Hallo!
Ich denke ich habe mir einen Virus eingefangen. Mein Rechner ist extrem langsam geworden. Außerdem hat Avira was gefunden unter der Meldung TR/patched.ren.gen mit der Quelle miditest.exe bzw. memtest.exe
Kann mir dazu jemand helfen?
Vielen, vielen Dank!
Viele Grüße!

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:

• Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
• Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
• Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
• Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Bitte die Logdatei von Avira posten!


Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Matthias!
Vielen Dank für die schnelle Antwort!
Die Logdateu von Avira finde ich leider nicht . Ich habe diese Meldung:

In der Datei 'C:\Program Files\Toshiba\PCDiag\miditest.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Program Files\Toshiba\PCDiag\memtest.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Hier die FRST Ergebnisse:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by RuhlandA (administrator) on ZUE-W-9860 on 29-03-2015 13:15:41
Running from C:\Users\ruhlanda\Desktop
Loaded Profiles: RuhlandA (Available profiles: RuhlandA & Zwick)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Service.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\mgmtagnt.exe
(Juniper Networks) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Mobile Broadband Service\WMCore.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\mgmtagnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(FrontRange) C:\Program Files\netinst\DSM_Remote_Tray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\3GUty\tw3gctrl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(FrontRange Solutions USA Inc. and/or its affiliates) C:\Program Files\netinst\eTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [00THotkey] => C:\Windows\system32\00THotkey.exe
HKLM\...\Run: [000StTHK] => C:\Windows\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSHIBA_3G_UTY] => C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [1598848 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TOSDCR] => C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Discovery User Input] => C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [241664 2011-12-16] ()
HKLM\...\Run: [NetInstall NiTray] => C:\Program Files\NetInst\eTray.exe [67112 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSCRM] => C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe [35504 2014-01-16] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Run: [OneDrive] => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll => C:\Program Files\netinst\NiAMH.dll [61480 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
IFEO\dinotify.exe: [Debugger] C:\Program Files\NetInst\dinotdbg.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-105326146-1529052593-1124750213-48872] => zue-s-87:8080
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-105326146-1529052593-1124750213-48872 -> DefaultScope {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-105326146-1529052593-1124750213-48872 -> {7352399A-E2ED-422D-8500-239FB37C36B7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: iCloud Bookmarks - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\firefoxdav@icloud.com [2014-11-15]
FF Extension: Bitdefender QuickScan - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-03-29]
FF Extension: Autofill Forms - C:\Users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\Extensions\autofillForms@blueimp.net.xpi [2014-07-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVir Security Management Center Agent; C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-11-20] (Avira Operations GmbH & Co. KG) [File not signed]
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [342480 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [463824 2012-01-31] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DiscoveryClientAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1539136 2011-12-16] ()
R2 DiscoveryIPTransferAgent; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601152 2011-12-16] ()
R2 DSM_Remote_Service; C:\Program Files\netinst\DSM_Remote_Service.exe [4168744 2013-02-22] (FrontRange)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688232 2013-05-24] (Juniper Networks)
R2 ersupext; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 esiCore; C:\Program Files\NetInst\mgmtagnt.exe [220200 2013-02-22] (FrontRange Solutions USA Inc. and/or its affiliates)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [132392 2009-11-13] (Juniper Networks)
R3 LanProbe; C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [236032 2011-12-16] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [127384 2009-12-18] (TOSHIBA CORPORATION)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files\Mobile Broadband Service\WMCore.exe [700928 2009-12-10] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2012-01-31] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-01-31] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [26952 2014-03-12] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-05-23] (Juniper Networks)
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2009-11-19] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2009-11-19] (Ericsson AB)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-28] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 t36gbus; C:\Windows\System32\DRIVERS\t36gbus.sys [285056 2009-06-26] (MCCI Corporation)
R3 t36gmdfl; C:\Windows\System32\DRIVERS\t36gmdfl.sys [14976 2009-06-26] (MCCI Corporation)
R3 t36gmdm; C:\Windows\System32\DRIVERS\t36gmdm.sys [374016 2009-06-26] (MCCI Corporation)
R3 t36gmgmt; C:\Windows\System32\DRIVERS\t36gmgmt.sys [357376 2009-06-26] (MCCI Corporation)
R3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps.sys [82984 2009-07-10] (Ericsson AB)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [227880 2009-11-25] (Ericsson AB)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:15 - 2015-03-29 13:15 - 00020519 _____ () C:\Users\ruhlanda\Desktop\FRST.txt
2015-03-29 13:14 - 2015-03-29 13:14 - 00000592 _____ () C:\Users\ruhlanda\Desktop\Ereignisse.txt
2015-03-29 13:07 - 2015-03-29 13:07 - 01135104 _____ (Farbar) C:\Users\ruhlanda\Desktop\FRST.exe
2015-03-29 12:58 - 2015-03-29 13:03 - 00000000 ____D () C:\ProgramData\F-Secure
2015-03-29 12:58 - 2015-03-29 12:58 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\F-Secure
2015-03-29 12:56 - 2015-03-29 12:55 - 00572456 _____ (F-Secure Corporation) C:\Users\ruhlanda\Desktop\F-SecureOnlineScanner.exe
2015-03-29 12:28 - 2015-03-29 12:32 - 00000000 ____D () C:\Users\ruhlanda\AppData\Roaming\QuickScan
2015-03-28 09:22 - 2015-03-28 09:22 - 00000165 ____H () C:\Users\ruhlanda\Desktop\~$IMD CEO 2015 myposter Live Case Final Version.pptx
2015-03-27 14:16 - 2015-03-28 10:39 - 00256247 _____ () C:\Users\ruhlanda\Desktop\IMD CEO 2015 myposter Live Case Final Version.pptx
2015-03-25 23:55 - 2015-03-27 14:14 - 00251104 _____ () C:\Users\ruhlanda\Desktop\IMD CEO 2015 myposter Live Case Version 3.pptx
2015-03-23 23:59 - 2015-03-23 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 16:19 - 2015-03-22 16:19 - 00060075 ____N () C:\Users\ruhlanda\Desktop\HelveticaNeue.zip
2015-03-22 16:19 - 2009-02-06 10:04 - 00048360 _____ () C:\Users\ruhlanda\Desktop\HelveticaNeueLTPro-Bd.otf
2015-03-22 16:19 - 2009-02-06 10:04 - 00047892 _____ () C:\Users\ruhlanda\Desktop\HelveticaNeueLTPro-Roman.otf
2015-03-19 17:45 - 2015-03-19 17:45 - 00243368 _____ () C:\Users\ruhlanda\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-14 17:16 - 2015-03-14 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-08 23:57 - 2015-03-08 23:57 - 00000000 ____D () C:\Users\ruhlanda\Desktop\IMD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 13:15 - 2014-02-21 16:47 - 00000000 ____D () C:\FRST
2015-03-29 13:11 - 2009-07-14 06:34 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 13:11 - 2009-07-14 06:34 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 13:08 - 2014-04-16 08:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 12:12 - 2012-02-07 15:20 - 01742975 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 12:09 - 2010-11-20 23:01 - 01647522 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 12:05 - 2014-04-16 09:45 - 00000000 ___RD () C:\Users\ruhlanda\Google Drive
2015-03-29 12:03 - 2014-04-16 08:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 12:03 - 2014-02-27 14:03 - 00359936 _____ () C:\Windows\system32\Crm30ForOutlookInstaller.log
2015-03-29 12:03 - 2012-02-07 15:21 - 00000000 ____D () C:\Program Files\netinst
2015-03-29 12:03 - 2010-11-20 23:48 - 01433012 _____ () C:\Windows\PFRO.log
2015-03-29 12:03 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 12:03 - 2009-07-14 06:39 - 00175870 _____ () C:\Windows\setupact.log
2015-03-26 16:54 - 2014-10-24 02:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\1
2015-03-26 15:33 - 2014-04-23 09:22 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\8D550D74-1468-4B96-BE86-FEDABC2BBBA4.aplzod
2015-03-25 23:18 - 2012-05-08 12:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 23:36 - 2013-08-19 17:12 - 00113760 _____ () C:\Users\ruhlanda\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-23 23:35 - 2009-07-14 06:33 - 00448112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 17:46 - 2012-02-07 18:13 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-15 11:10 - 2014-04-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 17:17 - 2014-05-10 00:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-14 17:16 - 2014-05-10 00:28 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-14 17:16 - 2014-05-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-14 17:15 - 2012-03-20 00:14 - 00000000 ____D () C:\Program Files\Java
2015-03-14 17:11 - 2014-08-20 20:00 - 00000000 ____D () C:\Users\ruhlanda\AppData\Local\Adobe
2015-03-14 17:11 - 2012-11-22 22:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 17:11 - 2012-11-22 22:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 12:48 - 2014-02-20 12:45 - 00002151 _____ () C:\Users\ruhlanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-01 22:39 - 2013-09-03 21:18 - 00000000 ____D () C:\Users\ruhlanda\Desktop\Screenshots

Some content of TEMP:
====================
C:\Users\ruhlanda\AppData\Local\Temp\cleanup_tool.exe
C:\Users\ruhlanda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3gmcyz.dll
C:\Users\ruhlanda\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ruhlanda\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\ruhlanda\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\ruhlanda\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\ruhlanda\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 11:12

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by RuhlandA at 2015-03-29 13:16:15
Running from C:\Users\ruhlanda\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM\...\{E8C23EBE-EE3C-4299-9DB9-601AB3751454}) (Version: 16.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Management Console Agent (HKLM\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version:  - Avira Operations GmbH & Co. KG)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 12.0.0.1236 - Avira)
axRTF (HKLM\...\{F1DBF78A-7E9A-4602-8E16-C5728230D787}) (Version: 1.0.0.0 - Zwick / Roell AG)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iR Toolbox 4.9.1.1.ir02 (HKLM\...\{2643914A-E2C2-4180-8396-59B8E1EAFA2F}) (Version: 1.1.0 - Canon)
Canon iR1018/1022/1023 (HKLM\...\{5830B3AB-D08F-4a6d-9925-F95860EE2954}) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Dropbox (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EdiVotePro (HKLM\...\{D45050DD-D11C-4E1F-A70A-088B914D7989}) (Version: 1.3.982 - Infowhyse)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HVB eFIN 4 (HKLM\...\HVB eFIN 4) (Version:  - )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Installer Service (HKLM\...\{447D8B58-880C-4627-BF57-9C408219313E}) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.25351 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\Juniper_Term_Services) (Version: 8.0.3.30619 - Juniper Networks)
Kalender-Excel-8.9 (HKLM\...\Kalender-Excel-8.9_is1) (Version: 8.9 - MSDatec)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-105326146-1529052593-1124750213-48872\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband service (HKLM\...\{C2D206A3-1B8E-4DE5-8330-871AD23D4D77}) (Version: 6.1.11.2 - Ericsson AB)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version:  - )
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TOSHIBA Mobile Broadband Device  (HKLM\...\{B03E7DD6-21F9-444D-8CFE-EBE44EC1B407}) (Version: 6.1.13.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.4.1 - TOSHIBA Corporation)
TOSHIBA Wireless Manager (HKLM\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 6.1.13.101 - TOSHIBA CORPORATION)
Update Rollup 8 for Microsoft Dynamics CRM for Outlook (KB2600644) (HKLM\...\KB2600644_Client_1033) (Version: 5.0.9690.2243 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Movie Decoder (HKLM\...\{D8E9CA51-F0C2-4FBC-95C6-BECC8C83F04D}) (Version: 1.00.0000 - VMware, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 5.1 Free (HKLM\...\{66F28964-CE41-459A-A4FF-A6BBD1374282}) (Version: 5.1 - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105326146-1529052593-1124750213-48872_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-03-2015 11:19:19 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-04-11 08:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06C96D7A-C16F-46AB-9E1A-E1E329C81680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {4EA30762-9EED-4710-A479-0784F69D3861} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {83473215-141F-4373-893F-AC0F3162A9A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-04 15:23 - 2009-10-01 14:07 - 00011264 _____ () C:\Windows\System32\KOAZXJ_L.dll
2013-02-04 15:23 - 2009-11-02 16:14 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZXJ_O.DLL
2012-06-21 12:14 - 2012-01-31 09:24 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-06-04 08:57 - 2012-03-27 12:33 - 00126721 _____ () C:\Program Files\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 17:08 - 2011-12-16 12:26 - 01539136 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
2012-02-07 17:08 - 2011-12-16 12:27 - 00601152 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
2012-02-07 15:24 - 2013-02-22 18:29 - 00065024 ____N () C:\Program Files\netinst\zlib1.dll
2015-03-29 12:03 - 2015-03-29 12:03 - 00006144 _____ () C:\Program Files\netinst\sdesk.dll
2012-02-07 15:24 - 2013-02-22 18:29 - 00065024 ____N () C:\Program Files\NetInst\zlib1.dll
2009-12-10 12:07 - 2009-12-10 12:07 - 00700928 ____R () C:\Program Files\Mobile Broadband Service\WMCore.exe
2009-03-25 21:08 - 2009-03-25 21:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Service\MBMDebug.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 15:14 - 2010-03-03 15:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:14 - 2010-03-03 15:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-02-07 17:08 - 2011-12-16 12:27 - 00236032 _____ () C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
2015-03-14 17:08 - 2015-03-14 17:11 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll
2012-06-21 12:14 - 2012-01-31 09:24 - 00398288 _____ () C:\program files\avira\antivir desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-105326146-1529052593-1124750213-48872\Control Panel\Desktop\\Wallpaper -> \\enteo\enteo$\Install\Master\Projects\62204\rev\9\Extern$\Zwick Wallpaper.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ffdwnd => C:\Users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetInstall NiTray => "C:\Program Files\NetInst\eTray.exe"
MSCONFIG\startupreg: niagnt32 => C:\Program Files\NetInst\niagnt32.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==================== Accounts: =============================

