSDPSRV - ok
12:42:21.0601 0x10a4  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:42:21.0617 0x10a4  ssmdrv - ok
12:42:21.0648 0x10a4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:42:21.0710 0x10a4  SstpSvc - ok
12:42:21.0851 0x10a4  [ 0A8FA56553913E87AA24A6CE218B88DE, 5B11EEDE4B03D3C75AE3A63386D62C7643901BB5C2FBB4F4F63EBE949AE09AC6 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
12:42:21.0929 0x10a4  STacSV - ok
12:42:21.0960 0x10a4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:42:22.0007 0x10a4  stexstor - ok
12:42:22.0085 0x10a4  [ 2B50CFED920D4CD973ADBAAAD3FE704F, 7E73FA30D85072B40CB4E20119FE09A768FE67E47C33EC9F2038240248B8A581 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
12:42:22.0116 0x10a4  STHDA - ok
12:42:22.0194 0x10a4  [ ED78DFAD8EFCDFBC89500492C4D14645, E642BC209693D0EACDDDD2386B4FFFA4CB1C9AB4FA431796900FC730677E09D4 ] STI Simulator   C:\Windows\System32\PAStiSvc.exe
12:42:22.0225 0x10a4  STI Simulator - ok
12:42:22.0303 0x10a4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:42:22.0381 0x10a4  StiSvc - ok
12:42:22.0412 0x10a4  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:42:22.0428 0x10a4  storflt - ok
12:42:22.0459 0x10a4  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
12:42:22.0490 0x10a4  StorSvc - ok
12:42:22.0490 0x10a4  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:42:22.0522 0x10a4  storvsc - ok
12:42:22.0537 0x10a4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:42:22.0553 0x10a4  swenum - ok
12:42:22.0584 0x10a4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:42:22.0678 0x10a4  swprv - ok
12:42:22.0756 0x10a4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
12:42:22.0849 0x10a4  SysMain - ok
12:42:22.0896 0x10a4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:42:22.0958 0x10a4  TabletInputService - ok
12:42:23.0005 0x10a4  [ 5C7C939BBD03784FE58C80578D065CC9, 69620ED28E0BF8C466B22760B4476E2A9119BB1C532C9E9BB1A7BCA91A8BB54A ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:42:23.0083 0x10a4  tap0901 - ok
12:42:23.0146 0x10a4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:42:23.0255 0x10a4  TapiSrv - ok
12:42:23.0286 0x10a4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:42:23.0333 0x10a4  TBS - ok
12:42:23.0442 0x10a4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:42:23.0536 0x10a4  Tcpip - ok
12:42:23.0598 0x10a4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:42:23.0645 0x10a4  TCPIP6 - ok
12:42:23.0692 0x10a4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:42:23.0754 0x10a4  tcpipreg - ok
12:42:23.0785 0x10a4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:42:23.0863 0x10a4  TDPIPE - ok
12:42:23.0894 0x10a4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:42:23.0957 0x10a4  TDTCP - ok
12:42:23.0988 0x10a4  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:42:24.0035 0x10a4  tdx - ok
12:42:24.0082 0x10a4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:42:24.0097 0x10a4  TermDD - ok
12:42:24.0160 0x10a4  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
12:42:24.0253 0x10a4  TermService - ok
12:42:24.0284 0x10a4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:42:24.0331 0x10a4  Themes - ok
12:42:24.0347 0x10a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:42:24.0394 0x10a4  THREADORDER - ok
12:42:24.0409 0x10a4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:42:24.0440 0x10a4  TrkWks - ok
12:42:24.0503 0x10a4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:42:24.0612 0x10a4  TrustedInstaller - ok
12:42:24.0643 0x10a4  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:42:24.0659 0x10a4  tssecsrv - ok
12:42:24.0721 0x10a4  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:42:24.0768 0x10a4  TsUsbFlt - ok
12:42:24.0830 0x10a4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:42:24.0908 0x10a4  tunnel - ok
12:42:24.0940 0x10a4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:42:24.0955 0x10a4  uagp35 - ok
12:42:25.0002 0x10a4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:42:25.0096 0x10a4  udfs - ok
12:42:25.0111 0x10a4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:42:25.0174 0x10a4  UI0Detect - ok
12:42:25.0205 0x10a4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:42:25.0252 0x10a4  uliagpkx - ok
12:42:25.0298 0x10a4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:42:25.0361 0x10a4  umbus - ok
12:42:25.0392 0x10a4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:42:25.0423 0x10a4  UmPass - ok
12:42:25.0486 0x10a4  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:42:25.0564 0x10a4  UmRdpService - ok
12:42:25.0610 0x10a4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:42:25.0704 0x10a4  upnphost - ok
12:42:25.0766 0x10a4  [ E526A166E6ACAFD0A9B3841D3941669E, 3DDB92995C57A0A453D20F36EA192D6878DA18D49E737D63903D9FF919FF14F7 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
12:42:25.0813 0x10a4  upperdev - ok
12:42:25.0860 0x10a4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:42:25.0922 0x10a4  usbccgp - ok
12:42:25.0985 0x10a4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:42:26.0032 0x10a4  usbcir - ok
12:42:26.0078 0x10a4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:42:26.0141 0x10a4  usbehci - ok
12:42:26.0172 0x10a4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:42:26.0234 0x10a4  usbhub - ok
12:42:26.0281 0x10a4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:42:26.0312 0x10a4  usbohci - ok
12:42:26.0359 0x10a4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:42:26.0390 0x10a4  usbprint - ok
