WIN 8.1 64bit: auch ich habe musik im hintergrund laufen - prozesse teilweise SEHR lahm! ;-(

littleredcar · 24.06.2015, 16:47

hallo.

auch bei mir hat sich was eingenistet: habe seit zwei tagen immer wieder musik im hintergrund ohne erkennbar offene programme (auch nicht im task manager). haengen bleibt der PC schon laenger immer mal wieder fuer mehrere minuten...

/////
EDIT: habe gerade festgestellt, dass da eine art video zu "haengen" scheint! ich war die tage auf kickstarter und habe mir ein projektvideo angesehen. jetzt war ich da wieder und die musik (es werden immer nur ca. 0,5 sek. alle ca. 30 sek. 'angespielt') ist exact das lied aus dem video! ich poste hier jetzt mal keinen link wegen der sicherheit. ;-)
/////

FRST habe ich bereits laufen lassen. hier die beiden textdateien.

Addition.txt
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by LITTLEREDCAR at 2015-06-24 16:12:29
Running from C:\Users\LITTLEREDCAR\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

LITTLEREDCAR (S-1-5-21-4126030575-41912768-2344454900-1001 - Administrator - Enabled) => C:\Users\LITTLEREDCAR
Administrator (S-1-5-21-4126030575-41912768-2344454900-500 - Administrator - Disabled)
Gast (S-1-5-21-4126030575-41912768-2344454900-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4126030575-41912768-2344454900-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
ALIAS Find And Replace 1.3.0 (HKLM-x32\...\ALIAS Find And Replace 1.3.0_is1) (Version: 1.3.0 - ALIAS Software)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.1997879112 - Audible, Inc.)
Autostart-Manager (HKLM-x32\...\{5C2C73F6-CE73-4A01-868E-7045B7805334}) (Version: 6.02.0000 - Wirth IT Design )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.3 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.3 - Balsamiq SRL) Hidden
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.24 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.24 - Balsamiq SRL) Hidden
Caesium Version 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa)
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{9EEE5827-F6A6-447E-9839-6AFAF6FCC442}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
ezr8 VideoLab 1.0 (HKLM-x32\...\{F83C83CB-C7A6-414b-8F85-C9A41303A299}_is1) (Version: 1.0 - Ezr8)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)
Falk Navi-Manager (HKLM-x32\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.26.1 - United Navigation GmbH)
Falk Navi-Manager (x32 Version: 2.26.0 - United Navigation GmbH) Hidden
Fast Image-Map 2.2.1 (HKLM-x32\...\FastImageMap_is1) (Version: 2.2.1.0 - Martin Hentschel (CL-Soft))
FileZilla Client 3.7.4 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4 - Tim Kosse)
FilterFTP (HKLM-x32\...\FilterFTP_is1) (Version: Actual Version - IN MEDIA KG)
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotograf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.7.0 - Google Inc.)
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
Ground Station 4.0.11 (HKLM-x32\...\{47B0D79A-8369-463F-A111-A3C24E208B73}) (Version: 4.0.11 - DJI Product)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)
Hugin 2014.0.0 (HKLM-x32\...\Hugin) (Version: 2014.0.0 hg_5da69bc383dd - The Hugin Development Team)
HVB eFIN 4 (HKLM-x32\...\HVB eFIN 4) (Version:  - )
IETester v0.5.2 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.2 - Core Services)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Ipswitch WS_FTP Professional 2007 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.1.0000 - Ipswitch)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JPEGmini (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\5d2010e174743543) (Version: 1.8.33.1 - ICVT Ltd)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
Macaw (HKLM-x32\...\{285CC687-1EB0-4826-9AAC-90C9BDE5A2EC}) (Version: 1.5.15 - Macaw, LLC)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
mirabyte Discstarter 6.4.0 (HKLM-x32\...\{3F22B9CE-872C-11DE-99EF-525255D89593}_is1) (Version: 6.4.0 - mirabyte GmbH & Co. KG)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
OpenPilot GCS (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\OpenPilot) (Version: Ragin' Cajun - OpenPilot Team)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
PanoramaStudio 2.5 Pro ((deinstallieren)) (HKLM\...\PanoramaStudio2Pro) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PTGui Trial 9.2.0 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SILKYPIX Developer Studio 4.1 SE (HKLM-x32\...\InstallShield_{7FA26D45-84D8-49EB-80BE-B7AD0A0C4497}) (Version: 4 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.1 SE (x32 Version: 4 - Ichikawa Soft Laboratory) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Swimovate (HKLM-x32\...\Swimovate) (Version: 2.0.0.0 - Swimovate)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TextPad 7 (HKLM\...\{3DE3E4EE-F270-4A31-AB76-475515C661BD}) (Version: 7.4.0 - Helios)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - OpenPilot (usbser) Ports  (11/21/2014 3.0.0.0) (HKLM\...\BD9150BF7DFF447F2F59CE296CC81C0AABAD7C01) (Version: 11/21/2014 3.0.0.0 - OpenPilot)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinSCP 4.1.8 (HKLM-x32\...\winscp3_is1) (Version: 4.1.8 - Martin Prikryl)
Wondershare Video Converter Ultimate(Build 7.4.0.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.4.0.2 - Wondershare Software)
XMind 6 (v3.5.0) (HKLM-x32\...\XMind_is1) (Version: 3.5.0.201410310637 - XMind Ltd.)
Zoom Search Engine 6.0 (HKLM-x32\...\Zoom Search Engine 6.0_is1) (Version: 6.0 - Wrensoft)
S?????? f?t???af??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4126030575-41912768-2344454900-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4126030575-41912768-2344454900-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> E:\programme\System\shellext64.dll No File

==================== Restore Points =========================

04-06-2015 23:29:18 Geplanter Prüfpunkt
10-06-2015 08:15:38 Windows Update
11-06-2015 17:18:14 Installed Ground Station 4.0.11
19-06-2015 08:03:44 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BDE36A7-BC9C-4E30-A862-DE3AD4A4A51B} - System32\Tasks\GoogleUpdateTaskMachineCore1d090d0cb19ae91 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {0C630F07-BA55-4404-B93D-1A13CD580D34} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {0EE55A10-7129-4DA6-A59C-CCCB80DD6075} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {29852B63-24E8-4CA3-BF5D-264D940E798A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {2FA353CD-4627-4F11-B3F6-78046A714F18} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {342FBF6B-E162-47A2-A144-EFCEEA586A61} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {496997D7-47FE-4866-A8F1-59DE17408357} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {4B060C44-64AB-477F-AAF8-6E162BDDA424} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-info@absoluto.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {4D5BC36D-4C0E-412A-8293-7414B77A573C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {545AD991-EFC6-4E19-B638-11CF7E812E61} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: {7BCDF7A1-0647-41F6-8CD6-17A041C32DF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {8189DCEF-36DE-4D67-B6F6-D04DD634311B} - System32\Tasks\AdobeAAMUpdater-1.0-absoluto-LITTLEREDCAR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8AC449AE-4930-42B9-8922-74367E8A749E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0409d7a1a9c71 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {8C999B65-B598-48E9-B2F0-4977ACC2DA51} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {9AB015A7-8F90-4300-8DDE-8DA1B2A6DDC1} - System32\Tasks\Opera scheduled Autoupdate 1377195848 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {AC4069AC-AE34-4E5A-ACBE-0EBA47B4F94C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B6921BD3-5E2A-4B01-95D9-871F226ED6DE} - System32\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001 => C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe [2015-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B88D5377-8A53-41A8-8B3E-2E045092BC10} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BE694AFC-A345-4BD5-B44E-50B1E4D43F59} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DA931D1B-FDE0-4A49-BF02-1E04C236BDE5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F144F420-723B-4AD6-A092-263C5CBAAD98} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {FC9671CB-7E52-480D-8578-FE9F06B8E79A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {FCBC0C9B-C411-4D45-A081-FF37522D9961} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001.job => C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090d0cb19ae91.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0409d7a1a9c71.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-26 06:34 - 2011-07-26 06:34 - 00034304 _____ () C:\WINDOWS\System32\ml285pl6.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () E:\programme\FileZilla FTP Client\fzshellext_64.dll
2014-10-16 08:19 - 2014-10-16 08:19 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\63948598d919af60addb114fdd3ccb56\PSIClient.ni.dll
2012-10-23 12:05 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\LITTLEREDCAR\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Control Panel\Desktop\\Wallpaper -> E:\design\wallpapers\halfbike\halfbike02.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{BE29F091-236E-47CF-9EB3-09FF6B629001}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe
FirewallRules: [TCP Query User{0A1D2D06-585A-48AF-A0F4-84D41CB8B01F}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe
FirewallRules: [UDP Query User{0A944A22-A8AB-41C6-B348-EF98A54AD4B4}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [TCP Query User{7759FB35-FEBA-4FEB-9B6F-9B8C966036DA}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [UDP Query User{2A33EE1C-54AE-41A7-B4A1-0E3F8EA70CF4}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [TCP Query User{42C8C742-CE14-47B0-9B7C-4526C8CD8C89}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [UDP Query User{37665F5D-5C0E-4F8D-81E8-178FCBE02D8D}E:\programme\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\programme\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{F43EC174-32C5-4F0F-85ED-4E365886DEEA}E:\programme\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\programme\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{10D5A730-F7FB-4E69-931C-68979A31BE64}] => (Allow) E:\programme\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{7FCA922C-DFB5-481D-94F6-BB0EDD98B7DF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{73BCEC83-667E-4861-A023-8FB190A17451}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{5F9F6B7C-EA6F-4018-94D7-8917BF974E94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BFAEC8EB-B3F7-4D9F-B406-83C3BCB842FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F72A9FCE-2F6B-46E8-ACAE-4C23B64B49B6}] => (Allow) LPort=1900
FirewallRules: [{FEA90377-AA98-41C6-8F59-EC9BA9FB54C5}] => (Allow) LPort=2869
FirewallRules: [{EB2281D8-6635-4AFA-A6D2-A59478D8B350}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{FC3E5D3E-D3D7-44F1-9FDE-3E7B23B635F2}E:\programme\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) E:\programme\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{7F45F8F2-7340-49C2-B857-93888169D741}E:\programme\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) E:\programme\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [TCP Query User{188B1406-2226-47BD-B727-F8BDEC0F83B8}E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [UDP Query User{D3C44DFE-57CA-465A-A9A9-19D4B4B27A97}E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [{B888E982-88F1-4345-A08E-B5A7577316A5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{6D3B69AF-D9F3-4514-8BE4-87553EB5D7E8}E:\programme\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\programme\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{77959F26-57DE-437C-8B95-1102408EE379}E:\programme\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\programme\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{7837D2BF-2B49-463A-A512-0A0536FB17F8}E:\programme\macaw\macaw-node.exe] => (Allow) E:\programme\macaw\macaw-node.exe
FirewallRules: [UDP Query User{E59990BF-9E71-4AE3-9E41-5E528222A02C}E:\programme\macaw\macaw-node.exe] => (Allow) E:\programme\macaw\macaw-node.exe
FirewallRules: [TCP Query User{93285B16-4392-4540-90D4-8E55CCCD6C30}C:\program files (x86)\macaw\macaw-node.exe] => (Allow) C:\program files (x86)\macaw\macaw-node.exe
FirewallRules: [UDP Query User{20C8E973-566B-4D72-B2EA-D6D4A9429439}C:\program files (x86)\macaw\macaw-node.exe] => (Allow) C:\program files (x86)\macaw\macaw-node.exe
FirewallRules: [{5F42B699-2FE0-45B3-9351-477C96DD75FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECFAF84D-C8D6-49D5-8B54-20828F077D24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{26AD6D33-DBCA-4A64-ABEC-4BFF8FDAABB9}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe
FirewallRules: [UDP Query User{378880FC-B0C0-4A85-B9CB-DC84246BD034}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe
FirewallRules: [{5F7CF6DB-A428-4E63-BD8B-B00A13394982}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563b224
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b84
ID des fehlerhaften Prozesses: 0x11bc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (06/24/2015 04:05:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f78

Startzeit: 01d0ae4159986199

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 05e99f45-1a7a-11e5-8167-001f81000830

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/23/2015 05:40:27 PM) (Source: MsiInstaller) (EventID: 11925) (User: ABSOLUTO)
Description: Product: Balsamiq Mockups 3 -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.

Error: (06/23/2015 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563b224
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b84
ID des fehlerhaften Prozesses: 0x494
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (06/23/2015 04:56:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:54:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (06/24/2015 07:40:34 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.

Error: (06/24/2015 07:40:30 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.