Administrator (S-1-5-21-204117488-291554393-1161031085-500 - Administrator - Disabled)
enteoInstaller (S-1-5-21-204117488-291554393-1161031085-1002 - Administrator - Enabled)
Gast (S-1-5-21-204117488-291554393-1161031085-501 - Limited - Disabled)
Zwick (S-1-5-21-204117488-291554393-1161031085-1001 - Administrator - Enabled) => C:\Users\Zwick

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 00:17:53 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft Windows Search-Indexerstellung wurde wegen dieses Fehlers geschlossen.

Programm: Microsoft Windows Search-Indexerstellung
Datei: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3

Error: (03/29/2015 00:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0c672
Name des fehlerhaften Moduls: TQUERY.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d569
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0002eb6a
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (03/29/2015 00:17:09 PM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei
C:\Users\ruhlanda\AppData\Local\Mozilla\Firefox\Profiles\7jnmv00a.default\cache2\entries\4487A16E313EA1FC432383A4A9629A06126C2874.
 [ACCESS_VIOLATION Exception!! EIP = 0x6d899652]
 Bitte Avira informieren und die obige Datei übersenden!

Error: (03/29/2015 00:12:31 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\sdclt.exe" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft® Windows-Sicherung wurde wegen dieses Fehlers geschlossen.

Programm: Microsoft® Windows-Sicherung
Datei: C:\Windows\System32\sdclt.exe

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3

Error: (03/29/2015 00:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sdclt.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78ec8
Name des fehlerhaften Moduls: sdclt.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78ec8
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00064a2e
ID des fehlerhaften Prozesses: 0xdc0
Startzeit der fehlerhaften Anwendung: 0xsdclt.exe0
Pfad der fehlerhaften Anwendung: sdclt.exe1
Pfad des fehlerhaften Moduls: sdclt.exe2
Berichtskennung: sdclt.exe3

Error: (03/29/2015 00:07:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft Windows Search-Indexerstellung wurde wegen dieses Fehlers geschlossen.

Programm: Microsoft Windows Search-Indexerstellung
Datei: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3

Error: (03/29/2015 00:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0c672
Name des fehlerhaften Moduls: TQUERY.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d569
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0002eb6a
ID des fehlerhaften Prozesses: 0x12cc
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (03/29/2015 00:05:49 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von ZUE-W-9860 (192.168.2.143) ist fehlgeschlagen.
Keine gültige Lizenz gefunden. .
Es wurden keine neuen Dateien geladen.

Error: (03/29/2015 00:05:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:05:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft Windows Search-Indexerstellung wurde wegen dieses Fehlers geschlossen.

Programm: Microsoft Windows Search-Indexerstellung
Datei: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3


System errors:
=============
Error: (03/29/2015 01:02:29 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:19 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (03/29/2015 01:02:01 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (03/29/2015 00:17:53 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ciMicrosoft Windows Search-IndexerstellungC000009C3

Error: (03/29/2015 00:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0c672TQUERY.DLL7.0.7601.176104dc0d569c00000060002eb6a7b801d06a0832b5d8b2C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLdbb10561-d5fc-11e4-a1a5-0023182fae92

Error: (03/29/2015 00:17:09 PM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: C:\Users\ruhlanda\AppData\Local\Mozilla\Firefox\Profiles\7jnmv00a.default\cache2\entries\4487A16E313EA1FC432383A4A9629A06126C2874ACCESS_VIOLATION0x6d899652AVEPROC_TestFile()

Error: (03/29/2015 00:12:31 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\sdclt.exeMicrosoft® Windows-SicherungC000009C3

Error: (03/29/2015 00:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sdclt.exe6.1.7601.175144ce78ec8sdclt.exe6.1.7601.175144ce78ec8c000000600064a2edc001d06a08da8722b0C:\Windows\System32\sdclt.exeC:\Windows\System32\sdclt.exe1c11f049-d5fc-11e4-a1a5-0023182fae92

Error: (03/29/2015 00:07:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ciMicrosoft Windows Search-IndexerstellungC000009C3

Error: (03/29/2015 00:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0c672TQUERY.DLL7.0.7601.176104dc0d569c00000060002eb6a12cc01d06a07f466c4f2C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL6b8765e8-d5fb-11e4-a1a5-0023182fae92

Error: (03/29/2015 00:05:49 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: ZUE-W-9860 (192.168.2.143)Keine gültige Lizenz gefunden.

Error: (03/29/2015 00:05:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:05:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ciMicrosoft Windows Search-IndexerstellungC000009C3


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 56%
Total physical RAM: 2928.43 MB
Available physical RAM: 1267.62 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 3917.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.84 GB) (Free:19.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 44AFAEEC)
Partition 1: (Not Active) - (Size=251 MB) - (Type=1B)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=277.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Servus,


bei den Meldungen von Avira handelt es sich um einen Fehlalarm.

Aber eine andere Frage habe ich da noch:


Hast du diesen Proxy Server selbst gesetzt?

Zitat:

ProxyServer: [S-1-5-21-105326146-1529052593-1124750213-48872] => zue-s-87:8080

Gibt es sonst Probleme mit dem Rechner?

Wir können schon ein paar Kontrollen zur Sicherheit durchlaufen lassen.

Hi,
würde gerne noch ein paar Kontrollen durchlaufen lassen. Hab das Gefühl, dass irgendwas nicht stimmt.
Den Proxy habe ich nicht selbst gesetzt. Wahrscheinlich war das die Firma. Ich habe einen ehemaligen Firmenrechner, den ich inzwischen priv nutze.
Danke Dir!

Servus,


ok, dann beginnen wir so:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ich habe Combofix durchgeführt. Allerdings konnte ich Avira nicht schließen. Der ist auch noch von der Firma installiert und kann nur mit einem Passwort geschlossen werden, das ich nicht habe .

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 15-03-29.01 - RuhlandA 29.03.2015  14:17:14.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2928.1291 [GMT 2:00]
ausgeführt von:: c:\users\ruhlanda\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Update.exe
.
c:\windows\System32\sdclt.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-28 bis 2015-03-29  ))))))))))))))))))))))))))))))
.
.
2015-03-29 12:28 . 2015-03-29 12:28	--------	d-----w-	c:\users\enteoRuntime\AppData\Local\temp
2015-03-29 12:28 . 2015-03-29 12:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-29 10:58 . 2015-03-29 11:03	--------	d-----w-	c:\programdata\F-Secure
2015-03-29 10:58 . 2015-03-29 10:58	--------	d-----w-	c:\users\ruhlanda\AppData\Local\F-Secure
2015-03-29 10:28 . 2015-03-29 10:32	--------	d-----w-	c:\users\ruhlanda\AppData\Roaming\QuickScan
2015-03-14 15:16 . 2015-03-14 15:16	--------	d-----w-	c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-14 15:16 . 2014-05-09 22:28	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-03-14 15:11 . 2012-11-22 20:40	778928	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-03-14 15:11 . 2012-11-22 20:40	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-12 10:48	329376	----a-w-	c:\users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-12 10:48	329376	----a-w-	c:\users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-12 10:48	329376	----a-w-	c:\users\ruhlanda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\ruhlanda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"OneDrive"="c:\users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-03-12 281248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 170520]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2009-07-23 1598848]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-12-09 521640]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2010-09-25 173432]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-12-15 844152]
"Discovery User Input"="c:\program files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe" [2011-12-16 241664]
"NetInstall NiTray"="c:\program files\NetInst\eTray.exe" [2013-02-22 67112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSCRM"="c:\program files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2014-01-16 35504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"enablelua"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RecycleBinSize"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\netinst\NiAMH.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57	43848	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27	89184	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 01:54	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetInstall NiTray]
2013-02-22 16:20	67112	------w-	c:\program files\netinst\eTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niagnt32]
2013-02-22 16:22	171560	------w-	c:\program files\netinst\NiAgnt32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2013-04-22 09:05	720064	----a-w-	c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
R2 AntiVir Security Management Center Agent;Avira Management Console Agent;c:\program files\Avira\Avira Security Management Center Agent\agent.exe [2013-11-20 1128705]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 WMCoreService;Mobile Broadband Core Service;c:\program files\Mobile Broadband Service\WMCore.exe servicemode [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-09-26 87976]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-08-06 18944]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
R4 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2012-01-31 342480]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-01-31 463824]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 DiscoveryClientAgent;DiscoveryClientAgent;c:\program files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [2011-12-16 1539136]
S2 DiscoveryIPTransferAgent;DiscoveryIPTransferAgent;c:\program files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [2011-12-16 601152]
S2 ersupext;FrontRange DSM Runtime Service;c:\program files\NetInst\mgmtagnt.exe [2013-02-22 220200]
S2 esiCore;FrontRange DSM Core Services;c:\program files\NetInst\mgmtagnt.exe [2013-02-22 220200]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2009-11-13 132392]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [2009-12-18 127384]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-09-26 479224]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-17 677320]
S3 cdprku;cdprku;c:\windows\system32\Drivers\cdprku.sys [2014-03-12 26952]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwanuss.sys [2009-11-19 23592]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwanussf.sys [2009-11-19 26152]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
S3 LanProbe;LanProbe;c:\program files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe [2011-12-16 236032]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-28 6814720]
S3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);c:\windows\system32\DRIVERS\t36gbus.sys [2009-06-26 285056]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);c:\windows\system32\DRIVERS\t36gmdfl.sys [2009-06-26 14976]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);c:\windows\system32\DRIVERS\t36gmdm.sys [2009-06-26 374016]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);c:\windows\system32\DRIVERS\t36gmgmt.sys [2009-06-26 357376]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\t36wgps.sys [2009-07-10 82984]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2009-11-25 227880]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-16 06:05]
.
2015-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-16 06:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uInternet Settings,ProxyServer = zue-s-87:8080
uInternet Settings,ProxyOverride = intranet.zwick.de;intranet.zue.zwick.de;infoplatform.zwick.de;zue-s-*;172.16.*;192.168.*;crm.zwick.de;zwicktest.zwick.de;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\ruhlanda\AppData\Roaming\Mozilla\Firefox\Profiles\7jnmv00a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-00THotkey - c:\windows\system32\00THotkey.exe
MSConfigStartUp-ffdwnd - c:\users\roella\AppData\Local\Mozilla\Firefox\firefox.exe
AddRemove-Kalender-Excel-8.9_is1 - c:\users\roella\Documents\Kalender-Excel-8.9\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSM_Remote_Service]
"ImagePath"="c:\progra~1\NetInst\DSM_RE~1.EXE /startedbyscm:B486F7BF-40E31D57-adminComService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-29  14:29:25
ComboFix-quarantined-files.txt  2015-03-29 12:29
.
Vor Suchlauf: 20 Verzeichnis(se), 20.609.323.008 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 24.456.089.600 Bytes frei
.
- - End Of File - - 98B560349E5680F0C14CFD503885AF55
A36C5E4F47E84449FF07ED3517B43A31
         