12:42:26.0437 0x10a4  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\drivers\usbser.sys
12:42:26.0468 0x10a4  usbser - ok
12:42:26.0500 0x10a4  [ 6F3E3C6811B930D2414552A2E4A40F36, DF283D9B080024CBED468407E7418B74DD8CC463A3083A96B6B20724B57498EC ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
12:42:26.0531 0x10a4  UsbserFilt - ok
12:42:26.0578 0x10a4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:42:26.0640 0x10a4  USBSTOR - ok
12:42:26.0656 0x10a4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:42:26.0718 0x10a4  usbuhci - ok
12:42:26.0796 0x10a4  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
12:42:26.0874 0x10a4  usb_rndisx - ok
12:42:26.0905 0x10a4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:42:26.0983 0x10a4  UxSms - ok
12:42:27.0014 0x10a4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc        C:\Windows\system32\lsass.exe
12:42:27.0046 0x10a4  VaultSvc - ok
12:42:27.0124 0x10a4  [ 42934F05BA89F589A34A11E0661C233B, 811006374490DA42BFA91D9F633955D5E2693FFD340DADC4B250EEC4E079085E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:42:27.0155 0x10a4  VBoxNetAdp - ok
12:42:27.0170 0x10a4  VBoxNetFlt - ok
12:42:27.0217 0x10a4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:42:27.0248 0x10a4  vdrvroot - ok
12:42:27.0311 0x10a4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
12:42:27.0436 0x10a4  vds - ok
12:42:27.0467 0x10a4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:42:27.0498 0x10a4  vga - ok
12:42:27.0514 0x10a4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:42:27.0545 0x10a4  VgaSave - ok
12:42:27.0592 0x10a4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:42:27.0607 0x10a4  vhdmp - ok
12:42:27.0623 0x10a4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:42:27.0638 0x10a4  viaagp - ok
12:42:27.0654 0x10a4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:42:27.0685 0x10a4  ViaC7 - ok
12:42:27.0716 0x10a4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:42:27.0732 0x10a4  viaide - ok
12:42:27.0779 0x10a4  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:42:27.0826 0x10a4  vmbus - ok
12:42:27.0872 0x10a4  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:42:27.0919 0x10a4  VMBusHID - ok
12:42:27.0935 0x10a4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:42:27.0950 0x10a4  volmgr - ok
12:42:27.0982 0x10a4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:42:28.0013 0x10a4  volmgrx - ok
12:42:28.0075 0x10a4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:42:28.0138 0x10a4  volsnap - ok
12:42:28.0294 0x10a4  [ EAA5E27927B63B118F926CDF2F52EA75, 07A21B4D5CB174F64B0D1117F040C6FD88E00328AB4B4C6317F17BDC08BD502E ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:42:28.0340 0x10a4  vpnagent - ok
12:42:28.0387 0x10a4  [ FDAAED2C4DBFCBCF6F8283A915C32B66, BA600630E79FB71DAA569698E2897A28E8992BCF33C5D2BC49908C71845284CB ] vpnva           C:\Windows\system32\DRIVERS\vpnva-6.sys
12:42:28.0434 0x10a4  vpnva - ok
12:42:28.0465 0x10a4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:42:28.0512 0x10a4  vsmraid - ok
12:42:28.0621 0x10a4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:42:28.0699 0x10a4  VSS - ok
12:42:28.0715 0x10a4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:42:28.0730 0x10a4  vwifibus - ok
12:42:28.0762 0x10a4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:42:28.0777 0x10a4  VWiFiFlt - ok
12:42:28.0793 0x10a4  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:42:28.0808 0x10a4  vwifimp - ok
12:42:28.0840 0x10a4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:42:28.0886 0x10a4  W32Time - ok
12:42:28.0886 0x10a4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:42:28.0902 0x10a4  WacomPen - ok
12:42:28.0949 0x10a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:42:29.0027 0x10a4  WANARP - ok
12:42:29.0042 0x10a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:42:29.0089 0x10a4  Wanarpv6 - ok
12:42:29.0230 0x10a4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:42:29.0308 0x10a4  WatAdminSvc - ok
12:42:29.0354 0x10a4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:42:29.0464 0x10a4  wbengine - ok
12:42:29.0495 0x10a4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:42:29.0542 0x10a4  WbioSrvc - ok
12:42:29.0588 0x10a4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:42:29.0666 0x10a4  wcncsvc - ok
12:42:29.0682 0x10a4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:42:29.0744 0x10a4  WcsPlugInService - ok
12:42:29.0776 0x10a4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:42:29.0807 0x10a4  Wd - ok
12:42:29.0885 0x10a4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:42:29.0932 0x10a4  Wdf01000 - ok
12:42:29.0994 0x10a4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:42:30.0072 0x10a4  WdiServiceHost - ok
12:42:30.0088 0x10a4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:42:30.0134 0x10a4  WdiSystemHost - ok
12:42:30.0197 0x10a4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
12:42:30.0306 0x10a4  WebClient - ok
12:42:30.0337 0x10a4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:42:30.0446 0x10a4  Wecsvc - ok
12:42:30.0478 0x10a4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:42:30.0509 0x10a4  wercplsupport - ok
12:42:30.0556 0x10a4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:42:30.0618 0x10a4  WerSvc - ok
12:42:30.0649 0x10a4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:42:30.0696 0x10a4  WfpLwf - ok
12:42:30.0712 0x10a4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:42:30.0743 0x10a4  WIMMount - ok