Error: (06/23/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/23/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/23/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/23/2015 05:33:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/23/2015 05:33:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/23/2015 05:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero BackItUp Scheduler 3" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/23/2015 05:33:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/23/2015 05:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/24/2015 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224MSONSEXT.DLL11.0.6715.6043306199c000000500052b8411bc01d0ae4160ea7169C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLLc40ee6f3-1a7a-11e5-8167-001f81000830

Error: (06/24/2015 04:05:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667f7801d0ae41599861990C:\WINDOWS\Explorer.EXE05e99f45-1a7a-11e5-8167-001f81000830

Error: (06/23/2015 05:40:27 PM) (Source: MsiInstaller) (EventID: 11925) (User: ABSOLUTO)
Description: Product: Balsamiq Mockups 3 -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/23/2015 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224MSONSEXT.DLL11.0.6715.6043306199c000000500052b8449401d0ad9ae9a01640C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLLa934bc80-19bb-11e5-8165-d43d7e2ed550

Error: (06/23/2015 04:56:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\$Recycle.Bin\S-1-5-21-4126030575-41912768-2344454900-1001\$RM9Q0ZI.exeC:\$Recycle.Bin\S-1-5-21-4126030575-41912768-2344454900-1001\$RM9Q0ZI.exe0

Error: (06/23/2015 04:54:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exe0


CodeIntegrity Errors:
===================================
  Date: 2014-02-28 12:59:35.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8136.17 MB
Available physical RAM: 6232.35 MB
Total Pagefile: 9416.17 MB
Available Pagefile: 7226.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:252.79 GB) (Free:154.48 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.75 GB) NTFS
Drive e: (Daten) (Fixed) (Total:1548.17 GB) (Free:976.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 10118449)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

und FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by LITTLEREDCAR (administrator) on ABSOLUTO on 24-06-2015 16:11:42
Running from C:\Users\LITTLEREDCAR\Desktop
Loaded Profiles: LITTLEREDCAR (Available Profiles: LITTLEREDCAR)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => E:\programme\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944 2015-06-02] (Mozilla Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [outlook] => E:\programme\Microsoft Office\OFFICE11\OUTLOOK.EXE [196440 2010-06-23] (Microsoft Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [MyPhoneExplorer] => E:\programme\MyPhoneExplorer\MyPhoneExplorer.exe [5442456 2014-08-24] (F.J. Wechselberger)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {1dbdf4b7-9aeb-11e4-80bb-d43d7e2ed550} - "H:\LG_PC_Programs.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {29cf759a-0c41-11e3-be91-d43d7e2ed550} - "K:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {381ccb1c-87e6-11e3-bf3d-d43d7e2ed550} - "I:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-17] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default
FF Homepage: hxxp://www.hitclick.de/startseite/ma004rtin.php
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-10-18] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> E:\programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4126030575-41912768-2344454900-1001: @citrixonline.com/appdetectorplugin -> C:\Users\LITTLEREDCAR\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF SearchPlugin: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\searchplugins\englische-ergebnisse.xml [2013-12-23]
FF SearchPlugin: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\searchplugins\lastminute.xml [2013-12-23]
FF Extension: Xmarks - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\foxmarks@kei.com [2015-05-29]
FF Extension: FireShot - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-08]
FF Extension: Html Validator - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2015-05-29]
FF Extension: ColorZilla - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-05-29]
FF Extension: Snip-Me - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\addon@snip-me.de.xpi [2013-08-26]
FF Extension: Distill Web Monitor (formerly AlertBox) - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\alertbox@ajitk.com.xpi [2015-05-05]
FF Extension: Image Map Editor - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\an@hjb-seite.de.xpi [2013-12-19]
FF Extension: Firebug - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\firebug@software.joehewitt.com.xpi [2013-08-26]
FF Extension: SpellcheckEverything - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\SpellcheckEverything@example.com.xpi [2015-03-05]
FF Extension: TinEye Reverse Image Search - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\tineye@ideeinc.com.xpi [2014-04-23]
FF Extension: Qipu Cashbackmelder open beta - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\toolbar@qipu.de.xpi [2013-08-26]
FF Extension: YSlow - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\yslow@yahoo-inc.com.xpi [2013-09-09]
FF Extension: Firesizer - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2014-11-25]
FF Extension: Speed Dial - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-08-26]
FF Extension: Google Reverse Image Search - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2014-04-23]
FF Extension: Tab Mix Plus - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-07-01]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR Profile: C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]
CHR Extension: (Google Drive) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (Palettab) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidckpnndigbjhmojikkhmejkfkpgoih [2014-10-17]
CHR Extension: (YouTube) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Google Search) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; E:\programme\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 SkypeUpdate; E:\programme\skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 16:11 - 2015-06-24 16:12 - 00021732 _____ C:\Users\LITTLEREDCAR\Desktop\FRST.txt
2015-06-24 16:03 - 2015-06-24 16:05 - 02109952 _____ (Farbar) C:\Users\LITTLEREDCAR\Desktop\FRST64.exe
2015-06-23 17:41 - 2015-06-23 17:41 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2015-06-23 17:41 - 2015-06-23 17:41 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\BalsamiqMockups3
2015-06-23 17:40 - 2015-06-23 17:40 - 00000695 _____ C:\Users\Public\Desktop\Balsamiq Mockups 3.lnk
2015-06-23 17:40 - 2015-06-23 17:40 - 00000695 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2015-06-23 17:32 - 2015-06-23 17:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-ABSOLUTO-Windows-8.1-(64-bit).dat
2015-06-23 17:32 - 2015-06-23 17:32 - 00000000 ____D C:\RegBackup
2015-06-23 17:23 - 2015-06-23 17:23 - 00000000 ____D C:\Users\LITTLEREDCAR\Desktop\simpleCE-Package
2015-06-23 17:18 - 2015-06-23 17:25 - 00000000 ____D C:\AdwCleaner
2015-06-23 17:10 - 2015-06-24 16:11 - 00000000 ____D C:\FRST
2015-06-23 16:58 - 2015-06-23 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-23 16:57 - 2015-06-23 16:57 - 00000748 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-23 16:57 - 2015-06-23 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-23 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-23 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-23 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-23 11:51 - 2015-06-23 11:51 - 00001134 _____ C:\Users\LITTLEREDCAR\Desktop\89.lnk
2015-06-17 18:31 - 2015-06-17 18:31 - 00000000 ____D C:\Users\LITTLEREDCAR\Desktop\TESTEN_sitecake-2.2.8
2015-06-16 14:20 - 2015-06-16 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-16 14:10 - 2015-06-16 14:21 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\OpenPilot
2015-06-16 14:10 - 2015-06-16 14:10 - 00001134 _____ C:\Users\Public\Desktop\OpenPilot GCS.lnk
2015-06-16 14:10 - 2015-06-16 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenPilot
2015-06-16 14:10 - 2015-06-16 14:10 - 00000000 ____D C:\Program Files\DIFX
2015-06-15 08:48 - 2015-06-15 08:48 - 00001213 _____ C:\Users\LITTLEREDCAR\Desktop\phantom-checklist.lnk
2015-06-15 08:42 - 2015-06-15 08:42 - 00000783 _____ C:\Users\LITTLEREDCAR\Desktop\kopter.lnk
2015-06-11 17:28 - 2015-06-11 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-06-11 17:19 - 2015-06-11 17:19 - 00003159 _____ C:\Users\LITTLEREDCAR\Desktop\Ground Station 4.0.11.lnk
2015-06-11 17:19 - 2015-06-11 17:19 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DJI Product
2015-06-11 17:19 - 2015-06-11 17:19 - 00000000 ____D C:\Program Files (x86)\DJI Product
2015-06-10 08:15 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 08:15 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 08:15 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 08:15 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 08:15 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 08:15 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 08:15 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 08:15 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 08:15 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 08:15 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 08:15 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 08:15 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 08:15 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 08:15 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 08:10 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 08:10 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 08:10 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 08:10 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 08:10 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 08:10 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 08:10 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 08:10 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 08:10 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 08:10 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 08:10 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 08:10 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 08:10 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 08:10 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 08:10 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 08:10 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 08:10 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 08:10 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 08:10 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 08:10 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 08:10 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 08:10 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 08:10 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 08:10 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 08:10 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 08:10 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 08:10 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 08:10 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 08:10 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 08:10 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 08:10 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 08:10 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 08:10 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 08:10 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 08:10 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 08:10 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 08:10 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 08:10 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 08:10 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 08:10 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 08:10 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 08:10 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 08:10 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 08:10 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 08:10 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 08:10 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 08:10 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 08:10 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 08:10 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 08:10 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 08:10 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 08:10 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 08:10 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 08:10 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 08:10 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-02 20:32 - 2015-06-04 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 07:24 - 2015-06-02 07:24 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\GWX
2015-05-27 14:08 - 2015-05-27 14:08 - 00000682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macaw.lnk
2015-05-27 14:08 - 2015-05-27 14:08 - 00000000 ____D C:\Program Files (x86)\Macaw
2015-05-27 10:29 - 2015-05-27 10:29 - 00001134 _____ C:\Users\LITTLEREDCAR\Desktop\88.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 16:10 - 2013-08-20 15:25 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126030575-41912768-2344454900-1001
2015-06-24 16:08 - 2013-08-22 20:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-24 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-24 15:30 - 2015-01-21 12:03 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001.job
2015-06-24 15:22 - 2013-08-25 16:32 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-06-24 15:15 - 2013-08-22 20:24 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 14:56 - 2014-01-10 15:18 - 01535051 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-24 08:48 - 2013-08-22 21:53 - 55117312 ___SH C:\Users\LITTLEREDCAR\Desktop\Thumbs.db
2015-06-24 08:08 - 2013-08-22 20:23 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-24 08:00 - 2015-05-17 22:01 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 07:48 - 2014-01-10 15:25 - 00000000 __RDO C:\Users\LITTLEREDCAR\SkyDrive
2015-06-24 07:44 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 07:40 - 2013-11-14 00:18 - 00230260 _____ C:\WINDOWS\PFRO.log
2015-06-24 07:40 - 2013-08-22 16:46 - 00347369 _____ C:\WINDOWS\setupact.log
2015-06-24 07:40 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-23 17:38 - 2014-01-21 11:57 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\Deployment
2015-06-23 17:37 - 2014-08-11 16:37 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\FreeFileSync
2015-06-23 17:32 - 2013-11-14 09:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-23 17:32 - 2013-11-14 09:11 - 00765378 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-23 17:32 - 2013-11-14 09:11 - 00159696 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-23 17:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\System
2015-06-23 17:26 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-23 16:35 - 2013-08-22 19:47 - 00000600 _____ C:\Users\LITTLEREDCAR\AppData\Roaming\winscp.rnd
2015-06-23 12:00 - 2014-08-30 13:20 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\Adobe
2015-06-23 10:34 - 2014-02-10 13:33 - 00000000 ____D C:\1
2015-06-23 08:28 - 2013-08-26 10:09 - 00025600 _____ C:\Users\LITTLEREDCAR\Desktop\ein-herz-fuer-absoluto_12062015.xls
2015-06-21 18:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 02:33 - 2015-05-18 17:00 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-06-18 14:59 - 2013-08-22 21:44 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\Notepad++
2015-06-18 10:23 - 2015-04-01 13:43 - 00000731 _____ C:\Users\LITTLEREDCAR\Desktop\coc-todos.txt
2015-06-16 14:19 - 2013-08-20 17:42 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-16 14:19 - 2013-08-20 17:42 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-16 14:10 - 2013-08-26 12:02 - 00023408 _____ C:\WINDOWS\DPINST.LOG
2015-06-15 16:28 - 2014-11-17 11:37 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieBrowserModeList
2015-06-15 16:28 - 2014-04-28 15:38 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieUserList
2015-06-15 16:28 - 2014-04-28 15:38 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieSiteList
2015-06-15 11:03 - 2013-08-20 15:18 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\VirtualStore
2015-06-11 20:12 - 2015-04-16 18:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-11 20:12 - 2015-03-04 01:17 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-11 20:12 - 2014-01-10 15:01 - 00000000 ____D C:\Users\LITTLEREDCAR
2015-06-11 20:12 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-11 18:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 17:28 - 2013-08-22 20:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 12:17 - 2013-08-20 18:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 12:13 - 2012-10-19 18:17 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 09:16 - 2014-11-19 08:45 - 00003852 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1377195848
2015-06-11 09:16 - 2013-08-22 20:24 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-11 09:16 - 2013-08-22 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-11 08:11 - 2013-08-22 16:44 - 06088688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-04 22:31 - 2013-08-22 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 16:47 - 2013-08-29 13:54 - 00000132 _____ C:\Users\LITTLEREDCAR\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-06-01 07:56 - 2013-09-11 04:43 - 00000000 ____D C:\HVB eFIN 4
2015-05-27 09:13 - 2013-12-27 17:08 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2014-06-18 19:13 - 2014-07-02 14:07 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
2013-08-29 13:54 - 2015-06-01 16:47 - 0000132 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-11 21:07 - 2014-02-11 21:07 - 0000119 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\licecap.ini
2013-08-22 19:47 - 2015-06-23 16:35 - 0000600 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\winscp.rnd
2014-07-03 17:31 - 2014-07-03 17:31 - 0001456 _____ () C:\Users\LITTLEREDCAR\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-09-19 16:19 - 2013-09-19 16:19 - 0004608 _____ () C:\Users\LITTLEREDCAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 11:18 - 2015-05-20 11:18 - 0000036 _____ () C:\Users\LITTLEREDCAR\AppData\Local\housecall.guid.cache
2012-10-23 12:20 - 2012-10-23 12:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-23 12:18 - 2012-10-23 12:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-23 12:16 - 2012-10-23 12:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-23 12:19 - 2012-10-23 12:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-10-23 12:16 - 2012-10-23 12:18 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2012-10-23 12:19 - 2012-10-23 12:19 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\LITTLEREDCAR\AppData\Local\Temp\avgnt.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\bitool.dll
C:\Users\LITTLEREDCAR\AppData\Local\Temp\NaviMgrInstaller.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.7.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\Quarantine.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\sqlite3.dll
C:\Users\LITTLEREDCAR\AppData\Local\Temp\vcredist_x64_vs2010.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-22 08:19

==================== End of log ============================

--- --- ---

waere klasse, wenn ich das mit eurer hilfe wegbekaeme!

danke und gruss.

schrauber · 24.06.2015, 17:32

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

littleredcar · 24.06.2015, 18:47

hi, danke!

mbar ergab:
no cleanup required! -> es wurde KEIN neustart veranlasst!

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.24.03
  rootkit: v2015.06.22.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
LITTLEREDCAR :: ABSOLUTO [administrator]

24.06.2015 19:20:59
mbar-log-2015-06-24 (19-20-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 390561
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

weiter geht´s...

tdsskiller fand auch nix!