Servus,


Schritt 1
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

• Klicke auf Wählen Sie eine
• Kopiere nun folgendes in die Suchleiste
  
  Code: Alles auswählenAufklappen

  ATTFilter

  c:\windows\System32\sdclt.exe
           

• und klicke auf Öffnen.
• Klicke auf Scannen!.
• Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
  
  Zitat:

  Diese Datei wurde bereits von VirusTotal analysiert...

  klicke auf Neu analysieren.
• Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
• Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

• Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  

  Code: Alles auswählenAufklappen

  ATTFilter

  :filefind
  sdclt.exe
           

• Klicke nun auf den Button Look, um den Scan zu starten.
• Der Suchlauf kann einige Zeit dauern.
• Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
• Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Servus Matthias,
ich konnte Schritt 1 leider nicht durchführen... BeiVirusTotal stand bei 'Datei wird hochgeladen' immer nur 'Berechne Hash...' Nach ca. 1 Std. habe ich abgebrochen, weil nichts weiter ging.
Was nun? Soll ich noch länger warten?
Danke Dir!

Zitat:

Zitat von accr

Was nun? Soll ich noch länger warten?
Danke Dir!

weiter mit Schritt 2 bitte.

Code: Alles auswählenAufklappen

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 22:34 on 31/03/2015 by RuhlandA
 (Limited User)

========== filefind ==========

Searching for "sdclt.exe"
C:\Windows\System32\sdclt.exe	--a---- 1131008 bytes	[21:29 20/11/2010]	[21:29 20/11/2010] 7810A88CFE9FF26C58B4D40FDF2F84EC
C:\Windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_27112637c50aacd7\sdclt.exe	--a---- 1131008 bytes	[21:29 20/11/2010]	[21:29 20/11/2010] 7810A88CFE9FF26C58B4D40FDF2F84EC

-= EOF =-
         

Servus,





Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code: Alles auswählenAufklappen