12:42:30.0836 0x10a4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:42:30.0961 0x10a4  WinDefend - ok
12:42:31.0008 0x10a4  WinHttpAutoProxySvc - ok
12:42:31.0070 0x10a4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:42:31.0148 0x10a4  Winmgmt - ok
12:42:31.0242 0x10a4  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:42:31.0336 0x10a4  WinRM - ok
12:42:31.0414 0x10a4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:42:31.0445 0x10a4  WinUsb - ok
12:42:31.0507 0x10a4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:42:31.0601 0x10a4  Wlansvc - ok
12:42:31.0648 0x10a4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:42:31.0710 0x10a4  WmiAcpi - ok
12:42:31.0757 0x10a4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:42:31.0804 0x10a4  wmiApSrv - ok
12:42:31.0897 0x10a4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:42:32.0022 0x10a4  WMPNetworkSvc - ok
12:42:32.0038 0x10a4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:42:32.0116 0x10a4  WPCSvc - ok
12:42:32.0162 0x10a4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:42:32.0209 0x10a4  WPDBusEnum - ok
12:42:32.0225 0x10a4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:42:32.0272 0x10a4  ws2ifsl - ok
12:42:32.0287 0x10a4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:42:32.0334 0x10a4  wscsvc - ok
12:42:32.0396 0x10a4  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:42:32.0459 0x10a4  WSDPrintDevice - ok
12:42:32.0521 0x10a4  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
12:42:32.0568 0x10a4  WSDScan - ok
12:42:32.0584 0x10a4  WSearch - ok
12:42:32.0724 0x10a4  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
12:42:32.0849 0x10a4  wuauserv - ok
12:42:32.0911 0x10a4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:42:32.0958 0x10a4  WudfPf - ok
12:42:32.0989 0x10a4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:42:33.0052 0x10a4  WUDFRd - ok
12:42:33.0114 0x10a4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:42:33.0161 0x10a4  wudfsvc - ok
12:42:33.0223 0x10a4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:42:33.0301 0x10a4  WwanSvc - ok
12:42:33.0364 0x10a4  ================ Scan global ===============================
12:42:33.0410 0x10a4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:42:33.0457 0x10a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:42:33.0504 0x10a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:42:33.0535 0x10a4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:42:33.0582 0x10a4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:42:33.0582 0x10a4  [ Global ] - ok
12:42:33.0582 0x10a4  ================ Scan MBR ==================================
12:42:33.0598 0x10a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:42:33.0988 0x10a4  \Device\Harddisk0\DR0 - ok
12:42:34.0003 0x10a4  ================ Scan VBR ==================================
12:42:34.0003 0x10a4  [ F603D6135ADA2DF2ACE4A162164D6B04 ] \Device\Harddisk0\DR0\Partition1
12:42:34.0003 0x10a4  \Device\Harddisk0\DR0\Partition1 - ok
12:42:34.0003 0x10a4  ================ Scan generic autorun ======================
12:42:34.0081 0x10a4  [ 9C68DC8806635C64B67B8B0D19CEED86, 9042D154D229DB030FC4A4AC4051A38F5C5ED5D28D70464C28C5BAD5C093AB30 ] C:\Program Files\DellTPad\Apoint.exe
12:42:34.0175 0x10a4  Apoint - ok
12:42:34.0253 0x10a4  [ 113604A1D5FAF83C859839458E1C703A, 4503AD4CE82A436E70BD17C6E43350C7B12D754CC9A8F9FBC3AD470698D22C01 ] C:\Program Files\IDT\WDM\sttray.exe
12:42:34.0331 0x10a4  SysTrayApp - ok
12:42:34.0378 0x10a4  [ 197CFD0ACD299C9D2C784AE313F199C9, E92055C6312B2CADB92A9C33059AB14AEFBB2D0058E657D90930D57DFA6C1446 ] C:\Windows\system32\igfxtray.exe
12:42:34.0424 0x10a4  IgfxTray - ok
12:42:34.0456 0x10a4  [ 5BC248D7BDC1847DEC6B3CD5325A8535, 5702CD2C0FEE1E46A4F63C21A9E741D7D85D1ADE89D2B8CD8D6A1B502884FB1E ] C:\Windows\system32\hkcmd.exe
12:42:34.0487 0x10a4  HotKeysCmds - ok
12:42:34.0518 0x10a4  [ DF1BA792B3586B139F5B3BEAE5B98890, 0205EE9E25A9219AECF246D1947D7E7BBCDD8B1F3C8AF09CD9DE81172CCDA64E ] C:\Windows\system32\igfxpers.exe
12:42:34.0565 0x10a4  Persistence - ok
12:42:34.0690 0x10a4  [ BBD1BA710A00842064BA038570C13CB2, 155FABD8323C95932C9F552E8827A87356E9FCED471B8F5E06466F920EEB56A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
12:42:34.0752 0x10a4  MSC - ok
12:42:34.0846 0x10a4  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
12:42:34.0908 0x10a4  avgnt - ok
12:42:35.0017 0x10a4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:42:35.0142 0x10a4  Sidebar - ok
12:42:35.0173 0x10a4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:42:35.0204 0x10a4  mctadmin - ok
12:42:35.0267 0x10a4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:42:35.0314 0x10a4  Sidebar - ok
12:42:35.0314 0x10a4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:42:35.0329 0x10a4  mctadmin - ok
12:42:35.0360 0x10a4  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
12:42:35.0360 0x10a4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x60000 ( disabled : updated )
12:42:35.0376 0x10a4  Win FW state via NFP2: enabled
12:42:35.0376 0x10a4  ============================================================
12:42:35.0376 0x10a4  Scan finished
12:42:35.0376 0x10a4  ============================================================
12:42:35.0376 0x0f80  Detected object count: 1
12:42:35.0376 0x0f80  Actual detected object count: 1
12:43:07.0918 0x0f80  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:07.0918 0x0f80  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:46:15.0118 0x17b0  Deinitialize success

MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.08.04
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17633
Johanna :: JOHANNA-LAP [administrator]

08.03.2015 13:18:12
mbar-log-2015-03-08 (13-18-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 309695
Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 08.03.2015, 19:08

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

BigJu · 08.03.2015, 21:50

Ich denke es hat alles geklappt. Hier der log:

Code:

ATTFilter

ComboFix 15-03-01.01 - Johanna 08.03.2015  21:36:13.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2000.1246 [GMT 1:00]
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\program files\Setup.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\ntuser.pol
c:\users\Johanna\AppData\Local\TempDIR
c:\users\Johanna\AppData\Local\TempDIR\dfn-verein-g01-ca.der
c:\users\Johanna\AppData\Local\TempDIR\rhrk-g02-ca.der
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\system32\SET29B9.tmp
c:\windows\system32\SET4877.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-08 bis 2015-03-08  ))))))))))))))))))))))))))))))
.
.
2015-03-08 20:44 . 2015-03-08 20:44	--------	d-----w-	c:\users\Johanna\AppData\Local\temp
2015-03-08 20:44 . 2015-03-08 20:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-08 20:26 . 2015-01-29 09:49	9041640	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69B0271-B141-400B-BAAA-17D1FA1745A6}\mpengine.dll
2015-03-08 12:17 . 2015-03-08 12:35	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-07 12:14 . 2015-01-29 09:49	9041640	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-07 05:39 . 2015-03-07 05:43	--------	d-----w-	C:\FRST
2015-03-06 22:16 . 2015-03-07 00:05	--------	d-----w-	c:\windows\system32\MpEngineStore
2015-03-06 15:17 . 2015-03-06 15:17	--------	d-----w-	c:\programdata\Panda Security
2015-03-06 15:17 . 2015-03-06 15:17	--------	d-----w-	c:\program files\Panda USB Vaccine
2015-03-02 15:22 . 2014-10-04 01:42	3221504	----a-w-	c:\windows\system32\mstscax.dll
2015-03-02 15:22 . 2014-10-04 01:42	131584	----a-w-	c:\windows\system32\aaclient.dll
2015-03-02 15:21 . 2014-12-11 17:47	46592	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-02-27 18:35 . 2015-03-08 12:17	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-27 18:34 . 2015-03-08 11:46	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-27 18:34 . 2014-11-21 05:14	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-02-27 18:34 . 2015-02-27 18:34	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-02-22 13:15 . 2014-10-02 13:20	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A1D962-2767-4531-90FE-0163C74D10B4}\gapaengine.dll
2015-02-16 11:11 . 2015-01-23 03:43	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-16 11:11 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\system32\jscript9.dll
2015-02-14 19:48 . 2015-01-09 02:48	76800	----a-w-	c:\windows\system32\wdi.dll
2015-02-14 19:48 . 2015-01-09 02:48	635904	----a-w-	c:\windows\system32\perftrack.dll
2015-02-14 19:48 . 2015-01-09 02:48	27136	----a-w-	c:\windows\system32\powertracker.dll
2015-02-14 18:09 . 2015-01-09 01:45	2380288	----a-w-	c:\windows\system32\win32k.sys
2015-02-14 18:09 . 2015-01-15 07:46	67520	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-02-14 18:09 . 2015-01-15 07:46	136640	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-02-14 18:09 . 2015-01-15 07:43	15872	----a-w-	c:\windows\system32\sspisrv.dll
2015-02-14 18:09 . 2015-01-15 07:43	100352	----a-w-	c:\windows\system32\sspicli.dll
2015-02-14 18:09 . 2015-01-15 07:42	22016	----a-w-	c:\windows\system32\secur32.dll
2015-02-14 18:09 . 2015-01-15 07:42	1061376	----a-w-	c:\windows\system32\lsasrv.dll
2015-02-14 18:09 . 2015-01-15 07:42	22528	----a-w-	c:\windows\system32\lsass.exe
2015-02-14 18:09 . 2015-01-15 07:42	50176	----a-w-	c:\windows\system32\auditpol.exe
2015-02-14 18:09 . 2015-01-15 07:39	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-02-14 18:09 . 2015-01-15 07:39	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-02-14 18:09 . 2015-01-15 07:37	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-02-14 18:09 . 2015-01-15 04:21	369968	----a-w-	c:\windows\system32\drivers\cng.sys
2015-02-14 18:02 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-02-14 18:02 . 2015-01-14 05:44	3917760	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-14 18:02 . 2014-11-26 03:32	571904	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-14 17:56 . 2014-12-12 05:07	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-02-14 17:56 . 2014-07-07 01:40	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-02-14 17:56 . 2014-07-07 01:40	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-14 17:56 . 2014-12-08 02:46	308224	----a-w-	c:\windows\system32\scesrv.dll
2015-02-14 17:50 . 2015-01-13 02:49	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 13:16 . 2010-12-05 11:51	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 11:56 . 2012-03-30 07:57	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 11:56 . 2011-06-07 21:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 02:43 . 2015-01-14 07:54	164864	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 07:53	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2013-09-20 12:00 . 2013-09-20 12:00	2269184	----a-w-	c:\program files\openoffice401.msi
2012-06-23 18:30 . 2012-06-23 18:29	37456234	----a-w-	c:\program files\A-SDK-installer_r18-windows.exe
2012-05-10 20:40 . 2012-05-10 20:40	17825480	----a-w-	c:\program files\PDFCreator.exe
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\program files\openofficeorg33.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-25 702768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Johanna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48	1022152	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2014-11-19 15:35	707984	----a-w-	c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-08-18 09:53	249856	----a-w-	c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53	1483264	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-07 21:51	21444224	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-22 172192]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2014-11-19 92528]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-12 221912]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-27 1343400]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-25 431920]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-11-19 562576]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={8697CDE3-7566-44C5-8F19-36A79F3FA310}&mid=77fe4773f37947d0be64d16fff52b39e-b2cd6f46b14504db1ee86f3f77f3409f3a9c1340&lang=de&ds=od011&pr=sa&d=2012-06-23 21:40&v=11.1.0.7&sap=hp
TCP: DhcpNameServer = 119.15.80.85 202.79.24.153
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&query=
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-08  21:46:08
ComboFix-quarantined-files.txt  2015-03-08 20:46
.
Vor Suchlauf: 11 Verzeichnis(se), 36.967.505.920 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 36.758.315.008 Bytes frei
.
- - End Of File - - 12388ABEC9FDE34B87AC1BC45809725C
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 09.03.2015, 13:02