Code:

ATTFilter

19:44:16.0392 0x1494  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:44:16.0402 0x1494  UEFI system
19:45:11.0561 0x1494  ============================================================
19:45:11.0561 0x1494  Current date / time: 2015/06/24 19:45:11.0561
19:45:11.0561 0x1494  SystemInfo:
19:45:11.0561 0x1494  
19:45:11.0561 0x1494  OS Version: 6.3.9600 ServicePack: 0.0
19:45:11.0561 0x1494  Product type: Workstation
19:45:11.0561 0x1494  ComputerName: ABSOLUTO
19:45:11.0561 0x1494  UserName: LITTLEREDCAR
19:45:11.0561 0x1494  Windows directory: C:\WINDOWS
19:45:11.0561 0x1494  System windows directory: C:\WINDOWS
19:45:11.0561 0x1494  Running under WOW64
19:45:11.0561 0x1494  Processor architecture: Intel x64
19:45:11.0561 0x1494  Number of processors: 8
19:45:11.0561 0x1494  Page size: 0x1000
19:45:11.0561 0x1494  Boot type: Normal boot
19:45:11.0561 0x1494  ============================================================
19:45:12.0010 0x1494  KLMD registered as C:\WINDOWS\system32\drivers\08693800.sys
19:45:12.0736 0x1494  System UUID: {906A789F-E046-EFC3-5162-BAAE0A5273AE}
19:45:13.0360 0x1494  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:13.0401 0x1494  ============================================================
19:45:13.0401 0x1494  \Device\Harddisk0\DR0:
19:45:13.0402 0x1494  GPT partitions:
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DF4DF88E-2B1C-4C75-B721-A1CC7D2AC6B1}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF97FC
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2B78CA74-DD10-4EAA-9ADA-3575DFE56490}, Name: EFI system partition, StartLBA 0xF9FFC, BlocksNum 0x32000
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D1905E9B-9FF4-42AA-9E00-37E914393556}, Name: Microsoft reserved partition, StartLBA 0x12BFFC, BlocksNum 0x40004
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {AE49ED8C-19C2-41DE-A295-700E13D05D52}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E3E39B41-0E45-4E13-B4BE-6B61CF0AACB0}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x1F996800
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {787942CB-3FC5-44C6-8A79-C2E686767F01}, Name: , StartLBA 0x1FD02800, BlocksNum 0xAF000
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0006D953-6DB0-E6B3-289F-DF1FA6B20D00}, Name: Basic data partition, StartLBA 0x1FDB1800, BlocksNum 0xC1857000
19:45:13.0402 0x1494  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B2D5ABF0-B4A5-4138-99CE-58D433F7E27A}, Name: Basic data partition, StartLBA 0xE1609000, BlocksNum 0x77FF800
19:45:13.0402 0x1494  MBR partitions:
19:45:13.0402 0x1494  ============================================================
19:45:13.0448 0x1494  C: <-> \Device\Harddisk0\DR0\Partition5
19:45:13.0478 0x1494  D: <-> \Device\Harddisk0\DR0\Partition8
19:45:13.0519 0x1494  E: <-> \Device\Harddisk0\DR0\Partition7
19:45:13.0519 0x1494  ============================================================
19:45:13.0519 0x1494  Initialize success
19:45:13.0519 0x1494  ============================================================
19:45:33.0263 0x157c  ============================================================
19:45:33.0263 0x157c  Scan started
19:45:33.0263 0x157c  Mode: Manual; SigCheck; TDLFS; 
19:45:33.0263 0x157c  ============================================================
19:45:33.0263 0x157c  KSN ping started
19:45:35.0693 0x157c  KSN ping finished: true
19:45:38.0242 0x157c  ================ Scan system memory ========================
19:45:38.0242 0x157c  System memory - ok
19:45:38.0242 0x157c  ================ Scan services =============================
19:45:38.0355 0x157c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
19:45:38.0572 0x157c  1394ohci - ok
19:45:38.0669 0x157c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
19:45:38.0679 0x157c  3ware - ok
19:45:38.0717 0x157c  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
19:45:38.0737 0x157c  ACPI - ok
19:45:38.0753 0x157c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
19:45:38.0789 0x157c  acpiex - ok
19:45:38.0816 0x157c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
19:45:38.0865 0x157c  acpipagr - ok
19:45:38.0886 0x157c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
19:45:38.0961 0x157c  AcpiPmi - ok
19:45:38.0992 0x157c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
19:45:39.0024 0x157c  acpitime - ok
19:45:39.0082 0x157c  [ EEA4C099FA7DE4FBD54756C33BAF14D5, 9861BFAE0290E0BA7A0B50BBE7593BF36B63E565AEEFBD8980AE22A22BFAE703 ] ADExchange      C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
19:45:39.0109 0x157c  ADExchange - ok
19:45:39.0181 0x157c  [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:45:39.0193 0x157c  AdobeARMservice - ok
19:45:39.0287 0x157c  [ 1234A12B71DAE034E45C714AE5A54412, 079E6BC834F38322ED5ED76295EC3961ED894084EF5CB171DFFBD9B3822CC78D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:39.0305 0x157c  AdobeFlashPlayerUpdateSvc - ok
19:45:39.0343 0x157c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
19:45:39.0378 0x157c  ADP80XX - ok
19:45:39.0411 0x157c  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
19:45:39.0467 0x157c  AeLookupSvc - ok
19:45:39.0509 0x157c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
19:45:39.0630 0x157c  AFD - ok
19:45:39.0666 0x157c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
19:45:39.0677 0x157c  agp440 - ok
19:45:39.0702 0x157c  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
19:45:39.0754 0x157c  ahcache - ok
19:45:39.0781 0x157c  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
19:45:39.0836 0x157c  ALG - ok
19:45:39.0860 0x157c  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
19:45:39.0958 0x157c  AMD External Events Utility - ok
19:45:39.0971 0x157c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
19:45:40.0035 0x157c  AmdK8 - ok
19:45:40.0323 0x157c  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
19:45:40.0635 0x157c  amdkmdag - ok
19:45:40.0676 0x157c  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
19:45:40.0704 0x157c  amdkmdap - ok
19:45:40.0716 0x157c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
19:45:40.0740 0x157c  AmdPPM - ok
19:45:40.0764 0x157c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
19:45:40.0773 0x157c  amdsata - ok
19:45:40.0783 0x157c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
19:45:40.0794 0x157c  amdsbs - ok
19:45:40.0828 0x157c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
19:45:40.0836 0x157c  amdxata - ok
19:45:40.0859 0x157c  [ A74D6CCEECD8DCDE348521E6A7F3FAE3, 6CC14CFA95C98B011F017F32ED6A0CFA48A108002F605835358FFBCF21EA3C9F ] AndnetBus       C:\WINDOWS\System32\drivers\lgandnetbus64.sys
19:45:40.0900 0x157c  AndnetBus - ok
19:45:40.0909 0x157c  [ FF7DBB0CC5D0576DF07C901D8451F40A, E1AEF2856DFBBE188698EC45AD15D6D677737068D38952CD7074C9BEB4B2F023 ] AndNetDiag      C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys
19:45:40.0950 0x157c  AndNetDiag - ok
19:45:40.0961 0x157c  [ 24B6E19D8A068992114CF4EF6BDDD63A, 1CB4EAB27D93F4352CA957548EC2FEAE91175A23F71D83E81CE324B6CCA5E118 ] ANDNetModem     C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys
19:45:40.0991 0x157c  ANDNetModem - ok
19:45:41.0044 0x157c  [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
19:45:41.0078 0x157c  AntiVirMailService - ok
19:45:41.0108 0x157c  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:45:41.0119 0x157c  AntiVirSchedulerService - ok
19:45:41.0139 0x157c  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:45:41.0149 0x157c  AntiVirService - ok
19:45:41.0176 0x157c  [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
19:45:41.0201 0x157c  AntiVirWebService - ok
19:45:41.0229 0x157c  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
19:45:41.0279 0x157c  AppID - ok
19:45:41.0308 0x157c  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
19:45:41.0326 0x157c  AppIDSvc - ok
19:45:41.0354 0x157c  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
19:45:41.0395 0x157c  Appinfo - ok
19:45:41.0415 0x157c  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
19:45:41.0470 0x157c  AppReadiness - ok
19:45:41.0531 0x157c  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
19:45:41.0636 0x157c  AppXSvc - ok
19:45:41.0657 0x157c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
19:45:41.0670 0x157c  arcsas - ok
19:45:41.0690 0x157c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
19:45:41.0709 0x157c  atapi - ok
19:45:41.0746 0x157c  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
19:45:41.0754 0x157c  AtiHDAudioService - ok
19:45:41.0814 0x157c  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
19:45:41.0889 0x157c  AudioEndpointBuilder - ok
19:45:41.0986 0x157c  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
19:45:42.0042 0x157c  Audiosrv - ok
19:45:42.0085 0x157c  [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:45:42.0101 0x157c  avgntflt - ok
19:45:42.0129 0x157c  [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:45:42.0152 0x157c  avipbb - ok
19:45:42.0173 0x157c  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:45:42.0186 0x157c  avkmgr - ok
19:45:42.0219 0x157c  [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
19:45:42.0250 0x157c  avnetflt - ok
19:45:42.0276 0x157c  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
19:45:42.0331 0x157c  AxInstSV - ok
19:45:42.0388 0x157c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
19:45:42.0423 0x157c  b06bdrv - ok
19:45:42.0455 0x157c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
19:45:42.0508 0x157c  BasicDisplay - ok
19:45:42.0542 0x157c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
19:45:42.0636 0x157c  BasicRender - ok
19:45:42.0663 0x157c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
19:45:42.0669 0x157c  bcmfn2 - ok
19:45:42.0707 0x157c  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
19:45:42.0776 0x157c  BDESVC - ok
19:45:42.0801 0x157c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:45:42.0856 0x157c  Beep - ok
19:45:42.0905 0x157c  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
19:45:42.0974 0x157c  BFE - ok
19:45:43.0023 0x157c  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
19:45:43.0077 0x157c  BITS - ok
19:45:43.0104 0x157c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
19:45:43.0142 0x157c  bowser - ok
19:45:43.0174 0x157c  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
19:45:43.0233 0x157c  BrokerInfrastructure - ok
19:45:43.0265 0x157c  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
19:45:43.0337 0x157c  Browser - ok
19:45:43.0362 0x157c  [ 0B2EE8B36081C1039EA3D20B952A8DDC, 4849F424B15CBF2342811D944A599D762D206E33D284429483D9769FD07C3BE7 ] bthav           C:\WINDOWS\system32\drivers\bthav.sys
19:45:43.0405 0x157c  bthav - ok
19:45:43.0432 0x157c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
19:45:43.0488 0x157c  BthAvrcpTg - ok
19:45:43.0516 0x157c  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
19:45:43.0575 0x157c  BthEnum - ok
19:45:43.0603 0x157c  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
19:45:43.0639 0x157c  BthHFEnum - ok
19:45:43.0659 0x157c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
19:45:43.0678 0x157c  bthhfhid - ok
19:45:43.0710 0x157c  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
19:45:43.0755 0x157c  BthHFSrv - ok
19:45:43.0780 0x157c  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
19:45:43.0839 0x157c  BTHMODEM - ok
19:45:43.0871 0x157c  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:45:43.0917 0x157c  BthPan - ok
19:45:43.0971 0x157c  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
19:45:44.0012 0x157c  BTHPORT - ok
19:45:44.0038 0x157c  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
19:45:44.0072 0x157c  bthserv - ok
19:45:44.0105 0x157c  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
19:45:44.0121 0x157c  BTHUSB - ok
19:45:44.0140 0x157c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
19:45:44.0191 0x157c  cdfs - ok
19:45:44.0207 0x157c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
19:45:44.0218 0x157c  cdrom - ok
19:45:44.0242 0x157c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
19:45:44.0278 0x157c  CertPropSvc - ok
19:45:44.0299 0x157c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
19:45:44.0309 0x157c  circlass - ok
19:45:44.0336 0x157c  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
19:45:44.0350 0x157c  CLFS - ok
19:45:44.0373 0x157c  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
19:45:44.0381 0x157c  CLVirtualDrive - ok
19:45:44.0401 0x157c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
19:45:44.0451 0x157c  CmBatt - ok
19:45:44.0504 0x157c  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
19:45:44.0535 0x157c  CNG - ok
19:45:44.0543 0x157c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
19:45:44.0559 0x157c  CompositeBus - ok
19:45:44.0561 0x157c  COMSysApp - ok
19:45:44.0574 0x157c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
19:45:44.0599 0x157c  condrv - ok
19:45:44.0617 0x157c  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
19:45:44.0689 0x157c  CryptSvc - ok
19:45:44.0747 0x157c  [ 7F5CD87CA5BDB4D83F992D8C77201483, 01818EF455833CA3396C8EA4696B8DC28E3A6A3618C081D046C8F207FACAB788 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
19:45:44.0759 0x157c  CyberLink PowerDVD 10 MS Monitor Service - ok
19:45:44.0775 0x157c  [ 9FAF58E876A3B1DB3030A0A5805F2D86, 682939B774DF6A28268897A7E113F6D2DF9AD73DBF1994F937FB48818478B7FE ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
19:45:44.0784 0x157c  CyberLink PowerDVD 10 MS Service - ok
19:45:44.0818 0x157c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
19:45:44.0828 0x157c  dam - ok
19:45:44.0880 0x157c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:45:44.0944 0x157c  DcomLaunch - ok
19:45:44.0978 0x157c  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
19:45:45.0036 0x157c  defragsvc - ok
19:45:45.0062 0x157c  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
19:45:45.0087 0x157c  DeviceAssociationService - ok
19:45:45.0115 0x157c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
19:45:45.0139 0x157c  DeviceInstall - ok
19:45:45.0162 0x157c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
19:45:45.0246 0x157c  Dfsc - ok
19:45:45.0298 0x157c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
19:45:45.0341 0x157c  dg_ssudbus - ok
19:45:45.0384 0x157c  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
19:45:45.0443 0x157c  Dhcp - ok
19:45:45.0506 0x157c  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
19:45:45.0621 0x157c  DiagTrack - ok
19:45:45.0661 0x157c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
19:45:45.0670 0x157c  disk - ok
19:45:45.0687 0x157c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
19:45:45.0755 0x157c  dmvsc - ok
19:45:45.0779 0x157c  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:45:45.0815 0x157c  Dnscache - ok
19:45:45.0840 0x157c  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:45:45.0907 0x157c  dot3svc - ok
19:45:45.0936 0x157c  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
19:45:45.0971 0x157c  DPS - ok
19:45:46.0005 0x157c  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:45:46.0015 0x157c  drmkaud - ok
19:45:46.0028 0x157c  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
19:45:46.0049 0x157c  DsmSvc - ok
19:45:46.0107 0x157c  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
19:45:46.0155 0x157c  DXGKrnl - ok
19:45:46.0181 0x157c  [ D47E023B543D9FA72EBAAD4D30E499B3, 7045060D418B1EE1499336A973C334869330843F3ADE5420D93B64A1BDAB2DA8 ] eamonm          C:\WINDOWS\system32\DRIVERS\eamonm.sys
19:45:46.0204 0x157c  eamonm - ok
19:45:46.0213 0x157c  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
19:45:46.0238 0x157c  Eaphost - ok
19:45:46.0336 0x157c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
19:45:46.0462 0x157c  ebdrv - ok
19:45:46.0496 0x157c  [ 9FB0479D9398C785C607B1196307F782, 7247E631E55D177C403E2C0009417D3FB478A33F180E7E07EE22531C13CAFC4D ] edevmon         C:\WINDOWS\system32\DRIVERS\edevmon.sys
19:45:46.0505 0x157c  edevmon - ok
19:45:46.0534 0x157c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
19:45:46.0542 0x157c  EFS - ok