ATTFilter

20:44:17.0271 0x0c24  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:44:22.0997 0x0c24  ============================================================
20:44:22.0997 0x0c24  Current date / time: 2015/04/01 20:44:22.0997
20:44:22.0997 0x0c24  SystemInfo:
20:44:22.0997 0x0c24  
20:44:22.0997 0x0c24  OS Version: 6.1.7601 ServicePack: 1.0
20:44:22.0997 0x0c24  Product type: Workstation
20:44:22.0997 0x0c24  ComputerName: ZUE-W-9860
20:44:22.0998 0x0c24  UserName: RuhlandA
20:44:22.0998 0x0c24  Windows directory: C:\Windows
20:44:22.0998 0x0c24  System windows directory: C:\Windows
20:44:22.0998 0x0c24  Processor architecture: Intel x86
20:44:22.0998 0x0c24  Number of processors: 4
20:44:22.0998 0x0c24  Page size: 0x1000
20:44:22.0998 0x0c24  Boot type: Normal boot
20:44:22.0998 0x0c24  ============================================================
20:44:28.0050 0x0c24  KLMD registered as C:\Windows\system32\drivers\60091948.sys
20:44:29.0374 0x0c24  System UUID: {1E1657C3-B385-4C33-FFC7-8356ABA9FFB6}
20:44:30.0389 0x0c24  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:44:30.0408 0x0c24  ============================================================
20:44:30.0408 0x0c24  \Device\Harddisk0\DR0:
20:44:30.0438 0x0c24  MBR partitions:
20:44:30.0438 0x0c24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x816E1, BlocksNum 0x2800A73
20:44:30.0438 0x0c24  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2882154, BlocksNum 0x22BAC15C
20:44:30.0438 0x0c24  ============================================================
20:44:30.0593 0x0c24  C: <-> \Device\Harddisk0\DR0\Partition2
20:44:30.0593 0x0c24  ============================================================
20:44:30.0593 0x0c24  Initialize success
20:44:30.0593 0x0c24  ============================================================
20:45:44.0370 0x11dc  ============================================================
20:45:44.0370 0x11dc  Scan started
20:45:44.0370 0x11dc  Mode: Manual; SigCheck; TDLFS; 
20:45:44.0370 0x11dc  ============================================================
20:45:44.0370 0x11dc  KSN ping started
20:45:56.0600 0x11dc  KSN ping finished: true
20:46:00.0551 0x11dc  ================ Scan system memory ========================
20:46:00.0551 0x11dc  System memory - ok
20:46:00.0551 0x11dc  ================ Scan services =============================
20:46:01.0517 0x11dc  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:46:01.0676 0x11dc  1394ohci - ok
20:46:01.0974 0x11dc  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
20:46:01.0984 0x11dc  AAV UpdateService - ok
20:46:02.0034 0x11dc  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:46:02.0069 0x11dc  ACPI - ok
20:46:02.0149 0x11dc  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:46:02.0324 0x11dc  AcpiPmi - ok
20:46:02.0415 0x11dc  [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
20:46:02.0459 0x11dc  acsock - ok
20:46:02.0611 0x11dc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:02.0631 0x11dc  AdobeARMservice - ok
20:46:02.0733 0x11dc  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:46:02.0839 0x11dc  adp94xx - ok
20:46:02.0924 0x11dc  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:46:03.0015 0x11dc  adpahci - ok
20:46:03.0118 0x11dc  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:46:03.0142 0x11dc  adpu320 - ok
20:46:03.0184 0x11dc  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:46:03.0730 0x11dc  AeLookupSvc - ok
20:46:03.0948 0x11dc  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
20:46:04.0023 0x11dc  AFD - ok
20:46:04.0054 0x11dc  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:46:04.0099 0x11dc  agp440 - ok
20:46:04.0163 0x11dc  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:46:04.0217 0x11dc  aic78xx - ok
20:46:04.0265 0x11dc  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:46:04.0388 0x11dc  ALG - ok
20:46:04.0494 0x11dc  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:46:04.0720 0x11dc  aliide - ok
20:46:04.0791 0x11dc  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:46:04.0816 0x11dc  amdagp - ok
20:46:04.0832 0x11dc  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:46:04.0995 0x11dc  amdide - ok
20:46:05.0071 0x11dc  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:46:05.0230 0x11dc  AmdK8 - ok
20:46:05.0337 0x11dc  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:46:05.0459 0x11dc  AmdPPM - ok
20:46:05.0556 0x11dc  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:46:05.0676 0x11dc  amdsata - ok
20:46:05.0738 0x11dc  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:46:05.0781 0x11dc  amdsbs - ok
20:46:05.0809 0x11dc  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:46:05.0885 0x11dc  amdxata - ok
20:46:06.0575 0x11dc  [ EEE4C8CC53A347ACBB4D1F05F19B6686, 92AADEFFC5C0FC77ACDD79B9EEF4F432B28E355C9352982433E62D559DA2E631 ] AntiVir Security Management Center Agent C:\Program Files\Avira\Avira Security Management Center Agent\agent.exe
20:46:06.0679 0x11dc  AntiVir Security Management Center Agent - detected UnsignedFile.Multi.Generic ( 1 )
20:46:06.0822 0x11dc  Detect skipped due to KSN trusted
20:46:06.0822 0x11dc  AntiVir Security Management Center Agent - ok
20:46:07.0067 0x11dc  [ F83FD8F520881B96F5344E99EF2C020B, 10B2C89CF519AF4A649B433DCB64EEB850E925E3F3CB21792CE6BF7F9986AC6C ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:46:07.0093 0x11dc  AntiVirMailService - ok
20:46:07.0144 0x11dc  [ 237086B6F9D8F76E704828F7DC7EDF4F, 8D4AE09F6719CE73EE961658AD797ACCE93BADCF342B78D6A17199E8CB4510AA ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:46:07.0154 0x11dc  AntiVirSchedulerService - ok
20:46:07.0247 0x11dc  [ A8842EEFF2766B65E663180B80FB443F, B3103F2F82B2719D5C322985310464DAA2246E1F85A09A6F4CF4B3D5996D359E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:46:07.0256 0x11dc  AntiVirService - ok
20:46:07.0465 0x11dc  [ FBD59710700762C619CD3124412B4D30, B552F5082053139478C0C48D759BA9078CAAEDA8460E88ECBA3A842ED0708F46 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:46:07.0491 0x11dc  AntiVirWebService - ok
20:46:07.0624 0x11dc  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
20:46:07.0688 0x11dc  AppID - ok
20:46:07.0809 0x11dc  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:46:07.0989 0x11dc  AppIDSvc - ok
20:46:08.0111 0x11dc  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
20:46:08.0254 0x11dc  Appinfo - ok
20:46:08.0447 0x11dc  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:08.0456 0x11dc  Apple Mobile Device - ok
20:46:08.0612 0x11dc  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:46:08.0807 0x11dc  AppMgmt - ok
20:46:08.0886 0x11dc  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
20:46:08.0938 0x11dc  arc - ok
20:46:08.0992 0x11dc  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:46:09.0041 0x11dc  arcsas - ok
20:46:09.0472 0x11dc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:46:09.0977 0x11dc  aspnet_state - ok
20:46:10.0049 0x11dc  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:11.0154 0x11dc  AsyncMac - ok
20:46:11.0217 0x11dc  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:46:11.0226 0x11dc  atapi - ok
20:46:11.0421 0x11dc  [ A4A081BCF29A13141A02F36E6C19B56C, A1731C26D3927E51D235922DA254E590AA06A6D72A38A025B4F0BECC40A95066 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
20:46:11.0596 0x11dc  ATSwpWDF - ok
20:46:11.0830 0x11dc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:11.0975 0x11dc  AudioEndpointBuilder - ok
20:46:12.0051 0x11dc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:46:12.0097 0x11dc  Audiosrv - ok
20:46:12.0140 0x11dc  [ 7713E4EB0276702FAA08E52A6E23F2A6, 900F320DFF76DF61EF72CC37CB7FC99112B8F487F14438554F6DFD50C48C2D0B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:46:12.0217 0x11dc  avgntflt - ok
20:46:12.0329 0x11dc  [ 13B02B9B969DDE270CD7C351203DAD3C, D395462406229BC30F045C902E48479B37D8B5F19F05592DC8383A16BC0F45F5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:46:12.0434 0x11dc  avipbb - ok
20:46:12.0519 0x11dc  [ 271CFD1A989209B1964E24D969552BF7, 05D2D3DFD9A10B0DFB6DAC324C42C0DD615E90E55796EA0152419DE3ED99B063 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:46:12.0576 0x11dc  avkmgr - ok
20:46:12.0639 0x11dc  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:46:12.0947 0x11dc  AxInstSV - ok
20:46:13.0082 0x11dc  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
20:46:13.0188 0x11dc  b06bdrv - ok
20:46:13.0325 0x11dc  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:46:13.0422 0x11dc  b57nd60x - ok
20:46:13.0689 0x11dc  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:46:13.0803 0x11dc  BDESVC - ok
20:46:13.0893 0x11dc  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:46:13.0970 0x11dc  Beep - ok
20:46:14.0107 0x11dc  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:46:14.0261 0x11dc  BFE - ok
20:46:14.0472 0x11dc  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
20:46:14.0527 0x11dc  BITS - ok
20:46:14.0551 0x11dc  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:14.0605 0x11dc  blbdrive - ok
20:46:14.0808 0x11dc  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:46:14.0823 0x11dc  Bonjour Service - ok
20:46:14.0935 0x11dc  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:46:14.0979 0x11dc  bowser - ok
20:46:15.0033 0x11dc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:46:15.0098 0x11dc  BrFiltLo - ok
20:46:15.0126 0x11dc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:46:15.0246 0x11dc  BrFiltUp - ok
20:46:15.0516 0x11dc  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:46:15.0591 0x11dc  BridgeMP - ok
20:46:15.0698 0x11dc  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:46:15.0782 0x11dc  Browser - ok
20:46:15.0911 0x11dc  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:46:16.0158 0x11dc  Brserid - ok
20:46:16.0229 0x11dc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:16.0308 0x11dc  BrSerWdm - ok
20:46:16.0347 0x11dc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:16.0392 0x11dc  BrUsbMdm - ok
20:46:16.0448 0x11dc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:16.0571 0x11dc  BrUsbSer - ok
20:46:16.0745 0x11dc  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:46:16.0843 0x11dc  BthEnum - ok
20:46:16.0874 0x11dc  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:46:16.0954 0x11dc  BTHMODEM - ok
20:46:16.0998 0x11dc  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:46:17.0070 0x11dc  BthPan - ok
20:46:17.0284 0x11dc  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:46:17.0501 0x11dc  BTHPORT - ok
20:46:17.0568 0x11dc  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:46:17.0681 0x11dc  bthserv - ok
20:46:17.0778 0x11dc  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:46:17.0859 0x11dc  BTHUSB - ok
20:46:18.0080 0x11dc  [ 8059475F9CA375BC8191F8FB72D329A6, 4D6A59D25C49DC03235232C2641C8EEE366E247EFB4E754AD67686EACC150E8B ] c2wts           C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
20:46:18.0102 0x11dc  c2wts - ok
20:46:19.0337 0x11dc  catchme - ok
20:46:19.0369 0x11dc  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:46:19.0447 0x11dc  cdfs - ok
20:46:19.0560 0x11dc  [ 8E543D11392CB8C086B7FF81166E565E, E6E780CA351D6D93278BA2E8ACD8DB6062287015B10CCA12F63787DBA651723E ] cdprku          C:\Windows\system32\Drivers\cdprku.sys
20:46:19.0574 0x11dc  cdprku - ok
20:46:19.0678 0x11dc  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:46:19.0745 0x11dc  cdrom - ok
20:46:19.0826 0x11dc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:46:19.0909 0x11dc  CertPropSvc - ok
20:46:19.0948 0x11dc  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:46:20.0106 0x11dc  circlass - ok
20:46:20.0150 0x11dc  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
20:46:20.0175 0x11dc  CLFS - ok
20:46:20.0311 0x11dc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:20.0492 0x11dc  clr_optimization_v2.0.50727_32 - ok
20:46:20.0610 0x11dc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:20.0925 0x11dc  clr_optimization_v4.0.30319_32 - ok
20:46:20.0995 0x11dc  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:21.0052 0x11dc  CmBatt - ok
20:46:21.0119 0x11dc  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:46:21.0204 0x11dc  cmdide - ok
20:46:21.0350 0x11dc  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:46:21.0704 0x11dc  CNG - ok
20:46:21.0795 0x11dc  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:46:21.0852 0x11dc  Compbatt - ok
20:46:21.0970 0x11dc  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:46:22.0050 0x11dc  CompositeBus - ok
20:46:22.0089 0x11dc  COMSysApp - ok
20:46:22.0121 0x11dc  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:46:22.0212 0x11dc  crcdisk - ok
20:46:22.0307 0x11dc  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:46:22.0373 0x11dc  CryptSvc - ok
20:46:22.0449 0x11dc  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
20:46:22.0566 0x11dc  CSC - ok
20:46:22.0747 0x11dc  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
20:46:22.0876 0x11dc  CscService - ok
20:46:22.0958 0x11dc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:46:23.0031 0x11dc  DcomLaunch - ok
20:46:23.0068 0x11dc  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:46:23.0228 0x11dc  defragsvc - ok