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

BigJu · 09.03.2015, 18:20

Hallo, hier sind die logs:

MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.03.2015
Suchlauf-Zeit: 17:24:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.09.04
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Johanna

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328260
Verstrichene Zeit: 15 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.111 - Bericht erstellt 09/03/2015 um 18:06:51
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Johanna - JOHANNA-LAP
# Gestarted von : C:\Users\Johanna\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Johanna\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.date", "18");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.lastDate", "16");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "10");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.month", "18");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.total", "18");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.week", "18");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("aol_toolbar.surf.year", "18");
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&que[...]
[as1qy2zp.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=2012111653034353&tb_oid=31-10-2010&tb_mrud=16-11-2012&q=");
[zbibrj30.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[zbibrj30.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [3371 Bytes] - [09/03/2015 17:46:39]
AdwCleaner[S0].txt - [3209 Bytes] - [09/03/2015 18:06:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3268  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x86
Ran by Johanna on 09.03.2015 at 18:10:50,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\as1qy2zp.default\minidumps [562 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2015 at 18:12:44,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Johanna (administrator) on JOHANNA-LAP on 09-03-2015 18:13:17
Running from C:\Users\Johanna\Desktop
Loaded Profiles: Johanna (Available profiles: Johanna)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Windows\System32\PAStiSvc.exe
(Dell Inc.) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-05] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-25] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.44.1

FireFox:
========
FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: GlassMyFox - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2012-01-19]
FF Extension: NoScript - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-21]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2011-02-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 alssvc; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [382232 2008-06-03] (Dell Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [229458 2010-04-05] (IDT, Inc.)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\Johanna\AppData\Local\Temp\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 18:13 - 2015-03-09 18:14 - 00011545 _____ () C:\Users\Johanna\Desktop\FRST.txt
2015-03-09 18:12 - 2015-03-09 18:12 - 00000762 _____ () C:\Users\Johanna\Desktop\JRT.txt
2015-03-09 17:46 - 2015-03-09 18:06 - 00000000 ____D () C:\AdwCleaner
2015-03-09 16:53 - 2015-03-09 16:53 - 01388333 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT.exe
2015-03-09 16:52 - 2015-03-09 17:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Johanna\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 16:52 - 2015-03-09 16:55 - 02126848 _____ () C:\Users\Johanna\Desktop\AdwCleaner_4.111.exe
2015-03-08 21:46 - 2015-03-08 21:46 - 00018034 _____ () C:\ComboFix.txt
2015-03-08 21:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 21:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 21:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 21:32 - 2015-03-08 21:46 - 00000000 ____D () C:\Qoobox
2015-03-08 21:32 - 2015-03-08 21:44 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 21:29 - 2015-03-08 21:30 - 05612482 ____R (Swearware) C:\Users\Johanna\Desktop\ComboFix.exe
2015-03-08 13:17 - 2015-03-08 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-08 12:46 - 2015-03-08 13:34 - 00000000 ____D () C:\Users\Johanna\Desktop\mbar
2015-03-08 12:33 - 2015-03-08 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Johanna\Desktop\mbar-1.09.1.1004.exe
2015-03-08 12:32 - 2015-03-08 12:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Johanna\Desktop\tdsskiller.exe
2015-03-07 14:24 - 2015-03-07 14:24 - 00362811 _____ () C:\Users\Johanna\Desktop\Logs.zip
2015-03-07 06:48 - 2015-03-07 06:48 - 271107613 _____ () C:\Windows\MEMORY.DMP
2015-03-07 06:48 - 2015-03-07 06:48 - 00148160 _____ () C:\Windows\Minidump\030715-24273-01.dmp
2015-03-07 06:39 - 2015-03-09 18:13 - 00000000 ____D () C:\FRST
2015-03-07 06:34 - 2015-03-07 06:35 - 00000636 _____ () C:\Users\Johanna\Desktop\defogger_disable.log
2015-03-07 06:34 - 2015-03-07 06:35 - 00000020 _____ () C:\Users\Johanna\defogger_reenable
2015-03-07 06:33 - 2015-03-07 06:33 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe
2015-03-07 06:32 - 2015-03-07 06:32 - 01132544 _____ (Farbar) C:\Users\Johanna\Desktop\FRST.exe
2015-03-07 06:32 - 2015-03-07 06:32 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe
2015-03-06 23:16 - 2015-03-07 01:05 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-03-06 23:07 - 2015-03-06 23:11 - 38804664 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\Windows-KB890830-V5.21.exe
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2015-03-06 15:51 - 2015-03-06 16:15 - 131861240 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\msert.exe
2015-03-02 16:22 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-02 16:22 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-02 16:21 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-27 19:35 - 2015-03-09 17:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 19:34 - 2015-03-09 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2015-03-09 17:18 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-27 19:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 18:18 - 2015-02-27 18:18 - 00098824 _____ () C:\Users\Johanna\Documents\cc_20150227_181759.reg
2015-02-27 17:57 - 2015-02-27 18:00 - 00000000 ____D () C:\Users\Johanna\Desktop\NZ
2015-02-27 11:33 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 12:32 - 2015-02-20 20:43 - 00017779 _____ () C:\Users\Johanna\Desktop\Tennis_2015.ods
2015-02-16 12:11 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 12:11 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 20:47 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 20:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 20:47 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 20:47 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-14 20:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-14 20:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 20:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 20:47 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 20:47 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 20:47 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 20:47 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 20:47 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-14 20:47 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-14 20:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 20:47 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-14 20:47 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-14 20:47 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 20:47 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 20:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 20:47 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-14 20:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 20:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 20:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 20:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 19:09 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 19:09 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 19:09 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 19:09 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 19:09 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 19:09 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 19:09 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 19:02 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-14 19:02 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 19:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 19:01 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-14 19:01 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-14 19:01 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-14 19:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 18:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-14 18:56 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-14 18:50 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 18:12 - 2010-12-05 11:49 - 01479012 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 18:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 18:08 - 2009-07-14 05:39 - 00159559 _____ () C:\Windows\setupact.log
2015-03-09 17:56 - 2012-03-30 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 16:54 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 16:54 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 16:45 - 2010-12-24 21:45 - 00375322 _____ () C:\Windows\PFRO.log
2015-03-08 21:46 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-08 21:44 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 06:48 - 2013-08-31 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 06:34 - 2010-12-05 12:40 - 00000000 ____D () C:\Users\Johanna
2015-03-07 03:10 - 2014-03-01 10:32 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox
2015-03-06 23:15 - 2014-03-01 10:36 - 00000000 ___RD () C:\Users\Johanna\Dropbox
2015-03-06 16:06 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-06 14:58 - 2010-12-05 12:44 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 14:16 - 2010-12-05 12:51 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-27 22:41 - 2014-08-17 11:58 - 00000000 ____D () C:\Windows\rescache
2015-02-27 21:58 - 2014-11-05 00:21 - 00000000 ____D () C:\Users\Johanna\Desktop\Uni
2015-02-27 19:35 - 2011-11-21 09:06 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-27 19:22 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-02-27 19:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-27 17:59 - 2010-12-11 11:19 - 00002417 _____ () C:\Users\Johanna\Desktop\Trillian.lnk
2015-02-27 17:59 - 2010-12-05 11:01 - 00000000 ____D () C:\Program Files\Trillian
2015-02-27 17:56 - 2013-01-29 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-27 17:56 - 2012-11-21 19:18 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-02-27 17:55 - 2011-03-20 19:53 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 17:35 - 2011-02-05 20:55 - 00000000 ____D () C:\Program Files\Derive 6
2015-02-20 11:57 - 2012-09-27 19:37 - 00000000 ____D () C:\ProgramData\Cisco
2015-02-20 11:57 - 2010-12-24 21:38 - 00000000 ____D () C:\Program Files\Cisco
2015-02-15 13:36 - 2009-07-14 05:33 - 00293816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 13:33 - 2014-12-16 21:01 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 13:33 - 2014-05-06 16:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 13:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-15 13:29 - 2013-08-10 00:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:10 - 2012-05-01 07:58 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-15 13:10 - 2011-01-27 17:13 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-15 13:09 - 2011-01-27 17:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-14 18:42 - 2014-03-01 10:36 - 00001026 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk
2015-02-14 18:42 - 2014-03-01 10:33 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-09 18:43 - 2013-10-09 22:44 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\texstudio