19:45:46.0560 0x157c  [ EDE769200779A9746A0F1425EBEE59FE, 001DAE9569FCA7CD5A97B8F74940ADCD084DADD2F69F1002765F424B10D30B97 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:45:46.0582 0x157c  ehdrv - ok
19:45:46.0604 0x157c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
19:45:46.0612 0x157c  EhStorClass - ok
19:45:46.0625 0x157c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
19:45:46.0633 0x157c  EhStorTcgDrv - ok
19:45:46.0774 0x157c  [ 58FBDA10FC403CF9F82ABD0A68129BA3, D731021C2A94A31CD944E95628AC2DFFF0D555659BF0DF6FC57676B8B88355A4 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
19:45:46.0797 0x157c  ekrn - ok
19:45:46.0817 0x157c  [ 5FBD015FAEDAA6E3FF76F95112DD6554, 253CB6BB55820C8CD3DABB1DB68A1982C6838028A679C3507140BC8D9CB0AD73 ] epfwwfpr        C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys
19:45:46.0824 0x157c  epfwwfpr - ok
19:45:46.0833 0x157c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
19:45:46.0852 0x157c  ErrDev - ok
19:45:46.0902 0x157c  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
19:45:46.0964 0x157c  EventSystem - ok
19:45:46.0979 0x157c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
19:45:47.0025 0x157c  exfat - ok
19:45:47.0046 0x157c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
19:45:47.0057 0x157c  fastfat - ok
19:45:47.0105 0x157c  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:45:47.0153 0x157c  Fax - ok
19:45:47.0170 0x157c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
19:45:47.0192 0x157c  fdc - ok
19:45:47.0214 0x157c  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
19:45:47.0248 0x157c  fdPHost - ok
19:45:47.0278 0x157c  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
19:45:47.0303 0x157c  FDResPub - ok
19:45:47.0321 0x157c  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
19:45:47.0372 0x157c  fhsvc - ok
19:45:47.0437 0x157c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
19:45:47.0445 0x157c  FileInfo - ok
19:45:47.0468 0x157c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
19:45:47.0493 0x157c  Filetrace - ok
19:45:47.0512 0x157c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
19:45:47.0520 0x157c  flpydisk - ok
19:45:47.0541 0x157c  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:45:47.0554 0x157c  FltMgr - ok
19:45:47.0601 0x157c  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
19:45:47.0679 0x157c  FontCache - ok
19:45:47.0903 0x157c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:45:47.0951 0x157c  FontCache3.0.0.0 - ok
19:45:47.0993 0x157c  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
19:45:48.0031 0x157c  FsDepends - ok
19:45:48.0058 0x157c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:48.0071 0x157c  Fs_Rec - ok
19:45:48.0089 0x157c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
19:45:48.0109 0x157c  fvevol - ok
19:45:48.0120 0x157c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
19:45:48.0141 0x157c  FxPPM - ok
19:45:48.0156 0x157c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
19:45:48.0165 0x157c  gagp30kx - ok
19:45:48.0195 0x157c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
19:45:48.0209 0x157c  gencounter - ok
19:45:48.0228 0x157c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
19:45:48.0237 0x157c  GPIOClx0101 - ok
19:45:48.0286 0x157c  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
19:45:48.0349 0x157c  gpsvc - ok
19:45:48.0383 0x157c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:48.0388 0x157c  gupdate - ok
19:45:48.0391 0x157c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:48.0396 0x157c  gupdatem - ok
19:45:48.0421 0x157c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
19:45:48.0488 0x157c  HDAudBus - ok
19:45:48.0493 0x157c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
19:45:48.0515 0x157c  HidBatt - ok
19:45:48.0540 0x157c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
19:45:48.0564 0x157c  HidBth - ok
19:45:48.0581 0x157c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
19:45:48.0590 0x157c  hidi2c - ok
19:45:48.0614 0x157c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
19:45:48.0623 0x157c  HidIr - ok
19:45:48.0672 0x157c  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
19:45:48.0731 0x157c  hidserv - ok
19:45:48.0753 0x157c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
19:45:48.0808 0x157c  HidUsb - ok
19:45:48.0833 0x157c  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
19:45:48.0891 0x157c  hkmsvc - ok
19:45:48.0929 0x157c  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
19:45:48.0985 0x157c  HomeGroupListener - ok
19:45:49.0019 0x157c  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
19:45:49.0048 0x157c  HomeGroupProvider - ok
19:45:49.0070 0x157c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
19:45:49.0079 0x157c  HpSAMD - ok
19:45:49.0117 0x157c  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys
19:45:49.0205 0x157c  HTCAND64 - ok
19:45:49.0235 0x157c  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\WINDOWS\system32\DRIVERS\htcnprot.sys
19:45:49.0247 0x157c  htcnprot - ok
19:45:49.0302 0x157c  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
19:45:49.0326 0x157c  HTTP - ok
19:45:49.0353 0x157c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
19:45:49.0361 0x157c  hwpolicy - ok
19:45:49.0375 0x157c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
19:45:49.0388 0x157c  hyperkbd - ok
19:45:49.0399 0x157c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
19:45:49.0413 0x157c  HyperVideo - ok
19:45:49.0430 0x157c  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
19:45:49.0520 0x157c  i8042prt - ok
19:45:49.0531 0x157c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
19:45:49.0542 0x157c  iaLPSSi_GPIO - ok
19:45:49.0553 0x157c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
19:45:49.0561 0x157c  iaLPSSi_I2C - ok
19:45:49.0586 0x157c  [ 6C024B3AE192D72B216166802AF345DD, 67AEDBEF4A1C1EE1DA9B684BDEB3DB07715E12B766AA72B6684CC6C583A8DCC5 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
19:45:49.0601 0x157c  iaStorA - ok
19:45:49.0625 0x157c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
19:45:49.0642 0x157c  iaStorAV - ok
19:45:49.0682 0x157c  [ 7F7A03D03FA18A0DB2DAC37A8D620E7F, B867A6B38EB81B6FE2501441D4CB69A2488A1F13BA558AB2B728A7507AB1BAC3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:45:49.0708 0x157c  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
19:45:52.0348 0x157c  Detect skipped due to KSN trusted
19:45:52.0348 0x157c  IAStorDataMgrSvc - ok
19:45:52.0379 0x157c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
19:45:52.0400 0x157c  iaStorV - ok
19:45:52.0473 0x157c  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:45:52.0500 0x157c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:45:55.0036 0x157c  Detect skipped due to KSN trusted
19:45:55.0036 0x157c  IDriverT - ok
19:45:55.0041 0x157c  IEEtwCollectorService - ok
19:45:55.0119 0x157c  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
19:45:55.0158 0x157c  IKEEXT - ok
19:45:55.0261 0x157c  [ DC052337C24A87AA1ACC8FCE4F2D5C7F, A438A7A519E9B05DAC2AB097BFBDCD42766E9EAA66054DD6946D27802F0B150A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
19:45:55.0357 0x157c  IntcAzAudAddService - ok
19:45:55.0424 0x157c  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:45:55.0452 0x157c  Intel(R) Capability Licensing Service Interface - ok
19:45:55.0483 0x157c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
19:45:55.0489 0x157c  intelide - ok
19:45:55.0515 0x157c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
19:45:55.0522 0x157c  intelpep - ok
19:45:55.0533 0x157c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
19:45:55.0557 0x157c  intelppm - ok
19:45:55.0580 0x157c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:55.0654 0x157c  IpFilterDriver - ok
19:45:55.0712 0x157c  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
19:45:55.0755 0x157c  iphlpsvc - ok
19:45:55.0780 0x157c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
19:45:55.0861 0x157c  IPMIDRV - ok
19:45:55.0901 0x157c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
19:45:55.0973 0x157c  IPNAT - ok
19:45:55.0990 0x157c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
19:45:56.0009 0x157c  IRENUM - ok
19:45:56.0038 0x157c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
19:45:56.0046 0x157c  isapnp - ok
19:45:56.0075 0x157c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
19:45:56.0087 0x157c  iScsiPrt - ok
19:45:56.0137 0x157c  [ 5B7DE9D87B9D2713BDD6A53678DC2A49, E7A0D68FA2ED2730640F40FF59338BE173C8973BFC38286E6320CA332A39C204 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:45:56.0144 0x157c  jhi_service - ok
19:45:56.0167 0x157c  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
19:45:56.0175 0x157c  kbdclass - ok
19:45:56.0215 0x157c  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
19:45:56.0226 0x157c  kbdhid - ok
19:45:56.0270 0x157c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
19:45:56.0311 0x157c  kdnic - ok
19:45:56.0322 0x157c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
19:45:56.0329 0x157c  KeyIso - ok
19:45:56.0391 0x157c  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
19:45:56.0399 0x157c  KSecDD - ok
19:45:56.0492 0x157c  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
19:45:56.0503 0x157c  KSecPkg - ok
19:45:56.0540 0x157c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
19:45:56.0556 0x157c  ksthunk - ok
19:45:56.0579 0x157c  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
19:45:56.0592 0x157c  KtmRm - ok
19:45:56.0695 0x157c  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
19:45:56.0888 0x157c  LanmanServer - ok
19:45:56.0939 0x157c  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
19:45:56.0968 0x157c  LanmanWorkstation - ok
19:45:57.0002 0x157c  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
19:45:57.0064 0x157c  lfsvc - ok
19:45:57.0086 0x157c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
19:45:57.0114 0x157c  lltdio - ok
19:45:57.0134 0x157c  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
19:45:57.0157 0x157c  lltdsvc - ok
19:45:57.0185 0x157c  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
19:45:57.0274 0x157c  lmhosts - ok
19:45:57.0309 0x157c  [ E70FD0D2C95F559A17321D831875593D, 57839ADA7CC6606D98B43FC2F4EC6F5E9B75A2F3EC937C11322201128A161E0D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:45:57.0327 0x157c  LMS - ok
19:45:57.0372 0x157c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
19:45:57.0391 0x157c  LSI_SAS - ok
19:45:57.0412 0x157c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
19:45:57.0423 0x157c  LSI_SAS2 - ok
19:45:57.0432 0x157c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
19:45:57.0441 0x157c  LSI_SAS3 - ok
19:45:57.0454 0x157c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
19:45:57.0464 0x157c  LSI_SSS - ok
19:45:57.0495 0x157c  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
19:45:57.0543 0x157c  LSM - ok
19:45:57.0576 0x157c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
19:45:57.0622 0x157c  luafv - ok
19:45:57.0685 0x157c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:45:57.0719 0x157c  MBAMProtector - ok
19:45:57.0901 0x157c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     E:\programme\ Malwarebytes Anti-Malware \mbamservice.exe
19:45:58.0000 0x157c  MBAMService - ok
19:45:58.0023 0x157c  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
19:45:58.0030 0x157c  MBAMWebAccessControl - ok
19:45:58.0059 0x157c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
19:45:58.0067 0x157c  megasas - ok
19:45:58.0089 0x157c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
19:45:58.0106 0x157c  megasr - ok
19:45:58.0129 0x157c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
19:45:58.0136 0x157c  MEIx64 - ok
19:45:58.0158 0x157c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
19:45:58.0221 0x157c  MMCSS - ok
19:45:58.0249 0x157c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
19:45:58.0286 0x157c  Modem - ok
19:45:58.0311 0x157c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
19:45:58.0370 0x157c  monitor - ok
19:45:58.0400 0x157c  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
19:45:58.0416 0x157c  mouclass - ok
19:45:58.0448 0x157c  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
19:45:58.0494 0x157c  mouhid - ok
19:45:58.0528 0x157c  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
19:45:58.0537 0x157c  mountmgr - ok
19:45:58.0569 0x157c  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:45:58.0578 0x157c  MozillaMaintenance - ok
19:45:58.0593 0x157c  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
19:45:58.0635 0x157c  mpsdrv - ok
19:45:58.0680 0x157c  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
19:45:58.0718 0x157c  MpsSvc - ok
19:45:58.0743 0x157c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
19:45:58.0816 0x157c  MRxDAV - ok
19:45:58.0861 0x157c  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:45:58.0928 0x157c  mrxsmb - ok
19:45:58.0975 0x157c  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
19:45:59.0030 0x157c  mrxsmb10 - ok
19:45:59.0078 0x157c  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
19:45:59.0109 0x157c  mrxsmb20 - ok
19:45:59.0144 0x157c  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
19:45:59.0172 0x157c  MsBridge - ok
19:45:59.0188 0x157c  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:45:59.0201 0x157c  MSDTC - ok
19:45:59.0232 0x157c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:45:59.0281 0x157c  Msfs - ok
19:45:59.0308 0x157c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
19:45:59.0323 0x157c  msgpiowin32 - ok
19:45:59.0331 0x157c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
19:45:59.0340 0x157c  mshidkmdf - ok
19:45:59.0349 0x157c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
19:45:59.0365 0x157c  mshidumdf - ok
19:45:59.0375 0x157c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
19:45:59.0385 0x157c  msisadrv - ok
19:45:59.0400 0x157c  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
19:45:59.0424 0x157c  MSiSCSI - ok
19:45:59.0427 0x157c  msiserver - ok
19:45:59.0445 0x157c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:45:59.0470 0x157c  MSKSSRV - ok
19:45:59.0494 0x157c  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
19:45:59.0543 0x157c  MsLldp - ok
19:45:59.0557 0x157c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:45:59.0587 0x157c  MSPCLOCK - ok
19:45:59.0598 0x157c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:45:59.0625 0x157c  MSPQM - ok
19:45:59.0653 0x157c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
19:45:59.0671 0x157c  MsRPC - ok
19:45:59.0686 0x157c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
19:45:59.0694 0x157c  mssmbios - ok
19:45:59.0706 0x157c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:45:59.0722 0x157c  MSTEE - ok
19:45:59.0736 0x157c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
19:45:59.0756 0x157c  MTConfig - ok
19:45:59.0774 0x157c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
19:45:59.0782 0x157c  Mup - ok
19:45:59.0799 0x157c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
19:45:59.0807 0x157c  mvumis - ok
19:45:59.0840 0x157c  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
19:45:59.0855 0x157c  napagent - ok
19:45:59.0889 0x157c  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
19:45:59.0925 0x157c  NativeWifiP - ok
19:45:59.0946 0x157c  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
19:45:59.0974 0x157c  NcaSvc - ok
19:46:00.0011 0x157c  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
19:46:00.0071 0x157c  NcbService - ok
19:46:00.0100 0x157c  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
19:46:00.0144 0x157c  NcdAutoSetup - ok
19:46:00.0203 0x157c  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
19:46:00.0249 0x157c  NDIS - ok
19:46:00.0290 0x157c  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
19:46:00.0308 0x157c  NdisCap - ok
19:46:00.0320 0x157c  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
19:46:00.0343 0x157c  NdisImPlatform - ok
19:46:00.0354 0x157c  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:00.0385 0x157c  NdisTapi - ok
19:46:00.0407 0x157c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:00.0460 0x157c  Ndisuio - ok