20:46:23.0338 0x11dc  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:46:23.0437 0x11dc  DfsC - ok
20:46:23.0557 0x11dc  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:46:23.0625 0x11dc  Dhcp - ok
20:46:23.0649 0x11dc  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:46:23.0713 0x11dc  discache - ok
20:46:24.0203 0x11dc  [ F38DBF09A4A37C1C38FDF48204AA746E, CC2EAD68872256BBBEB5F1A1B04C83E091A39FF63471B5564DBD494B01E45BAE ] DiscoveryClientAgent C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe
20:46:24.0248 0x11dc  DiscoveryClientAgent - ok
20:46:24.0405 0x11dc  [ D9AE447217E40C3C18A1AAC85C7BBCFE, 141061979FD6F68DD25C5B501C56307ADDB8CE94E4F9A97C7909D004EF1C8288 ] DiscoveryIPTransferAgent C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe
20:46:24.0428 0x11dc  DiscoveryIPTransferAgent - ok
20:46:24.0583 0x11dc  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
20:46:24.0645 0x11dc  Disk - ok
20:46:24.0676 0x11dc  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:46:24.0810 0x11dc  dmvsc - ok
20:46:24.0913 0x11dc  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:46:25.0018 0x11dc  Dnscache - ok
20:46:25.0085 0x11dc  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:46:25.0182 0x11dc  dot3svc - ok
20:46:25.0278 0x11dc  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:46:25.0358 0x11dc  DPS - ok
20:46:25.0462 0x11dc  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:46:25.0554 0x11dc  drmkaud - ok
20:46:25.0758 0x11dc  DSM_Remote_Service - ok
20:46:25.0810 0x11dc  [ 3338D8E7346F9E6FF1A65132E91569CD, 20D15152EE77EDF91C31F14C96BC89A5BAA0CC1476A696B5DFD899851BF0AB31 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
20:46:25.0856 0x11dc  dsNcAdpt - ok
20:46:26.0126 0x11dc  [ D85FA0C4705E95BD23589EB097D55113, CEDB1D264E80096FB5CDFD51A2BC3A85853806C86A0E0A1D314B822C04BC8607 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
20:46:26.0159 0x11dc  dsNcService - ok
20:46:26.0236 0x11dc  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:46:26.0367 0x11dc  DXGKrnl - ok
20:46:26.0488 0x11dc  [ BFD58DE8912EAB4F9995A8ADD08BC51C, FDC6F75AF92C680B969E3E5640B1281D35D016E29D086866C16C6C1F278FF4DB ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
20:46:26.0554 0x11dc  e1kexpress - ok
20:46:26.0660 0x11dc  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:46:26.0766 0x11dc  EapHost - ok
20:46:27.0129 0x11dc  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
20:46:27.0433 0x11dc  ebdrv - ok
20:46:27.0495 0x11dc  [ E922BC274FBD736B41020872C8AAC390, 32152BFAF162BFE3DB1EA775373EA7BDDF16641A1C687A2D138A8485DF0DB819 ] ecnssndis       C:\Windows\system32\Drivers\wwanuss.sys
20:46:27.0517 0x11dc  ecnssndis - ok
20:46:27.0570 0x11dc  [ 15CA5CD73A30398C89247B3C5E933044, 06A4857DAA3A9F780F09CF4799F38B9A6BA5C6BB50FA0FD2C6B62E29E307103D ] ecnssndisfltr   C:\Windows\system32\Drivers\wwanussf.sys
20:46:27.0585 0x11dc  ecnssndisfltr - ok
20:46:27.0656 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
20:46:27.0712 0x11dc  EFS - ok
20:46:27.0912 0x11dc  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:46:28.0021 0x11dc  ehRecvr - ok
20:46:28.0068 0x11dc  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:46:28.0152 0x11dc  ehSched - ok
20:46:28.0245 0x11dc  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:46:28.0362 0x11dc  elxstor - ok
20:46:28.0410 0x11dc  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:46:28.0445 0x11dc  ErrDev - ok
20:46:28.0611 0x11dc  [ 30E20C18B0DC2CAB38451B95D8B14C26, 4DFA7D9C121E15F4FF5A19D394677302E480718A5432E5CA90E62CEEF65B01E6 ] ersupext        C:\Program Files\NetInst\mgmtagnt.exe
20:46:28.0634 0x11dc  ersupext - ok
20:46:28.0750 0x11dc  [ 30E20C18B0DC2CAB38451B95D8B14C26, 4DFA7D9C121E15F4FF5A19D394677302E480718A5432E5CA90E62CEEF65B01E6 ] esiCore         C:\Program Files\NetInst\mgmtagnt.exe
20:46:28.0767 0x11dc  esiCore - ok
20:46:28.0929 0x11dc  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:46:29.0112 0x11dc  EventSystem - ok
20:46:29.0185 0x11dc  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:46:29.0232 0x11dc  exfat - ok
20:46:29.0357 0x11dc  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:46:29.0475 0x11dc  fastfat - ok
20:46:29.0594 0x11dc  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:46:29.0709 0x11dc  Fax - ok
20:46:29.0743 0x11dc  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
20:46:29.0878 0x11dc  fdc - ok
20:46:29.0962 0x11dc  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:46:30.0029 0x11dc  fdPHost - ok
20:46:30.0076 0x11dc  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:46:30.0123 0x11dc  FDResPub - ok
20:46:30.0196 0x11dc  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:46:30.0259 0x11dc  FileInfo - ok
20:46:30.0289 0x11dc  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:46:30.0466 0x11dc  Filetrace - ok
20:46:30.0494 0x11dc  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:46:30.0523 0x11dc  flpydisk - ok
20:46:30.0604 0x11dc  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:46:30.0635 0x11dc  FltMgr - ok
20:46:30.0915 0x11dc  [ AE4A64971268FAC8AEA0D0EFCE06BBE8, C1528A25FA771AE2866890AC03DF520739C6580F7DF0083B50D221C60BD0EE50 ] FontCache       C:\Windows\system32\FntCache.dll
20:46:31.0089 0x11dc  FontCache - ok
20:46:31.0256 0x11dc  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:31.0278 0x11dc  FontCache3.0.0.0 - ok
20:46:31.0305 0x11dc  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:46:31.0346 0x11dc  FsDepends - ok
20:46:31.0421 0x11dc  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:46:31.0464 0x11dc  Fs_Rec - ok
20:46:31.0534 0x11dc  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:46:31.0580 0x11dc  fvevol - ok
20:46:31.0690 0x11dc  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:46:31.0767 0x11dc  gagp30kx - ok
20:46:31.0931 0x11dc  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:31.0984 0x11dc  GEARAspiWDM - ok
20:46:32.0286 0x11dc  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:46:32.0413 0x11dc  gpsvc - ok
20:46:32.0735 0x11dc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:32.0754 0x11dc  gupdate - ok
20:46:32.0921 0x11dc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:32.0938 0x11dc  gupdatem - ok
20:46:32.0995 0x11dc  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:46:33.0190 0x11dc  hcw85cir - ok
20:46:33.0306 0x11dc  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:33.0505 0x11dc  HdAudAddService - ok
20:46:33.0605 0x11dc  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:46:33.0666 0x11dc  HDAudBus - ok
20:46:33.0783 0x11dc  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
20:46:33.0898 0x11dc  HECI - ok
20:46:33.0961 0x11dc  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:46:34.0066 0x11dc  HidBatt - ok
20:46:34.0153 0x11dc  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:46:34.0221 0x11dc  HidBth - ok
20:46:34.0335 0x11dc  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:46:34.0460 0x11dc  HidIr - ok
20:46:34.0526 0x11dc  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
20:46:34.0626 0x11dc  hidserv - ok
20:46:34.0791 0x11dc  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:46:34.0923 0x11dc  HidUsb - ok
20:46:35.0003 0x11dc  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:46:35.0058 0x11dc  hkmsvc - ok
20:46:35.0118 0x11dc  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:35.0211 0x11dc  HomeGroupListener - ok
20:46:35.0307 0x11dc  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:35.0382 0x11dc  HomeGroupProvider - ok
20:46:35.0514 0x11dc  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:46:35.0586 0x11dc  HpSAMD - ok
20:46:35.0632 0x11dc  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:46:35.0688 0x11dc  HTTP - ok
20:46:35.0698 0x11dc  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:46:35.0707 0x11dc  hwpolicy - ok
20:46:35.0753 0x11dc  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:46:35.0798 0x11dc  i8042prt - ok
20:46:35.0957 0x11dc  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:46:36.0094 0x11dc  iaStorV - ok
20:46:36.0343 0x11dc  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:36.0438 0x11dc  idsvc - ok
20:46:37.0880 0x11dc  [ DB7413CF09D74231720F78737DCF4188, 1388BD066B88830DE5D6487E511D53139267072E8A99AE5007210BA2C730202C ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:46:38.0695 0x11dc  igfx - ok
20:46:38.0836 0x11dc  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:46:38.0921 0x11dc  iirsp - ok
20:46:39.0114 0x11dc  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:46:39.0186 0x11dc  IKEEXT - ok
20:46:39.0283 0x11dc  [ E3C36AC5AE87EC970AE8EA2A93D59AE1, 8403A5243DF38EFC35A0200760EC081E42467744AF25A1F2168D5A8198AF6A5B ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:46:39.0399 0x11dc  Impcd - ok
20:46:39.0551 0x11dc  [ AF6D1E38BCE11DABA4C01D6A6DE94410, 0913444FE63FF47C99A3F002368C05574DE9AE7973CA5832FFC6C88F9F12B574 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:46:39.0687 0x11dc  IntcDAud - ok
20:46:39.0767 0x11dc  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:46:39.0792 0x11dc  intelide - ok
20:46:39.0934 0x11dc  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:46:39.0946 0x11dc  intelppm - ok
20:46:40.0058 0x11dc  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:46:40.0248 0x11dc  IPBusEnum - ok
20:46:40.0348 0x11dc  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:40.0890 0x11dc  IpFilterDriver - ok
20:46:41.0001 0x11dc  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:46:41.0113 0x11dc  iphlpsvc - ok
20:46:41.0173 0x11dc  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:46:41.0233 0x11dc  IPMIDRV - ok
20:46:41.0295 0x11dc  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:46:41.0422 0x11dc  IPNAT - ok
20:46:41.0738 0x11dc  [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:46:41.0765 0x11dc  iPod Service - ok
20:46:41.0828 0x11dc  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:46:41.0932 0x11dc  IRENUM - ok
20:46:42.0024 0x11dc  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:46:42.0071 0x11dc  isapnp - ok
20:46:42.0144 0x11dc  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:46:42.0256 0x11dc  iScsiPrt - ok
20:46:42.0504 0x11dc  [ 435D9A74B6C512C9542E295C18B20E5A, 43913EE2952E1EBB7D62FDD35295ACCF89C43BCBA89F489DCC569B5654087AF0 ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
20:46:42.0567 0x11dc  JuniperAccessService - ok
20:46:42.0644 0x11dc  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:42.0689 0x11dc  kbdclass - ok
20:46:42.0754 0x11dc  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:42.0811 0x11dc  kbdhid - ok
20:46:42.0858 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
20:46:42.0871 0x11dc  KeyIso - ok
20:46:42.0919 0x11dc  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:46:42.0951 0x11dc  KSecDD - ok
20:46:43.0010 0x11dc  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:46:43.0073 0x11dc  KSecPkg - ok
20:46:43.0198 0x11dc  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:46:43.0287 0x11dc  KtmRm - ok
20:46:43.0389 0x11dc  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:46:43.0455 0x11dc  LanmanServer - ok
20:46:43.0522 0x11dc  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:43.0559 0x11dc  LanmanWorkstation - ok
20:46:43.0627 0x11dc  [ EE7C7014ADFD25D8E9AA05075CDBD057, FE724D2BDA8D4E0BB819C05B31DF31A453FCC4C7EEDF57314B597754F57F97C2 ] LanProbe        C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe
20:46:43.0643 0x11dc  LanProbe - detected UnsignedFile.Multi.Generic ( 1 )
20:46:43.0865 0x11dc  LanProbe ( UnsignedFile.Multi.Generic ) - warning
20:46:44.0216 0x11dc  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:46:44.0321 0x11dc  lltdio - ok
20:46:44.0477 0x11dc  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:46:44.0527 0x11dc  lltdsvc - ok
20:46:44.0538 0x11dc  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:46:44.0620 0x11dc  lmhosts - ok
20:46:44.0702 0x11dc  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:46:44.0757 0x11dc  LSI_FC - ok
20:46:44.0814 0x11dc  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:46:44.0924 0x11dc  LSI_SAS - ok
20:46:44.0947 0x11dc  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:46:44.0974 0x11dc  LSI_SAS2 - ok
20:46:45.0017 0x11dc  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:46:45.0082 0x11dc  LSI_SCSI - ok
20:46:45.0114 0x11dc  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:46:45.0224 0x11dc  luafv - ok
20:46:45.0312 0x11dc  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:46:45.0425 0x11dc  Mcx2Svc - ok
20:46:45.0464 0x11dc  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:46:45.0500 0x11dc  megasas - ok
20:46:45.0591 0x11dc  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:46:45.0757 0x11dc  MegaSR - ok
20:46:46.0156 0x11dc  Microsoft SharePoint Workspace Audit Service - ok
20:46:46.0228 0x11dc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:46:46.0331 0x11dc  MMCSS - ok
20:46:46.0385 0x11dc  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:46:46.0456 0x11dc  Modem - ok
20:46:46.0499 0x11dc  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:46:46.0548 0x11dc  monitor - ok