==================== Files in the root of some directories =======

2012-06-23 19:29 - 2012-06-23 19:30 - 37456234 _____ (Google Inc.) C:\Program Files\A-SDK-installer_r18-windows.exe
2013-09-20 13:02 - 2013-09-20 13:02 - 153313362 _____ () C:\Program Files\openoffice1.cab
2013-09-20 13:00 - 2013-09-20 13:00 - 2269184 _____ () C:\Program Files\openoffice401.msi
2011-01-19 12:30 - 2011-01-19 12:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab
2011-01-19 12:34 - 2011-01-19 12:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi
2012-05-10 21:40 - 2012-05-10 21:40 - 17825480 _____ (pdfforge GbR) C:\Program Files\PDFCreator.exe
2013-09-20 13:00 - 2013-09-20 13:00 - 0000279 _____ () C:\Program Files\setup.ini
2013-05-27 14:57 - 2013-06-03 16:11 - 0000868 _____ () C:\Users\Johanna\AppData\Roaming\gnuplot_history
2013-08-27 20:52 - 2013-09-25 13:30 - 0000600 _____ () C:\Users\Johanna\AppData\Roaming\winscp.rnd
2013-08-28 13:07 - 2013-09-25 12:13 - 0000600 _____ () C:\Users\Johanna\AppData\Local\PUTTY.RND
2015-01-27 00:14 - 2015-01-27 00:14 - 0002165 _____ () C:\Users\Johanna\AppData\Local\recently-used.xbel
2013-01-29 17:13 - 2013-01-29 17:13 - 0007605 _____ () C:\Users\Johanna\AppData\Local\Resmon.ResmonCfg
2011-11-20 11:06 - 2011-11-20 11:06 - 0000000 _____ () C:\Users\Johanna\AppData\Local\{BDE000DD-25B2-4BA8-B06C-BC0EAB343718}

Some content of TEMP:
====================
C:\Users\Johanna\AppData\Local\temp\avgnt.exe
C:\Users\Johanna\AppData\Local\temp\Quarantine.exe
C:\Users\Johanna\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 13:43

==================== End Of Log ============================

--- --- ---

schrauber · 10.03.2015, 12:17

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

BigJu · 10.03.2015, 15:21

ESET hat noch was gefunden:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=730f0b4971a4d44999a8123ff31c3fda
# engine=22836
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 12:57:34
# local_time=2015-03-10 01:57:34 (+0100, Mitteleuropäische Zeit    )
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 145791 291415544 142191 0
# compatibility_mode=5892 16777213 88 94 1990110 76778385 0 0
# scanned=173168
# found=1
# cleaned=0
# scan_time=4792
sh=0DFE553B116BAB195669A66725BDCE6D7BCF304E ft=0 fh=0000000000000000 vn="Win32/LockScreen.AHO Trojaner" ac=I fn="C:\found.000\file0000.chk"