19:46:00.0472 0x157c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
19:46:00.0489 0x157c  NdisVirtualBus - ok
19:46:00.0508 0x157c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:00.0529 0x157c  NdisWan - ok
19:46:00.0535 0x157c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:00.0545 0x157c  NdisWanLegacy - ok
19:46:00.0586 0x157c  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:00.0613 0x157c  NDProxy - ok
19:46:00.0627 0x157c  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
19:46:00.0662 0x157c  Ndu - ok
19:46:00.0874 0x157c  [ 6D4028D458EAAA1782099750790DC8C9, 0D863A61D049235D5BBEC998185814B798674AD861DEBF0C903D28E310CE2768 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
19:46:01.0010 0x157c  Nero BackItUp Scheduler 3 - ok
19:46:01.0029 0x157c  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:01.0048 0x157c  NetBIOS - ok
19:46:01.0076 0x157c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:01.0118 0x157c  NetBT - ok
19:46:01.0139 0x157c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:46:01.0148 0x157c  Netlogon - ok
19:46:01.0177 0x157c  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
19:46:01.0192 0x157c  Netman - ok
19:46:01.0222 0x157c  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
19:46:01.0242 0x157c  netprofm - ok
19:46:01.0312 0x157c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:01.0357 0x157c  NetTcpPortSharing - ok
19:46:01.0386 0x157c  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
19:46:01.0468 0x157c  netvsc - ok
19:46:01.0507 0x157c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
19:46:01.0544 0x157c  NlaSvc - ok
19:46:01.0617 0x157c  [ 1BEF5464C06F4AF0C704378824C52ADB, D41526D315807AE6E117273C79E0818F85FB2175D5693BF3AC095D6DADA08F87 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
19:46:01.0651 0x157c  NMIndexingService - ok
19:46:01.0674 0x157c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:46:01.0694 0x157c  Npfs - ok
19:46:01.0718 0x157c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
19:46:01.0751 0x157c  npsvctrig - ok
19:46:01.0776 0x157c  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
19:46:01.0800 0x157c  nsi - ok
19:46:01.0809 0x157c  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
19:46:01.0831 0x157c  nsiproxy - ok
19:46:01.0910 0x157c  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:01.0964 0x157c  Ntfs - ok
19:46:01.0996 0x157c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:46:02.0018 0x157c  Null - ok
19:46:02.0039 0x157c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
19:46:02.0049 0x157c  nvraid - ok
19:46:02.0067 0x157c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
19:46:02.0077 0x157c  nvstor - ok
19:46:02.0085 0x157c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
19:46:02.0094 0x157c  nv_agp - ok
19:46:02.0129 0x157c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:02.0138 0x157c  ose - ok
19:46:02.0180 0x157c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
19:46:02.0244 0x157c  p2pimsvc - ok
19:46:02.0280 0x157c  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
19:46:02.0311 0x157c  p2psvc - ok
19:46:02.0330 0x157c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
19:46:02.0341 0x157c  Parport - ok
19:46:02.0366 0x157c  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
19:46:02.0377 0x157c  partmgr - ok
19:46:02.0405 0x157c  [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
19:46:02.0420 0x157c  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
19:46:05.0082 0x157c  Detect skipped due to KSN trusted
19:46:05.0082 0x157c  PassThru Service - ok
19:46:05.0128 0x157c  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
19:46:05.0145 0x157c  PcaSvc - ok
19:46:05.0171 0x157c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
19:46:05.0186 0x157c  pci - ok
19:46:05.0204 0x157c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
19:46:05.0211 0x157c  pciide - ok
19:46:05.0216 0x157c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
19:46:05.0226 0x157c  pcmcia - ok
19:46:05.0241 0x157c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
19:46:05.0250 0x157c  pcw - ok
19:46:05.0273 0x157c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
19:46:05.0282 0x157c  pdc - ok
19:46:05.0318 0x157c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
19:46:05.0375 0x157c  PEAUTH - ok
19:46:05.0457 0x157c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
19:46:05.0497 0x157c  PerfHost - ok
19:46:05.0549 0x157c  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
19:46:05.0602 0x157c  pla - ok
19:46:05.0629 0x157c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
19:46:05.0637 0x157c  PlugPlay - ok
19:46:05.0667 0x157c  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
19:46:05.0687 0x157c  PNRPAutoReg - ok
19:46:05.0710 0x157c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
19:46:05.0722 0x157c  PNRPsvc - ok
19:46:05.0739 0x157c  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
19:46:05.0766 0x157c  PolicyAgent - ok
19:46:05.0786 0x157c  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
19:46:05.0836 0x157c  Power - ok
19:46:05.0958 0x157c  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:46:06.0150 0x157c  PrintNotify - ok
19:46:06.0184 0x157c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
19:46:06.0207 0x157c  Processor - ok
19:46:06.0228 0x157c  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
19:46:06.0296 0x157c  ProfSvc - ok
19:46:06.0328 0x157c  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
19:46:06.0353 0x157c  Psched - ok
19:46:06.0400 0x157c  [ 6DAD398D60B9F6BAF0D3C53184C3CA4D, A63819B9CB38BD9E6DC4DADDBAB38CA8A3CEA1D8DB33AF4057A2135C160B40EC ] pwdrvio         C:\Windows\system32\pwdrvio.sys
19:46:06.0443 0x157c  pwdrvio - ok
19:46:06.0479 0x157c  [ FE194DD23B549C1C397EB1102EC84EDC, E1C9355A647584A8527B9BBBD3450E814FF0876C7C79496E8C718D9D5177591B ] pwdspio         C:\Windows\system32\pwdspio.sys
19:46:06.0514 0x157c  pwdspio - ok
19:46:06.0558 0x157c  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
19:46:06.0590 0x157c  QWAVE - ok
19:46:06.0623 0x157c  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
19:46:06.0643 0x157c  QWAVEdrv - ok
19:46:06.0694 0x157c  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\WINDOWS\WindowsMobile\rapimgr.dll
19:46:06.0704 0x157c  RapiMgr - ok
19:46:06.0735 0x157c  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:06.0749 0x157c  RasAcd - ok
19:46:06.0782 0x157c  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:46:06.0805 0x157c  RasAuto - ok
19:46:06.0840 0x157c  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:46:06.0858 0x157c  RasMan - ok
19:46:06.0882 0x157c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:06.0892 0x157c  RasPppoe - ok
19:46:06.0923 0x157c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:07.0027 0x157c  rdbss - ok
19:46:07.0048 0x157c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
19:46:07.0096 0x157c  rdpbus - ok
19:46:07.0114 0x157c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
19:46:07.0176 0x157c  RDPDR - ok
19:46:07.0206 0x157c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
19:46:07.0251 0x157c  RdpVideoMiniport - ok
19:46:07.0278 0x157c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
19:46:07.0304 0x157c  rdyboost - ok
19:46:07.0359 0x157c  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
19:46:07.0385 0x157c  ReFS - ok
19:46:07.0418 0x157c  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:46:07.0450 0x157c  RemoteAccess - ok
19:46:07.0478 0x157c  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:46:07.0516 0x157c  RemoteRegistry - ok
19:46:07.0539 0x157c  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:46:07.0549 0x157c  Revoflt - ok
19:46:07.0582 0x157c  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
19:46:07.0600 0x157c  RFCOMM - ok
19:46:07.0612 0x157c  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
19:46:07.0623 0x157c  RpcEptMapper - ok
19:46:07.0640 0x157c  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:46:07.0677 0x157c  RpcLocator - ok
19:46:07.0727 0x157c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:46:07.0759 0x157c  RpcSs - ok
19:46:07.0787 0x157c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:46:07.0808 0x157c  rspndr - ok
19:46:07.0850 0x157c  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
19:46:07.0889 0x157c  RTL8168 - ok
19:46:07.0905 0x157c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
19:46:07.0912 0x157c  s3cap - ok
19:46:07.0936 0x157c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
19:46:07.0944 0x157c  SamSs - ok
19:46:07.0973 0x157c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
19:46:07.0981 0x157c  sbp2port - ok
19:46:08.0003 0x157c  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
19:46:08.0027 0x157c  SCardSvr - ok
19:46:08.0041 0x157c  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
19:46:08.0066 0x157c  ScDeviceEnum - ok
19:46:08.0083 0x157c  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
19:46:08.0100 0x157c  scfilter - ok
19:46:08.0144 0x157c  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:46:08.0186 0x157c  Schedule - ok
19:46:08.0210 0x157c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
19:46:08.0219 0x157c  SCPolicySvc - ok
19:46:08.0241 0x157c  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
19:46:08.0253 0x157c  sdbus - ok
19:46:08.0284 0x157c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
19:46:08.0293 0x157c  sdstor - ok
19:46:08.0304 0x157c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
19:46:08.0312 0x157c  secdrv - ok
19:46:08.0332 0x157c  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
19:46:08.0350 0x157c  seclogon - ok
19:46:08.0369 0x157c  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
19:46:08.0379 0x157c  SENS - ok
19:46:08.0414 0x157c  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
19:46:08.0490 0x157c  SensrSvc - ok
19:46:08.0523 0x157c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
19:46:08.0541 0x157c  SerCx - ok
19:46:08.0573 0x157c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
19:46:08.0592 0x157c  SerCx2 - ok
19:46:08.0602 0x157c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
19:46:08.0610 0x157c  Serenum - ok
19:46:08.0628 0x157c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
19:46:08.0651 0x157c  Serial - ok
19:46:08.0672 0x157c  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
19:46:08.0679 0x157c  sermouse - ok
19:46:08.0697 0x157c  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
19:46:08.0772 0x157c  SessionEnv - ok
19:46:08.0784 0x157c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
19:46:08.0815 0x157c  sfloppy - ok
19:46:08.0847 0x157c  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:46:08.0869 0x157c  SharedAccess - ok
19:46:08.0893 0x157c  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:46:08.0936 0x157c  ShellHWDetection - ok
19:46:08.0944 0x157c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
19:46:08.0951 0x157c  SiSRaid2 - ok
19:46:08.0960 0x157c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
19:46:08.0968 0x157c  SiSRaid4 - ok
19:46:09.0019 0x157c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     E:\programme\skype\Updater\Updater.exe
19:46:09.0064 0x157c  SkypeUpdate - ok
19:46:09.0110 0x157c  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
19:46:09.0141 0x157c  smphost - ok
19:46:09.0172 0x157c  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
19:46:09.0197 0x157c  SNMPTRAP - ok
19:46:09.0222 0x157c  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
19:46:09.0240 0x157c  spaceport - ok
19:46:09.0253 0x157c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
19:46:09.0262 0x157c  SpbCx - ok
19:46:09.0296 0x157c  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
19:46:09.0379 0x157c  Spooler - ok
19:46:09.0539 0x157c  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
19:46:09.0719 0x157c  sppsvc - ok
19:46:09.0825 0x157c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:09.0997 0x157c  srv - ok
19:46:10.0028 0x157c  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
19:46:10.0051 0x157c  srv2 - ok
19:46:10.0085 0x157c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
19:46:10.0135 0x157c  srvnet - ok
19:46:10.0168 0x157c  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:46:10.0196 0x157c  SSDPSRV - ok
19:46:10.0224 0x157c  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
19:46:10.0245 0x157c  SstpSvc - ok
19:46:10.0285 0x157c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
19:46:10.0294 0x157c  ssudmdm - ok
19:46:10.0316 0x157c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
19:46:10.0324 0x157c  stexstor - ok
19:46:10.0358 0x157c  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
19:46:10.0434 0x157c  stisvc - ok
19:46:10.0451 0x157c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
19:46:10.0470 0x157c  storahci - ok
19:46:10.0494 0x157c  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
19:46:10.0505 0x157c  storflt - ok
19:46:10.0526 0x157c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
19:46:10.0538 0x157c  stornvme - ok
19:46:10.0565 0x157c  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
19:46:10.0675 0x157c  StorSvc - ok
19:46:10.0688 0x157c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
19:46:10.0704 0x157c  storvsc - ok
19:46:10.0729 0x157c  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
19:46:10.0757 0x157c  svsvc - ok
19:46:10.0783 0x157c  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
19:46:10.0798 0x157c  swenum - ok
19:46:10.0888 0x157c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:46:10.0937 0x157c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
19:46:13.0474 0x157c  Detect skipped due to KSN trusted
19:46:13.0474 0x157c  SwitchBoard - ok
19:46:13.0527 0x157c  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
19:46:13.0567 0x157c  swprv - ok
19:46:13.0654 0x157c  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
19:46:13.0711 0x157c  SysMain - ok
19:46:13.0751 0x157c  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
19:46:13.0805 0x157c  SystemEventsBroker - ok
19:46:13.0829 0x157c  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
19:46:13.0901 0x157c  TabletInputService - ok
19:46:13.0932 0x157c  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:46:13.0989 0x157c  TapiSrv - ok
19:46:14.0182 0x157c  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
19:46:14.0241 0x157c  Tcpip - ok
19:46:14.0353 0x157c  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:14.0398 0x157c  TCPIP6 - ok
19:46:14.0419 0x157c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
19:46:14.0484 0x157c  tcpipreg - ok
19:46:14.0516 0x157c  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
19:46:14.0551 0x157c  tdx - ok
19:46:14.0576 0x157c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
19:46:14.0592 0x157c  terminpt - ok
19:46:14.0645 0x157c  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:46:14.0685 0x157c  TermService - ok
19:46:14.0711 0x157c  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
19:46:14.0720 0x157c  Themes - ok
19:46:14.0742 0x157c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
19:46:14.0751 0x157c  THREADORDER - ok
19:46:14.0779 0x157c  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
19:46:14.0829 0x157c  TimeBroker - ok
19:46:14.0841 0x157c  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
19:46:14.0852 0x157c  TPM - ok
19:46:14.0879 0x157c  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
19:46:14.0889 0x157c  TrkWks - ok
19:46:14.0922 0x157c  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
19:46:14.0958 0x157c  TrustedInstaller - ok
19:46:14.0973 0x157c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
19:46:15.0019 0x157c  TsUsbFlt - ok
19:46:15.0048 0x157c  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
19:46:15.0105 0x157c  TsUsbGD - ok
19:46:15.0115 0x157c  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
19:46:15.0126 0x157c  tunnel - ok
19:46:15.0143 0x157c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
19:46:15.0151 0x157c  uagp35 - ok
19:46:15.0158 0x157c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
19:46:15.0166 0x157c  UASPStor - ok