20:46:46.0628 0x11dc  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:46:46.0818 0x11dc  mouclass - ok
20:46:46.0959 0x11dc  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:46:47.0085 0x11dc  mouhid - ok
20:46:47.0169 0x11dc  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:46:47.0193 0x11dc  mountmgr - ok
20:46:47.0361 0x11dc  [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:46:47.0385 0x11dc  MozillaMaintenance - ok
20:46:47.0433 0x11dc  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:46:47.0527 0x11dc  mpio - ok
20:46:47.0600 0x11dc  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:46:47.0665 0x11dc  mpsdrv - ok
20:46:47.0803 0x11dc  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:46:47.0877 0x11dc  MpsSvc - ok
20:46:47.0944 0x11dc  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:46:48.0115 0x11dc  MRxDAV - ok
20:46:48.0266 0x11dc  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:48.0363 0x11dc  mrxsmb - ok
20:46:48.0458 0x11dc  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:48.0625 0x11dc  mrxsmb10 - ok
20:46:48.0672 0x11dc  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:48.0768 0x11dc  mrxsmb20 - ok
20:46:48.0833 0x11dc  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:46:48.0913 0x11dc  msahci - ok
20:46:48.0998 0x11dc  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:46:49.0055 0x11dc  msdsm - ok
20:46:49.0143 0x11dc  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:46:49.0183 0x11dc  MSDTC - ok
20:46:49.0239 0x11dc  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:46:49.0387 0x11dc  Msfs - ok
20:46:49.0438 0x11dc  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:46:49.0564 0x11dc  mshidkmdf - ok
20:46:49.0591 0x11dc  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:46:49.0721 0x11dc  msisadrv - ok
20:46:49.0798 0x11dc  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:46:49.0992 0x11dc  MSiSCSI - ok
20:46:49.0996 0x11dc  msiserver - ok
20:46:50.0070 0x11dc  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:46:50.0131 0x11dc  MSKSSRV - ok
20:46:50.0249 0x11dc  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:50.0330 0x11dc  MSPCLOCK - ok
20:46:50.0374 0x11dc  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:46:50.0495 0x11dc  MSPQM - ok
20:46:50.0592 0x11dc  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:46:50.0659 0x11dc  MsRPC - ok
20:46:50.0685 0x11dc  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:46:50.0699 0x11dc  mssmbios - ok
20:46:50.0770 0x11dc  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:46:50.0835 0x11dc  MSTEE - ok
20:46:50.0892 0x11dc  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:46:50.0970 0x11dc  MTConfig - ok
20:46:51.0009 0x11dc  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:46:51.0050 0x11dc  Mup - ok
20:46:51.0140 0x11dc  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:46:51.0215 0x11dc  napagent - ok
20:46:51.0324 0x11dc  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:46:51.0575 0x11dc  NativeWifiP - ok
20:46:51.0700 0x11dc  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:46:51.0752 0x11dc  NDIS - ok
20:46:51.0794 0x11dc  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:51.0906 0x11dc  NdisCap - ok
20:46:51.0972 0x11dc  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:52.0062 0x11dc  NdisTapi - ok
20:46:52.0106 0x11dc  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:52.0236 0x11dc  Ndisuio - ok
20:46:52.0258 0x11dc  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:52.0365 0x11dc  NdisWan - ok
20:46:52.0416 0x11dc  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:46:52.0529 0x11dc  NDProxy - ok
20:46:52.0617 0x11dc  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:46:52.0652 0x11dc  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:46:52.0914 0x11dc  Detect skipped due to KSN trusted
20:46:52.0914 0x11dc  Net Driver HPZ12 - ok
20:46:53.0075 0x11dc  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
20:46:53.0168 0x11dc  Netaapl - ok
20:46:53.0247 0x11dc  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:46:53.0328 0x11dc  NetBIOS - ok
20:46:53.0389 0x11dc  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:46:53.0480 0x11dc  NetBT - ok
20:46:53.0501 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
20:46:53.0513 0x11dc  Netlogon - ok
20:46:53.0572 0x11dc  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:46:53.0650 0x11dc  Netman - ok
20:46:53.0774 0x11dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:53.0861 0x11dc  NetMsmqActivator - ok
20:46:53.0888 0x11dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:53.0902 0x11dc  NetPipeActivator - ok
20:46:53.0989 0x11dc  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:46:54.0222 0x11dc  netprofm - ok
20:46:54.0262 0x11dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:54.0274 0x11dc  NetTcpActivator - ok
20:46:54.0284 0x11dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:54.0299 0x11dc  NetTcpPortSharing - ok
20:46:55.0361 0x11dc  [ 29E4F23D31FB66C7BF0014D36CF5AF2A, 8BA5740C4FEDF93597E01F081B7EE7297B3F3E23051C968A570D309548D365EF ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
20:46:55.0810 0x11dc  NETwNs32 - ok
20:46:55.0901 0x11dc  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:46:55.0948 0x11dc  nfrd960 - ok
20:46:56.0040 0x11dc  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:46:56.0133 0x11dc  NlaSvc - ok
20:46:56.0172 0x11dc  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:46:56.0221 0x11dc  Npfs - ok
20:46:56.0246 0x11dc  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:46:56.0288 0x11dc  nsi - ok
20:46:56.0309 0x11dc  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:46:56.0331 0x11dc  nsiproxy - ok
20:46:56.0604 0x11dc  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:46:56.0747 0x11dc  Ntfs - ok
20:46:56.0814 0x11dc  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:46:56.0925 0x11dc  Null - ok
20:46:56.0994 0x11dc  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:46:57.0029 0x11dc  nvraid - ok
20:46:57.0087 0x11dc  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:46:57.0137 0x11dc  nvstor - ok
20:46:57.0186 0x11dc  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:46:57.0225 0x11dc  nv_agp - ok
20:46:57.0288 0x11dc  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:46:57.0425 0x11dc  ohci1394 - ok
20:46:57.0566 0x11dc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:57.0597 0x11dc  ose - ok
20:46:58.0334 0x11dc  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:58.0533 0x11dc  osppsvc - ok
20:46:58.0636 0x11dc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:46:58.0734 0x11dc  p2pimsvc - ok
20:46:58.0911 0x11dc  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:46:59.0174 0x11dc  p2psvc - ok
20:46:59.0228 0x11dc  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
20:46:59.0319 0x11dc  Parport - ok
20:46:59.0426 0x11dc  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:46:59.0461 0x11dc  partmgr - ok
20:46:59.0486 0x11dc  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:46:59.0555 0x11dc  Parvdm - ok
20:46:59.0652 0x11dc  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:46:59.0679 0x11dc  PcaSvc - ok
20:46:59.0726 0x11dc  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:46:59.0797 0x11dc  pci - ok
20:46:59.0873 0x11dc  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:46:59.0912 0x11dc  pciide - ok
20:47:00.0000 0x11dc  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:47:00.0067 0x11dc  pcmcia - ok
20:47:00.0110 0x11dc  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:47:00.0197 0x11dc  pcw - ok
20:47:00.0320 0x11dc  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:47:00.0575 0x11dc  PEAUTH - ok
20:47:00.0740 0x11dc  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:47:00.0861 0x11dc  PeerDistSvc - ok
20:47:01.0159 0x11dc  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:47:01.0424 0x11dc  pla - ok
20:47:01.0627 0x11dc  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:47:01.0759 0x11dc  PlugPlay - ok
20:47:01.0840 0x11dc  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:47:01.0876 0x11dc  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:47:11.0877 0x11dc  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:47:13.0102 0x11dc  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:47:13.0255 0x11dc  PNRPAutoReg - ok
20:47:13.0287 0x11dc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:47:13.0367 0x11dc  PNRPsvc - ok
20:47:13.0524 0x11dc  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:47:13.0877 0x11dc  PolicyAgent - ok
20:47:14.0016 0x11dc  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:47:14.0132 0x11dc  Power - ok
20:47:14.0204 0x11dc  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:47:14.0575 0x11dc  PptpMiniport - ok
20:47:14.0590 0x11dc  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
20:47:14.0749 0x11dc  Processor - ok
20:47:14.0849 0x11dc  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:47:14.0971 0x11dc  ProfSvc - ok
20:47:14.0986 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:14.0999 0x11dc  ProtectedStorage - ok
20:47:15.0051 0x11dc  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:47:15.0126 0x11dc  Psched - ok
20:47:15.0407 0x11dc  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
20:47:15.0534 0x11dc  PSI - ok
20:47:16.0028 0x11dc  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:47:16.0361 0x11dc  ql2300 - ok
20:47:16.0424 0x11dc  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:47:16.0544 0x11dc  ql40xx - ok
20:47:16.0710 0x11dc  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:47:16.0894 0x11dc  QWAVE - ok
20:47:16.0946 0x11dc  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:47:17.0115 0x11dc  QWAVEdrv - ok
20:47:17.0210 0x11dc  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:47:17.0381 0x11dc  RasAcd - ok
20:47:17.0509 0x11dc  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:17.0610 0x11dc  RasAgileVpn - ok
20:47:17.0667 0x11dc  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:47:17.0850 0x11dc  RasAuto - ok
20:47:17.0948 0x11dc  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:18.0117 0x11dc  Rasl2tp - ok
20:47:18.0224 0x11dc  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:47:18.0343 0x11dc  RasMan - ok
20:47:18.0466 0x11dc  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:18.0513 0x11dc  RasPppoe - ok
20:47:18.0600 0x11dc  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:47:18.0691 0x11dc  RasSstp - ok
20:47:18.0752 0x11dc  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:47:19.0078 0x11dc  rdbss - ok
20:47:19.0138 0x11dc  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:19.0292 0x11dc  rdpbus - ok
20:47:19.0353 0x11dc  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:19.0428 0x11dc  RDPCDD - ok
20:47:19.0487 0x11dc  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:47:19.0601 0x11dc  RDPDR - ok
20:47:19.0642 0x11dc  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:47:19.0703 0x11dc  RDPENCDD - ok
20:47:19.0771 0x11dc  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:47:19.0817 0x11dc  RDPREFMP - ok
20:47:19.0915 0x11dc  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:47:20.0025 0x11dc  RDPWD - ok
20:47:20.0161 0x11dc  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:47:20.0316 0x11dc  rdyboost - ok
20:47:20.0509 0x11dc  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:47:20.0637 0x11dc  RemoteAccess - ok
20:47:20.0728 0x11dc  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:47:20.0870 0x11dc  RemoteRegistry - ok
20:47:21.0115 0x11dc  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:47:21.0217 0x11dc  RFCOMM - ok
20:47:21.0341 0x11dc  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:47:21.0401 0x11dc  RpcEptMapper - ok
20:47:21.0521 0x11dc  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:47:21.0593 0x11dc  RpcLocator - ok
20:47:21.0796 0x11dc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
20:47:21.0841 0x11dc  RpcSs - ok
20:47:21.0987 0x11dc  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:47:22.0104 0x11dc  rspndr - ok
20:47:22.0185 0x11dc  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:47:22.0254 0x11dc  s3cap - ok
20:47:22.0270 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
20:47:22.0281 0x11dc  SamSs - ok
20:47:22.0322 0x11dc  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:47:22.0411 0x11dc  sbp2port - ok
20:47:22.0508 0x11dc  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:47:22.0650 0x11dc  SCardSvr - ok
20:47:22.0676 0x11dc  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:47:22.0773 0x11dc  scfilter - ok
20:47:23.0055 0x11dc  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
20:47:23.0128 0x11dc  Schedule - ok
20:47:23.0223 0x11dc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:47:23.0250 0x11dc  SCPolicySvc - ok
20:47:23.0363 0x11dc  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:47:23.0407 0x11dc  sdbus - ok
20:47:23.0484 0x11dc  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:47:23.0612 0x11dc  SDRSVC - ok
20:47:23.0668 0x11dc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:47:23.0739 0x11dc  secdrv - ok
20:47:23.0777 0x11dc  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