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop                   
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
 Mozilla Thunderbird (31.4.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Johanna (administrator) on JOHANNA-LAP on 10-03-2015 15:17:44
Running from C:\Users\Johanna\Desktop
Loaded Profiles: Johanna (Available profiles: Johanna)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Windows\System32\PAStiSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Dell Inc.) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-05] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-25] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1636702197-2669522382-2271460054-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.44.1

FireFox:
========
FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: GlassMyFox - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2012-01-19]
FF Extension: NoScript - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\as1qy2zp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-21]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2011-02-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 alssvc; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [382232 2008-06-03] (Dell Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-25] (Avira Operations GmbH & Co. KG)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [229458 2010-04-05] (IDT, Inc.)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\Johanna\AppData\Local\Temp\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 15:17 - 2015-03-10 15:18 - 00011734 _____ () C:\Users\Johanna\Desktop\FRST.txt
2015-03-10 14:38 - 2015-03-10 14:38 - 00000000 ____D () C:\Users\Johanna\Desktop\FRST-OlderVersion
2015-03-10 12:33 - 2015-03-10 12:33 - 00000000 ____D () C:\Program Files\ESET
2015-03-10 12:32 - 2015-03-10 12:32 - 02347384 _____ (ESET) C:\Users\Johanna\Desktop\esetsmartinstaller_deu.exe
2015-03-10 12:28 - 2015-03-10 12:28 - 00852604 _____ () C:\Users\Johanna\Desktop\SecurityCheck.exe
2015-03-09 18:12 - 2015-03-09 18:12 - 00000762 _____ () C:\Users\Johanna\Desktop\JRT.txt
2015-03-09 17:46 - 2015-03-09 18:06 - 00000000 ____D () C:\AdwCleaner
2015-03-09 16:53 - 2015-03-09 16:53 - 01388333 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT.exe
2015-03-09 16:52 - 2015-03-09 17:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Johanna\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 16:52 - 2015-03-09 16:55 - 02126848 _____ () C:\Users\Johanna\Desktop\AdwCleaner_4.111.exe
2015-03-08 21:46 - 2015-03-08 21:46 - 00018034 _____ () C:\ComboFix.txt
2015-03-08 21:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 21:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 21:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 21:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 21:32 - 2015-03-08 21:46 - 00000000 ____D () C:\Qoobox
2015-03-08 21:32 - 2015-03-08 21:44 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 21:29 - 2015-03-08 21:30 - 05612482 ____R (Swearware) C:\Users\Johanna\Desktop\ComboFix.exe
2015-03-08 13:17 - 2015-03-08 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-08 12:46 - 2015-03-08 13:34 - 00000000 ____D () C:\Users\Johanna\Desktop\mbar
2015-03-08 12:33 - 2015-03-08 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Johanna\Desktop\mbar-1.09.1.1004.exe
2015-03-08 12:32 - 2015-03-08 12:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Johanna\Desktop\tdsskiller.exe
2015-03-07 14:24 - 2015-03-07 14:24 - 00362811 _____ () C:\Users\Johanna\Desktop\Logs.zip
2015-03-07 06:48 - 2015-03-07 06:48 - 271107613 _____ () C:\Windows\MEMORY.DMP
2015-03-07 06:48 - 2015-03-07 06:48 - 00148160 _____ () C:\Windows\Minidump\030715-24273-01.dmp
2015-03-07 06:39 - 2015-03-10 15:17 - 00000000 ____D () C:\FRST
2015-03-07 06:34 - 2015-03-07 06:35 - 00000636 _____ () C:\Users\Johanna\Desktop\defogger_disable.log
2015-03-07 06:34 - 2015-03-07 06:35 - 00000020 _____ () C:\Users\Johanna\defogger_reenable
2015-03-07 06:33 - 2015-03-07 06:33 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe
2015-03-07 06:32 - 2015-03-10 14:38 - 01134592 _____ (Farbar) C:\Users\Johanna\Desktop\FRST.exe
2015-03-07 06:32 - 2015-03-07 06:32 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe
2015-03-06 23:16 - 2015-03-07 01:05 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-03-06 23:07 - 2015-03-06 23:11 - 38804664 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\Windows-KB890830-V5.21.exe
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-06 16:17 - 2015-03-06 16:17 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2015-03-06 15:51 - 2015-03-06 16:15 - 131861240 _____ (Microsoft Corporation) C:\Users\Johanna\Desktop\msert.exe
2015-03-02 16:22 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-02 16:22 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-02 16:21 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-27 19:35 - 2015-03-09 17:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 19:34 - 2015-03-09 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2015-03-09 17:18 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-27 19:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-27 19:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 18:18 - 2015-02-27 18:18 - 00098824 _____ () C:\Users\Johanna\Documents\cc_20150227_181759.reg
2015-02-27 17:57 - 2015-02-27 18:00 - 00000000 ____D () C:\Users\Johanna\Desktop\NZ
2015-02-27 11:33 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 12:32 - 2015-02-20 20:43 - 00017779 _____ () C:\Users\Johanna\Desktop\Tennis_2015.ods
2015-02-16 12:11 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-16 12:11 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 20:48 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 20:47 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 20:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 20:47 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 20:47 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-14 20:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 20:47 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-14 20:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 20:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 20:47 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 20:47 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 20:47 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 20:47 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 20:47 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-14 20:47 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-14 20:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 20:47 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-14 20:47 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-14 20:47 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 20:47 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 20:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 20:47 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 20:47 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-14 20:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 20:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 20:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 20:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 19:09 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 19:09 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 19:09 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 19:09 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 19:09 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 19:09 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 19:09 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 19:09 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 19:09 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 19:09 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 19:02 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-14 19:02 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 19:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 19:01 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-14 19:01 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-14 19:01 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-14 19:01 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-14 19:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 19:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 18:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-14 18:56 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-14 18:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-14 18:50 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 15:15 - 2010-12-05 11:49 - 01511041 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 14:56 - 2012-03-30 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 11:51 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 11:51 - 2009-07-14 05:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 11:44 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 11:44 - 2009-07-14 05:39 - 00159615 _____ () C:\Windows\setupact.log
2015-03-09 16:45 - 2010-12-24 21:45 - 00375322 _____ () C:\Windows\PFRO.log
2015-03-08 21:46 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-08 21:44 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 06:48 - 2013-08-31 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 06:34 - 2010-12-05 12:40 - 00000000 ____D () C:\Users\Johanna
2015-03-07 03:10 - 2014-03-01 10:32 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox
2015-03-06 23:15 - 2014-03-01 10:36 - 00000000 ___RD () C:\Users\Johanna\Dropbox
2015-03-06 16:06 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-06 14:58 - 2010-12-05 12:44 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 14:16 - 2010-12-05 12:51 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-27 22:41 - 2014-08-17 11:58 - 00000000 ____D () C:\Windows\rescache
2015-02-27 21:58 - 2014-11-05 00:21 - 00000000 ____D () C:\Users\Johanna\Desktop\Uni
2015-02-27 19:35 - 2011-11-21 09:06 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-27 19:34 - 2011-11-21 09:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-27 19:22 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-02-27 19:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-27 17:59 - 2010-12-11 11:19 - 00002417 _____ () C:\Users\Johanna\Desktop\Trillian.lnk
2015-02-27 17:59 - 2010-12-05 11:01 - 00000000 ____D () C:\Program Files\Trillian
2015-02-27 17:56 - 2013-01-29 16:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-27 17:56 - 2012-11-21 19:18 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-02-27 17:55 - 2011-03-20 19:53 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 17:35 - 2011-02-05 20:55 - 00000000 ____D () C:\Program Files\Derive 6
2015-02-20 11:57 - 2012-09-27 19:37 - 00000000 ____D () C:\ProgramData\Cisco
2015-02-20 11:57 - 2010-12-24 21:38 - 00000000 ____D () C:\Program Files\Cisco
2015-02-15 13:36 - 2009-07-14 05:33 - 00293816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 13:33 - 2014-12-16 21:01 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 13:33 - 2014-05-06 16:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 13:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-15 13:29 - 2013-08-10 00:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 13:10 - 2012-05-01 07:58 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-15 13:10 - 2011-01-27 17:13 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-15 13:09 - 2011-01-27 17:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-14 18:42 - 2014-03-01 10:36 - 00001026 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk
2015-02-14 18:42 - 2014-03-01 10:33 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-09 18:43 - 2013-10-09 22:44 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\texstudio