19:46:15.0200 0x157c  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
19:46:15.0211 0x157c  UCX01000 - ok
19:46:15.0245 0x157c  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
19:46:15.0295 0x157c  udfs - ok
19:46:15.0343 0x157c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
19:46:15.0351 0x157c  UEFI - ok
19:46:15.0376 0x157c  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
19:46:15.0385 0x157c  UI0Detect - ok
19:46:15.0399 0x157c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
19:46:15.0407 0x157c  uliagpkx - ok
19:46:15.0417 0x157c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
19:46:15.0439 0x157c  umbus - ok
19:46:15.0448 0x157c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
19:46:15.0467 0x157c  UmPass - ok
19:46:15.0496 0x157c  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
19:46:15.0537 0x157c  UmRdpService - ok
19:46:15.0662 0x157c  [ C485FB802F6C4A306B8F89BA087E5CA2, DE2E0F4A22D63EC54E23491962282ED3B01C7EB9941774A0C5633A776EAD499A ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:46:15.0671 0x157c  UNS - ok
19:46:15.0798 0x157c  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:46:15.0831 0x157c  upnphost - ok
19:46:15.0871 0x157c  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:46:15.0936 0x157c  usbaudio - ok
19:46:15.0975 0x157c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
19:46:15.0996 0x157c  usbccgp - ok
19:46:16.0031 0x157c  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
19:46:16.0059 0x157c  usbcir - ok
19:46:16.0088 0x157c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
19:46:16.0098 0x157c  usbehci - ok
19:46:16.0116 0x157c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
19:46:16.0132 0x157c  usbhub - ok
19:46:16.0164 0x157c  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
19:46:16.0182 0x157c  USBHUB3 - ok
19:46:16.0233 0x157c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
19:46:16.0294 0x157c  usbohci - ok
19:46:16.0321 0x157c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
19:46:16.0381 0x157c  usbprint - ok
19:46:16.0399 0x157c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
19:46:16.0410 0x157c  USBSTOR - ok
19:46:16.0426 0x157c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
19:46:16.0467 0x157c  usbuhci - ok
19:46:16.0501 0x157c  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
19:46:16.0521 0x157c  USBXHCI - ok
19:46:16.0532 0x157c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
19:46:16.0541 0x157c  VaultSvc - ok
19:46:16.0548 0x157c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
19:46:16.0557 0x157c  vdrvroot - ok
19:46:16.0651 0x157c  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
19:46:16.0713 0x157c  vds - ok
19:46:16.0734 0x157c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
19:46:16.0744 0x157c  VerifierExt - ok
19:46:16.0770 0x157c  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
19:46:16.0790 0x157c  vhdmp - ok
19:46:16.0805 0x157c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
19:46:16.0812 0x157c  viaide - ok
19:46:16.0835 0x157c  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
19:46:16.0843 0x157c  vmbus - ok
19:46:16.0854 0x157c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
19:46:16.0862 0x157c  VMBusHID - ok
19:46:16.0899 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
19:46:16.0931 0x157c  vmicguestinterface - ok
19:46:16.0939 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
19:46:16.0953 0x157c  vmicheartbeat - ok
19:46:16.0963 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
19:46:16.0977 0x157c  vmickvpexchange - ok
19:46:16.0986 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
19:46:16.0999 0x157c  vmicrdv - ok
19:46:17.0009 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
19:46:17.0022 0x157c  vmicshutdown - ok
19:46:17.0061 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
19:46:17.0074 0x157c  vmictimesync - ok
19:46:17.0083 0x157c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
19:46:17.0097 0x157c  vmicvss - ok
19:46:17.0101 0x157c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
19:46:17.0109 0x157c  volmgr - ok
19:46:17.0123 0x157c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
19:46:17.0137 0x157c  volmgrx - ok
19:46:17.0166 0x157c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
19:46:17.0178 0x157c  volsnap - ok
19:46:17.0193 0x157c  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
19:46:17.0202 0x157c  vpci - ok
19:46:17.0217 0x157c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
19:46:17.0227 0x157c  vsmraid - ok
19:46:17.0296 0x157c  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
19:46:17.0347 0x157c  VSS - ok
19:46:17.0367 0x157c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
19:46:17.0379 0x157c  VSTXRAID - ok
19:46:17.0406 0x157c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
19:46:17.0488 0x157c  vwifibus - ok
19:46:17.0537 0x157c  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:46:17.0607 0x157c  W32Time - ok
19:46:17.0618 0x157c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
19:46:17.0645 0x157c  WacomPen - ok
19:46:17.0708 0x157c  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
19:46:17.0801 0x157c  wbengine - ok
19:46:17.0828 0x157c  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
19:46:17.0872 0x157c  WbioSrvc - ok
19:46:17.0903 0x157c  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\WINDOWS\WindowsMobile\wcescomm.dll
19:46:17.0919 0x157c  WcesComm - ok
19:46:17.0942 0x157c  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
19:46:17.0956 0x157c  Wcmsvc - ok
19:46:17.0975 0x157c  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
19:46:17.0991 0x157c  wcncsvc - ok
19:46:18.0022 0x157c  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
19:46:18.0073 0x157c  WcsPlugInService - ok
19:46:18.0097 0x157c  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
19:46:18.0105 0x157c  WdBoot - ok
19:46:18.0139 0x157c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
19:46:18.0159 0x157c  Wdf01000 - ok
19:46:18.0181 0x157c  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
19:46:18.0192 0x157c  WdFilter - ok
19:46:18.0221 0x157c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
19:46:18.0242 0x157c  WdiServiceHost - ok
19:46:18.0245 0x157c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
19:46:18.0254 0x157c  WdiSystemHost - ok
19:46:18.0284 0x157c  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
19:46:18.0293 0x157c  WdNisDrv - ok
19:46:18.0318 0x157c  WdNisSvc - ok
19:46:18.0349 0x157c  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:46:18.0396 0x157c  WebClient - ok
19:46:18.0406 0x157c  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
19:46:18.0424 0x157c  Wecsvc - ok
19:46:18.0449 0x157c  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
19:46:18.0468 0x157c  WEPHOSTSVC - ok
19:46:18.0494 0x157c  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
19:46:18.0557 0x157c  wercplsupport - ok
19:46:18.0589 0x157c  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
19:46:18.0619 0x157c  WerSvc - ok
19:46:18.0638 0x157c  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
19:46:18.0656 0x157c  WFPLWFS - ok
19:46:18.0671 0x157c  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
19:46:18.0698 0x157c  WiaRpc - ok
19:46:18.0711 0x157c  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
19:46:18.0718 0x157c  WIMMount - ok
19:46:18.0720 0x157c  WinDefend - ok
19:46:18.0767 0x157c  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
19:46:18.0788 0x157c  WinHttpAutoProxySvc - ok
19:46:18.0839 0x157c  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:18.0893 0x157c  Winmgmt - ok
19:46:18.0982 0x157c  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:46:19.0052 0x157c  WinRM - ok
19:46:19.0098 0x157c  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
19:46:19.0123 0x157c  WinUsb - ok
19:46:19.0182 0x157c  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
19:46:19.0229 0x157c  WlanSvc - ok
19:46:19.0305 0x157c  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
19:46:19.0350 0x157c  wlidsvc - ok
19:46:19.0386 0x157c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
19:46:19.0394 0x157c  WmiAcpi - ok
19:46:19.0422 0x157c  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
19:46:19.0443 0x157c  wmiApSrv - ok
19:46:19.0469 0x157c  WMPNetworkSvc - ok
19:46:19.0491 0x157c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
19:46:19.0510 0x157c  Wof - ok
19:46:19.0563 0x157c  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
19:46:19.0654 0x157c  workfolderssvc - ok
19:46:19.0690 0x157c  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
19:46:19.0707 0x157c  wpcfltr - ok
19:46:19.0735 0x157c  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
19:46:19.0805 0x157c  WPCSvc - ok
19:46:19.0831 0x157c  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
19:46:19.0892 0x157c  WPDBusEnum - ok
19:46:19.0932 0x157c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
19:46:19.0939 0x157c  WpdUpFltr - ok
19:46:19.0966 0x157c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:46:20.0005 0x157c  ws2ifsl - ok
19:46:20.0032 0x157c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudioDevice_383 C:\WINDOWS\system32\drivers\VirtualAudio.sys
19:46:20.0039 0x157c  WsAudioDevice_383 - ok
19:46:20.0060 0x157c  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
19:46:20.0119 0x157c  wscsvc - ok
19:46:20.0128 0x157c  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
19:46:20.0149 0x157c  WSDPrintDevice - ok
19:46:20.0173 0x157c  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
19:46:20.0222 0x157c  WSDScan - ok
19:46:20.0227 0x157c  WSearch - ok
19:46:20.0343 0x157c  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
19:46:20.0459 0x157c  WSService - ok
19:46:20.0580 0x157c  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
19:46:20.0697 0x157c  wuauserv - ok
19:46:20.0714 0x157c  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
19:46:20.0749 0x157c  WudfPf - ok
19:46:20.0781 0x157c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
19:46:20.0802 0x157c  WUDFRd - ok
19:46:20.0821 0x157c  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
19:46:20.0839 0x157c  wudfsvc - ok
19:46:20.0845 0x157c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
19:46:20.0854 0x157c  WUDFWpdFs - ok
19:46:20.0858 0x157c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
19:46:20.0867 0x157c  WUDFWpdMtp - ok
19:46:20.0903 0x157c  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
19:46:20.0932 0x157c  WwanSvc - ok
19:46:20.0936 0x157c  ================ Scan global ===============================
19:46:20.0999 0x157c  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
19:46:21.0014 0x157c  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
19:46:21.0059 0x157c  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
19:46:21.0101 0x157c  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
19:46:21.0114 0x157c  [ Global ] - ok
19:46:21.0115 0x157c  ================ Scan MBR ==================================
19:46:21.0123 0x157c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:46:21.0262 0x157c  \Device\Harddisk0\DR0 - ok
19:46:21.0262 0x157c  ================ Scan VBR ==================================
19:46:21.0291 0x157c  [ 8AEF43323E130EB12A90C5329D7A7FF8 ] \Device\Harddisk0\DR0\Partition1
19:46:21.0347 0x157c  \Device\Harddisk0\DR0\Partition1 - ok
19:46:21.0375 0x157c  [ 8580E62D0D0E71D54528AE8547231A19 ] \Device\Harddisk0\DR0\Partition2
19:46:21.0413 0x157c  \Device\Harddisk0\DR0\Partition2 - ok
19:46:21.0431 0x157c  [ 81E9CC1122DFDE3E3150DED48534D251 ] \Device\Harddisk0\DR0\Partition3
19:46:21.0433 0x157c  \Device\Harddisk0\DR0\Partition3 - ok
19:46:21.0439 0x157c  [ CC86BC8DCB9F4B6B7736774A70B6AE30 ] \Device\Harddisk0\DR0\Partition4
19:46:21.0471 0x157c  \Device\Harddisk0\DR0\Partition4 - ok
19:46:21.0490 0x157c  [ 4F2D61F43D49D06716F6E67B83963E0A ] \Device\Harddisk0\DR0\Partition5
19:46:21.0535 0x157c  \Device\Harddisk0\DR0\Partition5 - ok
19:46:21.0548 0x157c  [ F957338EEC3207A41ABF49E09D5081A9 ] \Device\Harddisk0\DR0\Partition6
19:46:21.0595 0x157c  \Device\Harddisk0\DR0\Partition6 - ok
19:46:21.0608 0x157c  [ 00AFFB8E9941BE6C6B93519BBFE449D6 ] \Device\Harddisk0\DR0\Partition7
19:46:21.0667 0x157c  \Device\Harddisk0\DR0\Partition7 - ok
19:46:21.0688 0x157c  [ EFCD5315227CA094321767F955DD7FB6 ] \Device\Harddisk0\DR0\Partition8
19:46:21.0704 0x157c  \Device\Harddisk0\DR0\Partition8 - ok
19:46:21.0705 0x157c  ================ Scan generic autorun ======================
19:46:22.0060 0x157c  [ F61140A7D41E2B3CB73D28A2F6ABC405, E2C242507C41398781A9C39B47F2104F9BC928E60950291759987BB4EE05AEBF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:46:22.0366 0x157c  RTHDVCPL - ok
19:46:22.0463 0x157c  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:46:22.0487 0x157c  AdobeAAMUpdater-1.0 - ok
19:46:22.0526 0x157c  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\WINDOWS\WindowsMobile\wmdc.exe
19:46:22.0543 0x157c  Windows Mobile Device Center - ok
19:46:22.0765 0x157c  [ C019E2FEB48A2B618E03A9FCD879B72A, 585B8072337C9E11BE1854E2A062E59CDCEC1406292987E6FDCA752F1848FD4E ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
19:46:22.0903 0x157c  egui - ok
19:46:22.0946 0x157c  [ D1931AB351D1F3935BDE2BEFD427F925, 680F9597B313EEDB5524975348BBB5F5F3114FE23D5FC2061CD3C00E5F6ED034 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
19:46:22.0961 0x157c  IAStorIcon - ok
19:46:23.0034 0x157c  [ 081E2D5A7875895A4A857B3DA8335695, 48D7968F2B6397B4090C4D6DCB3288041A92BF8207CD4AE807E66BCFC7DC7466 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:46:23.0057 0x157c  StartCCC - ok
19:46:23.0103 0x157c  [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
19:46:23.0116 0x157c  avgnt - ok
19:46:23.0203 0x157c  [ E1636F57581CAB5D995FD54D2991EF57, BB6B3D005054D386D596A4BA4D9D2F1284D7C845C1CD5EE63775B4569559E0EB ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
19:46:23.0271 0x157c  AdobeCS5.5ServiceManager - ok
19:46:23.0313 0x157c  [ 7D58C9BDF9C0A3955BDCDE7387AD12AC, 89A6C99CF8B0DB1C6455E4C5610ED78F4C095BCA39DFA8E9496C44CBD8C3E1B1 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
19:46:23.0328 0x157c  ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
19:46:25.0842 0x157c  Detect skipped due to KSN trusted
19:46:25.0842 0x157c  ISUSScheduler - ok
19:46:25.0864 0x157c  [ 1C46FC1AB600766B8554580204806E84, 015A5ABFBED6D2A6C22B30805B5529AC5F33E0542D8C97AFD3350214778B8333 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
19:46:25.0883 0x157c  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
19:46:28.0526 0x157c  Detect skipped due to KSN trusted
19:46:28.0526 0x157c  ISUSPM Startup - ok
19:46:28.0611 0x157c  [ 923FE895B22B22A9CA03C72F3D15CE20, 98B7F5B40C557775CD645CA69B788FE4A3DEAE25CDB6E5DD4FB94DB1BDC10969 ] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
19:46:28.0631 0x157c  firefox - ok
19:46:28.0678 0x157c  [ 82496FC05D85C9C3B9ABBC66B3A97F11, 288E491F4DE42305AC860771EFE14A3590B0A3F141D7A73138AD04B1DB23CA3E ] E:\programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
19:46:28.0687 0x157c  outlook - ok
19:46:28.0968 0x157c  [ EA53CD2D30A4030982D37CD1F46244FC, 0056CC4936DE355F3000269E3CD932F44DD2A25D2661E04F68E28A54DEEF6B69 ] E:\programme\MyPhoneExplorer\MyPhoneExplorer.exe
19:46:29.0161 0x157c  MyPhoneExplorer - ok
19:46:29.0164 0x157c  Waiting for KSN requests completion. In queue: 3
19:46:30.0165 0x157c  Waiting for KSN requests completion. In queue: 3
19:46:31.0165 0x157c  Waiting for KSN requests completion. In queue: 3
19:46:32.0311 0x157c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
19:46:32.0333 0x157c  AV detected via SS2: ESET NOD32 Antivirus 8.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 8.0.304.0 ), 0x41000 ( enabled : updated )
19:46:32.0362 0x157c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
19:46:32.0423 0x157c  Win FW state via NFP2: enabled
19:46:34.0849 0x157c  ============================================================
19:46:34.0849 0x157c  Scan finished
19:46:34.0849 0x157c  ============================================================
19:46:34.0859 0x08a4  Detected object count: 0
19:46:34.0859 0x08a4  Actual detected object count: 0
19:46:46.0425 0x0d84  Deinitialize success