20:47:23.0896 0x11dc  seclogon - ok
20:47:24.0489 0x11dc  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
20:47:24.0529 0x11dc  Secunia PSI Agent - ok
20:47:24.0849 0x11dc  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
20:47:24.0930 0x11dc  Secunia Update Agent - ok
20:47:25.0048 0x11dc  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
20:47:25.0101 0x11dc  SENS - ok
20:47:25.0131 0x11dc  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:47:25.0244 0x11dc  SensrSvc - ok
20:47:25.0269 0x11dc  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:47:25.0354 0x11dc  Serenum - ok
20:47:25.0447 0x11dc  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
20:47:25.0548 0x11dc  Serial - ok
20:47:25.0657 0x11dc  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:47:25.0740 0x11dc  sermouse - ok
20:47:25.0900 0x11dc  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:47:25.0966 0x11dc  SessionEnv - ok
20:47:25.0999 0x11dc  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:47:26.0103 0x11dc  sffdisk - ok
20:47:26.0147 0x11dc  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:47:26.0215 0x11dc  sffp_mmc - ok
20:47:26.0263 0x11dc  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:47:26.0370 0x11dc  sffp_sd - ok
20:47:26.0392 0x11dc  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:47:26.0439 0x11dc  sfloppy - ok
20:47:26.0556 0x11dc  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:47:26.0780 0x11dc  SharedAccess - ok
20:47:26.0917 0x11dc  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:47:27.0020 0x11dc  ShellHWDetection - ok
20:47:27.0105 0x11dc  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:47:27.0223 0x11dc  sisagp - ok
20:47:27.0687 0x11dc  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:47:27.0753 0x11dc  SiSRaid2 - ok
20:47:27.0815 0x11dc  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:47:28.0041 0x11dc  SiSRaid4 - ok
20:47:28.0332 0x11dc  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:47:28.0363 0x11dc  SkypeUpdate - ok
20:47:28.0405 0x11dc  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:47:28.0615 0x11dc  Smb - ok
20:47:28.0770 0x11dc  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:47:28.0792 0x11dc  SNMPTRAP - ok
20:47:28.0876 0x11dc  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:47:28.0972 0x11dc  spldr - ok
20:47:29.0099 0x11dc  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:47:29.0244 0x11dc  Spooler - ok
20:47:30.0114 0x11dc  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:47:30.0286 0x11dc  sppsvc - ok
20:47:30.0307 0x11dc  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:47:30.0411 0x11dc  sppuinotify - ok
20:47:30.0463 0x11dc  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:47:30.0756 0x11dc  srv - ok
20:47:30.0949 0x11dc  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:47:31.0149 0x11dc  srv2 - ok
20:47:31.0196 0x11dc  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:47:31.0243 0x11dc  srvnet - ok
20:47:31.0356 0x11dc  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:47:31.0422 0x11dc  SSDPSRV - ok
20:47:31.0488 0x11dc  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:47:31.0548 0x11dc  ssmdrv - ok
20:47:31.0641 0x11dc  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:47:31.0757 0x11dc  SstpSvc - ok
20:47:31.0788 0x11dc  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:47:31.0870 0x11dc  stexstor - ok
20:47:32.0081 0x11dc  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:47:32.0263 0x11dc  StiSvc - ok
20:47:32.0290 0x11dc  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:47:32.0389 0x11dc  storflt - ok
20:47:32.0426 0x11dc  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
20:47:32.0589 0x11dc  StorSvc - ok
20:47:32.0654 0x11dc  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:47:32.0730 0x11dc  storvsc - ok
20:47:32.0757 0x11dc  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:47:32.0804 0x11dc  swenum - ok
20:47:32.0951 0x11dc  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:47:33.0134 0x11dc  swprv - ok
20:47:33.0499 0x11dc  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
20:47:33.0682 0x11dc  SysMain - ok
20:47:33.0934 0x11dc  [ 65AD1A1B8B02D4D1400C359F83313349, 95492C144CA1852BA0CCA0F7E00EBEBECF461B2FE84F8B8DBD163021F0B88E94 ] t36gbus         C:\Windows\system32\DRIVERS\t36gbus.sys
20:47:34.0123 0x11dc  t36gbus - ok
20:47:34.0199 0x11dc  [ F8B55112BBE1535BF8D3E311150F161F, 89A30C87D2E8A87447B31E3D83C0B9D3AA790832B60CF7A628DB4A2FF51AC9D6 ] t36gmdfl        C:\Windows\system32\DRIVERS\t36gmdfl.sys
20:47:34.0236 0x11dc  t36gmdfl - ok
20:47:34.0329 0x11dc  [ D3F4190F51DC950EF3FE3FD34A9A90CC, 47247E53B0EE9BB67604A7FE7D173435ED5E7240864495DE25C785DA4CAB3257 ] t36gmdm         C:\Windows\system32\DRIVERS\t36gmdm.sys
20:47:34.0505 0x11dc  t36gmdm - ok
20:47:34.0650 0x11dc  [ E4FBEC3C11EB1EAA9961F8D8C9C6FA24, 26EF58B94CA3253994C07BBF6F1694D61E991D4E783346A296EE81AE9AA9E00D ] t36gmgmt        C:\Windows\system32\DRIVERS\t36gmgmt.sys
20:47:34.0782 0x11dc  t36gmgmt - ok
20:47:34.0835 0x11dc  [ 5C27B8348904743DE7B028B9EAA4430D, 7D554ED8846CC988C6AE3386804541504C3A8F0EE02148CA41284CC1AA614FB6 ] t36wgps         C:\Windows\system32\DRIVERS\t36wgps.sys
20:47:34.0888 0x11dc  t36wgps - ok
20:47:34.0948 0x11dc  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:47:35.0032 0x11dc  TabletInputService - ok
20:47:35.0101 0x11dc  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:47:35.0236 0x11dc  TapiSrv - ok
20:47:35.0294 0x11dc  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
20:47:35.0386 0x11dc  TBS - ok
20:47:35.0800 0x11dc  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:47:36.0117 0x11dc  Tcpip - ok
20:47:36.0490 0x11dc  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:47:36.0523 0x11dc  TCPIP6 - ok
20:47:36.0615 0x11dc  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:47:36.0729 0x11dc  tcpipreg - ok
20:47:36.0834 0x11dc  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:47:36.0980 0x11dc  TDPIPE - ok
20:47:37.0040 0x11dc  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:47:37.0128 0x11dc  TDTCP - ok
20:47:37.0170 0x11dc  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:47:37.0214 0x11dc  tdx - ok
20:47:37.0272 0x11dc  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:47:37.0370 0x11dc  TermDD - ok
20:47:37.0567 0x11dc  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
20:47:37.0649 0x11dc  TermService - ok
20:47:37.0694 0x11dc  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
20:47:37.0773 0x11dc  Themes - ok
20:47:37.0833 0x11dc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:47:37.0858 0x11dc  THREADORDER - ok
20:47:38.0234 0x11dc  [ 0FF4C65E18D884955D76D90CDF2ED6A9, EA675171EDC8719E9D235C606A901C3995E45C7AFD0C0D38630E118587153360 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
20:47:38.0262 0x11dc  TosCoSrv - ok
20:47:38.0760 0x11dc  [ CF3AE1FE5D5D55747F1338DE5C07852A, 97269446847B8F2A9D621FBF7845360DF8D595787102291C6F03AB9A84D67A7F ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:47:38.0780 0x11dc  TOSHIBA Bluetooth Service - ok
20:47:38.0821 0x11dc  Tosrfcom - ok
20:47:39.0000 0x11dc  [ 9EE240F7029771B21CC6200BE6516D60, BF0ADEDE8D2EBDD081A0B0C68FFF36BB2EF50D79C5C709E21CC0D4C46F173794 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
20:47:39.0037 0x11dc  tosrfec - ok
20:47:39.0128 0x11dc  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
20:47:39.0277 0x11dc  TPM - ok
20:47:39.0408 0x11dc  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:47:39.0500 0x11dc  TrkWks - ok
20:47:39.0724 0x11dc  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:47:39.0797 0x11dc  TrustedInstaller - ok
20:47:39.0874 0x11dc  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:39.0968 0x11dc  tssecsrv - ok
20:47:40.0004 0x11dc  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:47:40.0210 0x11dc  TsUsbFlt - ok
20:47:40.0304 0x11dc  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:47:40.0390 0x11dc  TsUsbGD - ok
20:47:40.0492 0x11dc  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:47:40.0662 0x11dc  tunnel - ok
20:47:40.0748 0x11dc  [ 6E614DF4E1110DCF61B335EE02A34954, C16EE8DF86FA78C997EE9DB21A8EA49ACC7EB1DF5A3D2FCD4F2CC2CBA625AA75 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ.SYS
20:47:40.0869 0x11dc  TVALZ - ok
20:47:41.0722 0x11dc  TW3GSVC - ok
20:47:41.0807 0x11dc  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:47:41.0875 0x11dc  uagp35 - ok
20:47:41.0915 0x11dc  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:47:42.0147 0x11dc  udfs - ok
20:47:42.0234 0x11dc  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:47:42.0268 0x11dc  UI0Detect - ok
20:47:42.0400 0x11dc  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:47:42.0475 0x11dc  uliagpkx - ok
20:47:42.0606 0x11dc  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:47:42.0780 0x11dc  umbus - ok
20:47:42.0885 0x11dc  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:47:43.0014 0x11dc  UmPass - ok
20:47:43.0063 0x11dc  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:47:43.0226 0x11dc  UmRdpService - ok
20:47:43.0372 0x11dc  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:47:43.0593 0x11dc  upnphost - ok
20:47:43.0740 0x11dc  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
20:47:43.0920 0x11dc  USBAAPL - ok
20:47:44.0138 0x11dc  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:47:44.0297 0x11dc  usbaudio - ok
20:47:44.0346 0x11dc  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:44.0466 0x11dc  usbccgp - ok
20:47:44.0542 0x11dc  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:47:44.0625 0x11dc  usbcir - ok
20:47:44.0682 0x11dc  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:47:44.0721 0x11dc  usbehci - ok
20:47:44.0862 0x11dc  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:47:45.0050 0x11dc  usbhub - ok
20:47:45.0113 0x11dc  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:47:45.0210 0x11dc  usbohci - ok
20:47:45.0330 0x11dc  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:47:45.0423 0x11dc  usbprint - ok
20:47:45.0542 0x11dc  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
20:47:45.0592 0x11dc  usbscan - ok
20:47:45.0703 0x11dc  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:45.0819 0x11dc  USBSTOR - ok
20:47:45.0859 0x11dc  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:47:45.0967 0x11dc  usbuhci - ok
20:47:46.0134 0x11dc  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:47:46.0314 0x11dc  usbvideo - ok
20:47:46.0403 0x11dc  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:47:46.0507 0x11dc  UxSms - ok
20:47:46.0521 0x11dc  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
20:47:46.0532 0x11dc  VaultSvc - ok
20:47:46.0648 0x11dc  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:47:46.0709 0x11dc  vdrvroot - ok
20:47:46.0863 0x11dc  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:47:46.0971 0x11dc  vds - ok
20:47:47.0053 0x11dc  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:47.0136 0x11dc  vga - ok
20:47:47.0159 0x11dc  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:47:47.0298 0x11dc  VgaSave - ok
20:47:47.0331 0x11dc  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:47:47.0472 0x11dc  vhdmp - ok
20:47:47.0517 0x11dc  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:47:47.0564 0x11dc  viaagp - ok
20:47:47.0628 0x11dc  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:47:47.0728 0x11dc  ViaC7 - ok
20:47:47.0937 0x11dc  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:47:48.0011 0x11dc  viaide - ok
20:47:48.0081 0x11dc  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:47:48.0212 0x11dc  vmbus - ok
20:47:48.0238 0x11dc  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:47:48.0269 0x11dc  VMBusHID - ok
20:47:48.0285 0x11dc  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:47:48.0373 0x11dc  volmgr - ok
20:47:48.0427 0x11dc  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:47:48.0445 0x11dc  volmgrx - ok
20:47:48.0538 0x11dc  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:47:48.0770 0x11dc  volsnap - ok
20:47:49.0078 0x11dc  [ 8CA9793CBEE993660FF7FC2769A4E252, 6F9D6ADB61CA36913D0EB0BE5C1ACAA1C325437C13F030DC137C3E6BB1C788B7 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:47:49.0159 0x11dc  vpnagent - ok
20:47:49.0201 0x11dc  [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
20:47:49.0287 0x11dc  vpnva - ok
20:47:49.0433 0x11dc  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:47:49.0480 0x11dc  vsmraid - ok
20:47:49.0901 0x11dc  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:47:50.0036 0x11dc  VSS - ok
20:47:50.0067 0x11dc  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:47:50.0158 0x11dc  vwifibus - ok
20:47:50.0224 0x11dc  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:47:50.0339 0x11dc  vwififlt - ok
20:47:50.0443 0x11dc  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:47:50.0472 0x11dc  vwifimp - ok
20:47:50.0599 0x11dc  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:47:50.0653 0x11dc  W32Time - ok
20:47:50.0679 0x11dc  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:47:50.0824 0x11dc  WacomPen - ok
20:47:50.0953 0x11dc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:47:51.0065 0x11dc  WANARP - ok