==================== Files in the root of some directories =======

2012-06-23 19:29 - 2012-06-23 19:30 - 37456234 _____ (Google Inc.) C:\Program Files\A-SDK-installer_r18-windows.exe
2013-09-20 13:02 - 2013-09-20 13:02 - 153313362 _____ () C:\Program Files\openoffice1.cab
2013-09-20 13:00 - 2013-09-20 13:00 - 2269184 _____ () C:\Program Files\openoffice401.msi
2011-01-19 12:30 - 2011-01-19 12:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab
2011-01-19 12:34 - 2011-01-19 12:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi
2012-05-10 21:40 - 2012-05-10 21:40 - 17825480 _____ (pdfforge GbR) C:\Program Files\PDFCreator.exe
2013-09-20 13:00 - 2013-09-20 13:00 - 0000279 _____ () C:\Program Files\setup.ini
2013-05-27 14:57 - 2013-06-03 16:11 - 0000868 _____ () C:\Users\Johanna\AppData\Roaming\gnuplot_history
2013-08-27 20:52 - 2013-09-25 13:30 - 0000600 _____ () C:\Users\Johanna\AppData\Roaming\winscp.rnd
2013-08-28 13:07 - 2013-09-25 12:13 - 0000600 _____ () C:\Users\Johanna\AppData\Local\PUTTY.RND
2015-01-27 00:14 - 2015-01-27 00:14 - 0002165 _____ () C:\Users\Johanna\AppData\Local\recently-used.xbel
2013-01-29 17:13 - 2013-01-29 17:13 - 0007605 _____ () C:\Users\Johanna\AppData\Local\Resmon.ResmonCfg
2011-11-20 11:06 - 2011-11-20 11:06 - 0000000 _____ () C:\Users\Johanna\AppData\Local\{BDE000DD-25B2-4BA8-B06C-BC0EAB343718}

Some content of TEMP:
====================
C:\Users\Johanna\AppData\Local\temp\avgnt.exe
C:\Users\Johanna\AppData\Local\temp\Quarantine.exe
C:\Users\Johanna\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 13:43

==================== End Of Log ============================

--- --- ---

schrauber · 11.03.2015, 10:19

Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\found.000\file0000.chk
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

BigJu · 11.03.2015, 18:51

Hallo,

hier noch das log:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Johanna at 2015-03-11 18:35:34 Run:1
Running from C:\Users\Johanna\Desktop
Loaded Profiles: Johanna (Available profiles: Johanna)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\found.000\file0000.chk
Emptytemp:
*****************

C:\found.000\file0000.chk => Moved successfully.
EmptyTemp: => Removed 518 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:36:09 ====

Den Rest mache ich dann wie oben beschrieben.

Nochmals vielen vielen vielen Dank für deine Hilfe

Die Tipps werde ich beherzigen

schrauber · 12.03.2015, 09:36

Gern Geschehen

12.03.2015, 09:36	#14
schrauber /// the machine /// TB-Ausbilder	AutoIt/Ippedo.A, Win32/Autorun.AHV!lnk Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

AutoIt/Ippedo.A, Win32/Autorun.AHV!lnk

Plagegeister aller Art und deren Bekämpfung: AutoIt/Ippedo.A, Win32/Autorun.AHV!lnk