wuerde mich ja gern darueber freuen, aber die mucke laeuft immer noch. ;-((
ich denke die haengt im firefox irgendwo!??

schrauber · 25.06.2015, 18:52

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

littleredcar · 26.06.2015, 09:48

hi, danke!

hier die mbam.txt (KEINE funde!):

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.06.2015
Suchlauf-Zeit: 10:27:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.26.02
Rootkit Datenbank: v2015.06.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: LITTLEREDCAR

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387516
Verstrichene Zeit: 16 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

hier die ADWEARCLEANER.txt (KEINE funde!):

Code:

ATTFilter

# AdwCleaner v4.207 - Bericht erstellt 26/06/2015 um 10:50:32
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : LITTLEREDCAR - LITTLEREDCAR
# Gestarted von : C:\Users\LITTLEREDCAR\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v43.0.2357.130


-\\ Opera v30.0.1835.88


*************************

AdwCleaner[R0].txt - [2319 Bytes] - [23/06/2015 17:18:45]
AdwCleaner[R1].txt - [2378 Bytes] - [23/06/2015 17:24:13]
AdwCleaner[R2].txt - [1027 Bytes] - [26/06/2015 10:49:32]
AdwCleaner[S0].txt - [2285 Bytes] - [23/06/2015 17:25:09]
AdwCleaner[S1].txt - [949 Bytes] - [26/06/2015 10:50:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1007  Bytes] ##########