20:47:51.0074 0x11dc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:47:51.0097 0x11dc  Wanarpv6 - ok
20:47:51.0529 0x11dc  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:47:51.0609 0x11dc  wbengine - ok
20:47:51.0678 0x11dc  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:47:51.0777 0x11dc  WbioSrvc - ok
20:47:51.0872 0x11dc  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:47:52.0002 0x11dc  wcncsvc - ok
20:47:52.0090 0x11dc  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:47:52.0271 0x11dc  WcsPlugInService - ok
20:47:52.0343 0x11dc  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
20:47:52.0406 0x11dc  Wd - ok
20:47:52.0596 0x11dc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:47:52.0813 0x11dc  Wdf01000 - ok
20:47:52.0854 0x11dc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:47:53.0357 0x11dc  WdiServiceHost - ok
20:47:53.0370 0x11dc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:47:53.0393 0x11dc  WdiSystemHost - ok
20:47:53.0485 0x11dc  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
20:47:53.0601 0x11dc  WebClient - ok
20:47:53.0689 0x11dc  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:47:53.0799 0x11dc  Wecsvc - ok
20:47:53.0834 0x11dc  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:47:53.0876 0x11dc  wercplsupport - ok
20:47:54.0009 0x11dc  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:47:54.0159 0x11dc  WerSvc - ok
20:47:54.0293 0x11dc  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:47:54.0435 0x11dc  WfpLwf - ok
20:47:54.0542 0x11dc  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:47:54.0589 0x11dc  WIMMount - ok
20:47:54.0957 0x11dc  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:47:55.0044 0x11dc  WinDefend - ok
20:47:55.0051 0x11dc  WinHttpAutoProxySvc - ok
20:47:55.0257 0x11dc  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:47:55.0363 0x11dc  Winmgmt - ok
20:47:55.0670 0x11dc  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:47:55.0809 0x11dc  WinRM - ok
20:47:55.0959 0x11dc  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:47:56.0011 0x11dc  WinUsb - ok
20:47:56.0233 0x11dc  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:47:56.0309 0x11dc  Wlansvc - ok
20:47:56.0816 0x11dc  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:47:56.0899 0x11dc  wlidsvc - ok
20:47:57.0227 0x11dc  [ D37926125FD1E162BFBECE999862377D, 7EF7F67EAF98D3CFE31A7B31819F85C892AD84AA7870308242385A585ABB9A26 ] WMCoreService   C:\Program Files\Mobile Broadband Service\WMCore.exe
20:47:57.0264 0x11dc  WMCoreService - detected UnsignedFile.Multi.Generic ( 1 )
20:47:58.0031 0x11dc  Detect skipped due to KSN trusted
20:47:58.0031 0x11dc  WMCoreService - ok
20:47:58.0098 0x11dc  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:47:58.0170 0x11dc  WmiAcpi - ok
20:47:58.0267 0x11dc  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:47:58.0311 0x11dc  wmiApSrv - ok
20:47:58.0628 0x11dc  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:47:58.0857 0x11dc  WMPNetworkSvc - ok
20:47:58.0950 0x11dc  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:47:59.0018 0x11dc  WPCSvc - ok
20:47:59.0045 0x11dc  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:47:59.0099 0x11dc  WPDBusEnum - ok
20:47:59.0164 0x11dc  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:47:59.0291 0x11dc  ws2ifsl - ok
20:47:59.0341 0x11dc  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
20:47:59.0357 0x11dc  wscsvc - ok
20:47:59.0420 0x11dc  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:47:59.0509 0x11dc  WSDPrintDevice - ok
20:47:59.0647 0x11dc  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
20:47:59.0737 0x11dc  WSDScan - ok
20:47:59.0742 0x11dc  WSearch - ok
20:48:00.0351 0x11dc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:48:00.0438 0x11dc  wuauserv - ok
20:48:00.0534 0x11dc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:48:00.0633 0x11dc  WudfPf - ok
20:48:00.0708 0x11dc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:00.0821 0x11dc  WUDFRd - ok
20:48:00.0879 0x11dc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:48:00.0915 0x11dc  wudfsvc - ok
20:48:01.0037 0x11dc  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:48:01.0105 0x11dc  WwanSvc - ok
20:48:01.0250 0x11dc  [ C3AF2098ADA2619D8E58A7894DC5F36E, 9347C17AD7FCF66F5398CEB7CDAF23F089978D1B39E0B8AC74BCFDB8AD11ACF3 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp.sys
20:48:01.0428 0x11dc  WwanUsbServ - ok
20:48:01.0672 0x11dc  ================ Scan global ===============================
20:48:01.0816 0x11dc  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:48:01.0955 0x11dc  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:48:02.0015 0x11dc  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:48:02.0075 0x11dc  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:48:02.0234 0x11dc  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:48:02.0262 0x11dc  [ Global ] - ok
20:48:02.0263 0x11dc  ================ Scan MBR ==================================
20:48:02.0304 0x11dc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:48:12.0648 0x11dc  \Device\Harddisk0\DR0 - ok
20:48:12.0649 0x11dc  ================ Scan VBR ==================================
20:48:12.0674 0x11dc  [ 4DDCDBEA384A28401004970B6F95A463 ] \Device\Harddisk0\DR0\Partition1
20:48:12.0688 0x11dc  \Device\Harddisk0\DR0\Partition1 - ok
20:48:12.0708 0x11dc  [ D78883CC95E520FAA3D21DE318FFBB7C ] \Device\Harddisk0\DR0\Partition2
20:48:12.0733 0x11dc  \Device\Harddisk0\DR0\Partition2 - ok
20:48:12.0733 0x11dc  ================ Scan generic autorun ======================
20:48:12.0775 0x11dc  [ FD5348D616692C9A99BCE3A9F301A107, 3387A1CFF46D5405063359644021ABA3D8ABBC88881DD5BCCE92D73064029F6C ] C:\Windows\system32\igfxtray.exe
20:48:12.0793 0x11dc  IgfxTray - ok
20:48:12.0829 0x11dc  [ 7CA23E1A91F70287E68B1737449522D7, A6540BA7E8A224E5C8D9F9A1B254D70B3D901E0BA69C014686DB1FADAA8CC793 ] C:\Windows\system32\hkcmd.exe
20:48:12.0839 0x11dc  HotKeysCmds - ok
20:48:12.0934 0x11dc  [ 5292DE7CCD4F15D1A3731F60903266F0, 5E5AF5CA3F7C1CB7CCA08667566BC1556677E23E98250BE03324ACDE7B4760D6 ] C:\Windows\system32\igfxpers.exe
20:48:12.0951 0x11dc  Persistence - ok
20:48:13.0011 0x11dc  [ CCB1A96002F0888DA70964781C742A82, 773C01C5593C71314E79B1817E766753E787466ED047AAC05662E096E5B98EBD ] C:\Windows\system32\000StTHK.exe
20:48:13.0030 0x11dc  000StTHK - detected UnsignedFile.Multi.Generic ( 1 )
20:48:23.0032 0x11dc  000StTHK ( UnsignedFile.Multi.Generic ) - warning
20:48:25.0334 0x11dc  [ B9FBE2C4DE9A72E8997697C8D5CAD009, EF2F8C2D4AE2D45232C97D60734B398E3EC59245702F4B5D3D7E5077DBF83B1D ] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
20:48:25.0347 0x11dc  ITSecMng - ok
20:48:25.0848 0x11dc  [ D413CA1FE8C2A314B9E0187BF6937428, 87991721433DBE653BA677793FD6B14FF34EE91A85A1785259851D5C9A2B41D4 ] C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
20:48:25.0929 0x11dc  TOSHIBA_3G_UTY - ok
20:48:26.0075 0x11dc  [ CE7648AF53E26CEB484F54866F195328, 0A9A563A83296A54EE3DD7AD8EB2FC6B50E329439C367B506592147214C0AA0E ] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe
20:48:26.0090 0x11dc  TOSDCR - ok
20:48:26.0328 0x11dc  [ 5EFAD191339DC87618F92513C200325B, 58930A26F592C6F6B2BC0799C9C40C5A3AB7C53C6A3403024203AC71C66A659C ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
20:48:26.0354 0x11dc  TPwrMain - ok
20:48:26.0485 0x11dc  [ 19343B3322F644F66E8B916AB26ECA99, FBAA9443E8420E7585FB428CB0449786BE756C16BC06AC58185342522CFD637B ] C:\Program Files\TOSHIBA\TBS\HSON.exe
20:48:26.0503 0x11dc  HSON - ok
20:48:26.0951 0x11dc  [ 0D65FA5F68BC590B65E4035ABBF47470, EBC53333812E9C17D8C41B7945B384C17D718A016EDADCAA70C9D016648B823A ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
20:48:27.0004 0x11dc  TCrdMain - ok
20:48:27.0176 0x11dc  [ 892D147F7DE64D4C77430EBF5C437454, 8177BD04F37F6FFDACC5F660D57B7877E03A51212F293CFAE10C2DD746BD6E31 ] C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe
20:48:27.0206 0x11dc  Discovery User Input - detected UnsignedFile.Multi.Generic ( 1 )
20:48:28.0161 0x11dc  Discovery User Input ( UnsignedFile.Multi.Generic ) - warning
20:48:28.0627 0x11dc  [ 45480F9BB2D09CFF8EA239B450267FA5, 11BDFE2678CA0E952706C235CB2E4558A5338F9C4E86429AE60CE220E1A306FF ] C:\Program Files\NetInst\eTray.exe
20:48:28.0643 0x11dc  NetInstall NiTray - ok
20:48:29.0064 0x11dc  [ 3A58296E27F8CC9B0C6F64828BC98920, 526C163E5604BEAC7257FF879BC75A7AC193BE9F0C9F3DA38B05DE7CF0F403A7 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:48:29.0083 0x11dc  avgnt - ok
20:48:29.0427 0x11dc  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:48:29.0440 0x11dc  APSDaemon - ok
20:48:29.0631 0x11dc  [ 52DA7FF3B06EE2B610EE897D8F6DCBD6, FBE12C89FA49207D9A8A02801190549F24101C1131FE4611669A8E24A2E8836F ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
20:48:29.0658 0x11dc  Cisco AnyConnect Secure Mobility Agent for Windows - ok
20:48:30.0070 0x11dc  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
20:48:30.0089 0x11dc  BCSSync - ok
20:48:30.0701 0x11dc  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:48:30.0741 0x11dc  Adobe ARM - ok
20:48:31.0130 0x11dc  [ 60CA57F87FAEA5A74C7D74FD68A38528, 50677B586DCDBAB503E401F2D5CA5C125F0881BB44050AE0B48ED1F5D4CA5475 ] C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe
20:48:31.0151 0x11dc  MSCRM - ok
20:48:31.0431 0x11dc  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files\iTunes\iTunesHelper.exe
20:48:31.0451 0x11dc  iTunesHelper - ok
20:48:31.0563 0x11dc  GoogleDriveSync - ok
20:48:31.0946 0x11dc  [ C948AC73822CA662CF44185B909EA18B, 75895AA3AAED47D50D178CF064F939ED1EB345E9ADD12527F9F5737395A9AFB4 ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
20:48:31.0998 0x11dc  OfficeSyncProcess - ok
20:48:32.0405 0x11dc  [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
20:48:32.0419 0x11dc  iCloudServices - ok
20:48:32.0496 0x11dc  [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
20:48:32.0510 0x11dc  ApplePhotoStreams - ok
20:48:33.0192 0x11dc  [ 6CB24AD9998AC4F83F0EBE05B4DF8AAB, 58DE1F9AB40CBB1DF0E61536F56D73401C46CC2CF6238B5E1C2402B083CB83EF ] C:\Users\ruhlanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:48:33.0223 0x11dc  OneDrive - ok
20:48:33.0706 0x11dc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:48:33.0971 0x11dc  Sidebar - ok
20:48:34.0197 0x11dc  [ 9C5AF7F2C7B781E59ED43D93DD0A997D, 4B0D6C9C45330D3279F882022B811188DC0642341AFCAF4CB308F77760506F8E ] C:\Program Files\TOSHIBA\TOSHIBA Wireless Manager\WirelessManager.exe
20:48:34.0219 0x11dc  WirelessManager - ok
20:48:34.0311 0x11dc  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:48:34.0340 0x11dc  mctadmin - ok
20:48:34.0342 0x11dc  Waiting for KSN requests completion. In queue: 21
20:48:35.0359 0x11dc  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 12.1.0.17 ), 0x41010 ( enabled : outofdate )
20:48:35.0367 0x11dc  Win FW state via NFP2: enabled
20:48:35.0542 0x11dc  ============================================================
20:48:35.0542 0x11dc  Scan finished
20:48:35.0542 0x11dc  ============================================================
20:48:35.0552 0x041c  Detected object count: 4
20:48:35.0552 0x041c  Actual detected object count: 4
20:49:12.0326 0x041c  LanProbe ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:12.0326 0x041c  LanProbe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:49:12.0330 0x041c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:12.0330 0x041c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:49:12.0335 0x041c  000StTHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:12.0335 0x041c  000StTHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:49:12.0336 0x041c  Discovery User Input ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:12.0337 0x041c  Discovery User Input ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.01.09
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RuhlandA :: ZUE-W-9860 [administrator]

01.04.2015 21:01:57
mbar-log-2015-04-01 (21-01-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 530021
Time elapsed: 1 hour(s), 13 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Servus,



Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

• Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

• die Logdatei von AdwCleaner,
• die Logdatei von MBAM,
• die Logdatei von JRT,
• die beiden neuen Logdateien von FRST.

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 02/04/2015 um 21:36:55
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : RuhlandA - ZUE-W-9860
# Gestarted von : C:\Users\ruhlanda\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - intranet.zwick.de;intranet.zue.zwick.de;infoplatform.zwick.de;zue-s-*;172.16.*;192.168.*;crm.zwick.de;zwicktest.zwick.de;<local>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - zue-s-87:8080

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v37.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2351 Bytes] - [26/02/2014 17:00:34]
AdwCleaner[R1].txt - [1392 Bytes] - [02/04/2015 21:32:50]
AdwCleaner[S0].txt - [2412 Bytes] - [26/02/2014 17:01:56]
AdwCleaner[S1].txt - [1312 Bytes] - [02/04/2015 21:36:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1371  Bytes] ##########