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.5 (06.26.2015:1)
OS: Windows 8.1 x64
Ran by LITTLEREDCAR on 26.06.2015 at 10:56:56,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox




~~~ Chrome


[C:\Users\LITTLEREDCAR\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\LITTLEREDCAR\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\LITTLEREDCAR\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\LITTLEREDCAR\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2015 at 10:58:59,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hier die frische FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by LITTLEREDCAR (administrator) on LITTLEREDCAR on 26-06-2015 11:00:37
Running from C:\Users\LITTLEREDCAR\Desktop
Loaded Profiles: LITTLEREDCAR (Available Profiles: LITTLEREDCAR)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => E:\programme\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944 2015-06-02] (Mozilla Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [outlook] => E:\programme\Microsoft Office\OFFICE11\OUTLOOK.EXE [196440 2010-06-23] (Microsoft Corporation)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\Run: [MyPhoneExplorer] => E:\programme\MyPhoneExplorer\MyPhoneExplorer.exe [5442456 2014-08-24] (F.J. Wechselberger)
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {1dbdf4b7-9aeb-11e4-80bb-d43d7e2ed550} - "H:\LG_PC_Programs.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {29cf759a-0c41-11e3-be91-d43d7e2ed550} - "K:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\MountPoints2: {381ccb1c-87e6-11e3-bf3d-d43d7e2ed550} - "I:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-17] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default
FF Homepage: hxxp://www.hitclick.de/startseite/ma004rtin.php
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-10-18] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> E:\programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4126030575-41912768-2344454900-1001: @citrixonline.com/appdetectorplugin -> C:\Users\LITTLEREDCAR\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF SearchPlugin: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\searchplugins\englische-ergebnisse.xml [2013-12-23]
FF SearchPlugin: C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\searchplugins\lastminute.xml [2013-12-23]
FF Extension: Xmarks - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\foxmarks@kei.com [2015-05-29]
FF Extension: FireShot - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-08]
FF Extension: Html Validator - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2015-05-29]
FF Extension: ColorZilla - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-05-29]
FF Extension: Snip-Me - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\addon@snip-me.de.xpi [2013-08-26]
FF Extension: Distill Web Monitor (formerly AlertBox) - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\alertbox@ajitk.com.xpi [2015-05-05]
FF Extension: Image Map Editor - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\an@hjb-seite.de.xpi [2013-12-19]
FF Extension: Firebug - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\firebug@software.joehewitt.com.xpi [2013-08-26]
FF Extension: SpellcheckEverything - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\SpellcheckEverything@example.com.xpi [2015-03-05]
FF Extension: TinEye Reverse Image Search - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\tineye@ideeinc.com.xpi [2014-04-23]
FF Extension: Qipu Cashbackmelder open beta - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\toolbar@qipu.de.xpi [2013-08-26]
FF Extension: YSlow - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\yslow@yahoo-inc.com.xpi [2013-09-09]
FF Extension: Firesizer - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2014-11-25]
FF Extension: Speed Dial - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-08-26]
FF Extension: Google Reverse Image Search - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2014-04-23]
FF Extension: Tab Mix Plus - C:\Users\LITTLEREDCAR\AppData\Roaming\Mozilla\Firefox\Profiles\uu27wb5g.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-07-01]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR Profile: C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]
CHR Extension: (Google Drive) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (Palettab) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidckpnndigbjhmojikkhmejkfkpgoih [2014-10-17]
CHR Extension: (YouTube) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Google Search) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\LITTLEREDCAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMService; E:\programme\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 SkypeUpdate; E:\programme\skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 11:00 - 2015-06-26 11:01 - 00020641 _____ C:\Users\LITTLEREDCAR\Desktop\FRST.txt
2015-06-26 11:00 - 2015-06-26 11:00 - 00000000 ____D C:\Users\LITTLEREDCAR\Desktop\FRST-OlderVersion
2015-06-26 10:58 - 2015-06-26 10:59 - 00001108 _____ C:\Users\LITTLEREDCAR\Desktop\JRT.txt
2015-06-26 10:52 - 2015-06-26 11:00 - 02112512 _____ (Farbar) C:\Users\LITTLEREDCAR\Desktop\FRST64.exe
2015-06-26 10:21 - 2015-06-26 10:21 - 02952250 _____ (Malwarebytes Corporation) C:\Users\LITTLEREDCAR\Desktop\JRT.exe
2015-06-26 10:12 - 2015-06-26 10:12 - 00018176 _____ C:\Users\LITTLEREDCAR\Desktop\ArtMag Einleger, ab 24.03 für Martin, Mickler (Postversendung).xlsx
2015-06-24 19:20 - 2015-06-24 19:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-24 16:06 - 2015-06-24 16:07 - 02244096 _____ C:\Users\LITTLEREDCAR\Desktop\AdwCleaner_4.207.exe
2015-06-23 17:41 - 2015-06-23 17:41 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2015-06-23 17:41 - 2015-06-23 17:41 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\BalsamiqMockups3
2015-06-23 17:40 - 2015-06-23 17:40 - 00000695 _____ C:\Users\Public\Desktop\Balsamiq Mockups 3.lnk
2015-06-23 17:40 - 2015-06-23 17:40 - 00000695 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2015-06-23 17:32 - 2015-06-23 17:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-LITTLEREDCAR-Windows-8.1-(64-bit).dat
2015-06-23 17:32 - 2015-06-23 17:32 - 00000000 ____D C:\RegBackup
2015-06-23 17:23 - 2015-06-25 11:36 - 00000000 ____D C:\Users\LITTLEREDCAR\Desktop\simpleCE-Package
2015-06-23 17:18 - 2015-06-26 10:50 - 00000000 ____D C:\AdwCleaner
2015-06-23 17:10 - 2015-06-26 11:00 - 00000000 ____D C:\FRST
2015-06-23 16:58 - 2015-06-26 10:27 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-23 16:57 - 2015-06-24 19:19 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-23 16:57 - 2015-06-23 16:57 - 00000748 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-23 16:57 - 2015-06-23 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-23 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-23 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-23 11:51 - 2015-06-23 11:51 - 00001134 _____ C:\Users\LITTLEREDCAR\Desktop\89.lnk
2015-06-17 18:31 - 2015-06-17 18:31 - 00000000 ____D C:\Users\LITTLEREDCAR\Desktop\TESTEN_sitecake-2.2.8
2015-06-16 14:20 - 2015-06-16 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-16 14:10 - 2015-06-16 14:21 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\OpenPilot
2015-06-16 14:10 - 2015-06-16 14:10 - 00001134 _____ C:\Users\Public\Desktop\OpenPilot GCS.lnk
2015-06-16 14:10 - 2015-06-16 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenPilot
2015-06-16 14:10 - 2015-06-16 14:10 - 00000000 ____D C:\Program Files\DIFX
2015-06-15 08:48 - 2015-06-15 08:48 - 00001213 _____ C:\Users\LITTLEREDCAR\Desktop\phantom-checklist.lnk
2015-06-15 08:42 - 2015-06-15 08:42 - 00000783 _____ C:\Users\LITTLEREDCAR\Desktop\kopter.lnk
2015-06-11 17:28 - 2015-06-11 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-06-11 17:19 - 2015-06-11 17:19 - 00003159 _____ C:\Users\LITTLEREDCAR\Desktop\Ground Station 4.0.11.lnk
2015-06-11 17:19 - 2015-06-11 17:19 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DJI Product
2015-06-11 17:19 - 2015-06-11 17:19 - 00000000 ____D C:\Program Files (x86)\DJI Product
2015-06-10 08:15 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 08:15 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 08:15 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 08:15 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 08:15 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 08:15 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 08:15 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 08:15 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 08:15 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 08:15 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 08:15 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 08:15 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 08:15 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 08:15 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 08:15 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 08:10 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 08:10 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 08:10 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 08:10 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 08:10 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 08:10 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 08:10 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 08:10 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 08:10 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 08:10 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 08:10 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 08:10 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 08:10 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 08:10 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 08:10 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 08:10 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 08:10 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 08:10 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 08:10 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 08:10 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 08:10 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 08:10 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 08:10 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 08:10 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 08:10 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 08:10 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 08:10 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 08:10 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 08:10 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 08:10 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 08:10 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 08:10 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 08:10 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 08:10 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 08:10 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 08:10 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 08:10 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 08:10 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 08:10 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 08:10 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 08:10 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 08:10 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 08:10 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 08:10 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 08:10 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 08:10 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 08:10 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 08:10 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 08:10 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 08:10 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 08:10 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 08:10 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 08:10 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 08:10 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 08:10 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 08:10 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 08:10 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-02 20:32 - 2015-06-04 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 07:24 - 2015-06-02 07:24 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\GWX
2015-05-27 14:08 - 2015-05-27 14:08 - 00000682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macaw.lnk
2015-05-27 14:08 - 2015-05-27 14:08 - 00000000 ____D C:\Program Files (x86)\Macaw
2015-05-27 10:29 - 2015-05-27 10:29 - 00001134 _____ C:\Users\LITTLEREDCAR\Desktop\88.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 11:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 10:52 - 2014-01-10 15:25 - 00000000 __RDO C:\Users\LITTLEREDCAR\SkyDrive
2015-06-26 10:51 - 2013-08-22 16:46 - 00347831 _____ C:\WINDOWS\setupact.log
2015-06-26 10:51 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-26 10:51 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-26 10:30 - 2015-01-21 12:03 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001.job
2015-06-26 10:28 - 2014-01-10 15:18 - 01260503 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 10:24 - 2013-08-25 16:32 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-06-26 10:15 - 2013-08-22 20:24 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-26 10:08 - 2013-08-22 20:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-26 09:46 - 2013-08-22 21:53 - 55306240 ___SH C:\Users\LITTLEREDCAR\Desktop\Thumbs.db
2015-06-26 08:59 - 2014-02-10 13:33 - 00000000 ____D C:\1
2015-06-26 08:28 - 2013-08-20 15:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126030575-41912768-2344454900-1001
2015-06-26 08:18 - 2014-08-30 13:20 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\Adobe
2015-06-26 08:15 - 2014-11-19 08:45 - 00003852 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1377195848
2015-06-26 08:15 - 2013-08-22 20:24 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-26 08:15 - 2013-08-22 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-25 11:31 - 2013-08-26 10:09 - 00025600 _____ C:\Users\LITTLEREDCAR\Desktop\ein-herz-fuer-LITTLEREDCAR_12062015.xls
2015-06-25 10:06 - 2013-11-14 09:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 10:06 - 2013-11-14 09:11 - 00765378 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-25 10:06 - 2013-11-14 09:11 - 00159696 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 18:35 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 08:08 - 2013-08-22 20:23 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-24 08:00 - 2015-05-17 22:01 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 07:40 - 2013-11-14 00:18 - 00230260 _____ C:\WINDOWS\PFRO.log
2015-06-23 17:38 - 2014-01-21 11:57 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\Deployment
2015-06-23 17:37 - 2014-08-11 16:37 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\FreeFileSync
2015-06-23 17:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\System
2015-06-23 16:35 - 2013-08-22 19:47 - 00000600 _____ C:\Users\LITTLEREDCAR\AppData\Roaming\winscp.rnd
2015-06-21 18:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 02:33 - 2015-05-18 17:00 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-06-20 05:02 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 14:59 - 2013-08-22 21:44 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\Notepad++
2015-06-18 10:23 - 2015-04-01 13:43 - 00000731 _____ C:\Users\LITTLEREDCAR\Desktop\coc-todos.txt
2015-06-16 14:19 - 2013-08-20 17:42 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-16 14:19 - 2013-08-20 17:42 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-16 14:10 - 2013-08-26 12:02 - 00023408 _____ C:\WINDOWS\DPINST.LOG
2015-06-15 16:28 - 2014-11-17 11:37 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieBrowserModeList
2015-06-15 16:28 - 2014-04-28 15:38 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieUserList
2015-06-15 16:28 - 2014-04-28 15:38 - 00000000 __SHD C:\Users\LITTLEREDCAR\AppData\Local\EmieSiteList
2015-06-15 11:03 - 2013-08-20 15:18 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Local\VirtualStore
2015-06-11 20:12 - 2015-04-16 18:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-11 20:12 - 2015-03-04 01:17 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-11 20:12 - 2014-01-10 15:01 - 00000000 ____D C:\Users\LITTLEREDCAR
2015-06-11 20:12 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-11 18:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 17:28 - 2013-08-22 20:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 12:17 - 2013-08-20 18:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 12:13 - 2012-10-19 18:17 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 08:11 - 2013-08-22 16:44 - 06088688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-04 22:31 - 2013-08-22 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-01 16:47 - 2013-08-29 13:54 - 00000132 _____ C:\Users\LITTLEREDCAR\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-06-01 07:56 - 2013-09-11 04:43 - 00000000 ____D C:\HVB eFIN 4
2015-05-27 09:13 - 2013-12-27 17:08 - 00000000 ____D C:\Users\LITTLEREDCAR\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2014-06-18 19:13 - 2014-07-02 14:07 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
2013-08-29 13:54 - 2015-06-01 16:47 - 0000132 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-11 21:07 - 2014-02-11 21:07 - 0000119 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\licecap.ini
2013-08-22 19:47 - 2015-06-23 16:35 - 0000600 _____ () C:\Users\LITTLEREDCAR\AppData\Roaming\winscp.rnd
2014-07-03 17:31 - 2014-07-03 17:31 - 0001456 _____ () C:\Users\LITTLEREDCAR\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-09-19 16:19 - 2013-09-19 16:19 - 0004608 _____ () C:\Users\LITTLEREDCAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 11:18 - 2015-05-20 11:18 - 0000036 _____ () C:\Users\LITTLEREDCAR\AppData\Local\housecall.guid.cache
2012-10-23 12:20 - 2012-10-23 12:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-23 12:18 - 2012-10-23 12:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-23 12:16 - 2012-10-23 12:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-23 12:19 - 2012-10-23 12:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-10-23 12:16 - 2012-10-23 12:18 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2012-10-23 12:19 - 2012-10-23 12:19 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\LITTLEREDCAR\AppData\Local\Temp\avgnt.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\bitool.dll
C:\Users\LITTLEREDCAR\AppData\Local\Temp\NaviMgrInstaller.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.7.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\Quarantine.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\sqlite3.dll
C:\Users\LITTLEREDCAR\AppData\Local\Temp\vcredist_x64_vs2010.exe
C:\Users\LITTLEREDCAR\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 08:28

==================== End of log ============================

--- --- ---

und die frische ADDITION.txt:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by LITTLEREDCAR at 2015-06-26 11:01:24
Running from C:\Users\LITTLEREDCAR\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

LITTLEREDCAR (S-1-5-21-4126030575-41912768-2344454900-1001 - Administrator - Enabled) => C:\Users\LITTLEREDCAR
Administrator (S-1-5-21-4126030575-41912768-2344454900-500 - Administrator - Disabled)
Gast (S-1-5-21-4126030575-41912768-2344454900-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4126030575-41912768-2344454900-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
ALIAS Find And Replace 1.3.0 (HKLM-x32\...\ALIAS Find And Replace 1.3.0_is1) (Version: 1.3.0 - ALIAS Software)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.1997879112 - Audible, Inc.)
Autostart-Manager (HKLM-x32\...\{5C2C73F6-CE73-4A01-868E-7045B7805334}) (Version: 6.02.0000 - Wirth IT Design )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.3 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.3 - Balsamiq SRL) Hidden
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.24 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.24 - Balsamiq SRL) Hidden
Caesium Version 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa)
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{9EEE5827-F6A6-447E-9839-6AFAF6FCC442}) (Version: 8.0.304.4 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
ezr8 VideoLab 1.0 (HKLM-x32\...\{F83C83CB-C7A6-414b-8F85-C9A41303A299}_is1) (Version: 1.0 - Ezr8)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)
Falk Navi-Manager (HKLM-x32\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.26.1 - United Navigation GmbH)
Falk Navi-Manager (x32 Version: 2.26.0 - United Navigation GmbH) Hidden
Fast Image-Map 2.2.1 (HKLM-x32\...\FastImageMap_is1) (Version: 2.2.1.0 - Martin Hentschel (CL-Soft))
FileZilla Client 3.7.4 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4 - Tim Kosse)
FilterFTP (HKLM-x32\...\FilterFTP_is1) (Version: Actual Version - IN MEDIA KG)
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotograf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.7.0 - Google Inc.)
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
Ground Station 4.0.11 (HKLM-x32\...\{47B0D79A-8369-463F-A111-A3C24E208B73}) (Version: 4.0.11 - DJI Product)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)
Hugin 2014.0.0 (HKLM-x32\...\Hugin) (Version: 2014.0.0 hg_5da69bc383dd - The Hugin Development Team)
HVB eFIN 4 (HKLM-x32\...\HVB eFIN 4) (Version:  - )
IETester v0.5.2 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.2 - Core Services)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Ipswitch WS_FTP Professional 2007 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.1.0000 - Ipswitch)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JPEGmini (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\5d2010e174743543) (Version: 1.8.33.1 - ICVT Ltd)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
Macaw (HKLM-x32\...\{285CC687-1EB0-4826-9AAC-90C9BDE5A2EC}) (Version: 1.5.15 - Macaw, LLC)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
mirabyte Discstarter 6.4.0 (HKLM-x32\...\{3F22B9CE-872C-11DE-99EF-525255D89593}_is1) (Version: 6.4.0 - mirabyte GmbH & Co. KG)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
OpenPilot GCS (HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\OpenPilot) (Version: Ragin' Cajun - OpenPilot Team)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
PanoramaStudio 2.5 Pro ((deinstallieren)) (HKLM\...\PanoramaStudio2Pro) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PTGui Trial 9.2.0 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SILKYPIX Developer Studio 4.1 SE (HKLM-x32\...\InstallShield_{7FA26D45-84D8-49EB-80BE-B7AD0A0C4497}) (Version: 4 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.1 SE (x32 Version: 4 - Ichikawa Soft Laboratory) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Swimovate (HKLM-x32\...\Swimovate) (Version: 2.0.0.0 - Swimovate)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TextPad 7 (HKLM\...\{3DE3E4EE-F270-4A31-AB76-475515C661BD}) (Version: 7.4.0 - Helios)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - OpenPilot (usbser) Ports  (11/21/2014 3.0.0.0) (HKLM\...\BD9150BF7DFF447F2F59CE296CC81C0AABAD7C01) (Version: 11/21/2014 3.0.0.0 - OpenPilot)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinSCP 4.1.8 (HKLM-x32\...\winscp3_is1) (Version: 4.1.8 - Martin Prikryl)
Wondershare Video Converter Ultimate(Build 7.4.0.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.4.0.2 - Wondershare Software)
XMind 6 (v3.5.0) (HKLM-x32\...\XMind_is1) (Version: 3.5.0.201410310637 - XMind Ltd.)
Zoom Search Engine 6.0 (HKLM-x32\...\Zoom Search Engine 6.0_is1) (Version: 6.0 - Wrensoft)
S?????? f?t???af??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4126030575-41912768-2344454900-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4126030575-41912768-2344454900-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> E:\programme\System\shellext64.dll No File

==================== Restore Points =========================

11-06-2015 17:18:14 Installed Ground Station 4.0.11
19-06-2015 08:03:44 Geplanter Prüfpunkt
24-06-2015 18:25:16 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BDE36A7-BC9C-4E30-A862-DE3AD4A4A51B} - System32\Tasks\GoogleUpdateTaskMachineCore1d090d0cb19ae91 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {29852B63-24E8-4CA3-BF5D-264D940E798A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {3014EBC4-147C-4CEB-906C-A4EDF5ADBD9E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4B060C44-64AB-477F-AAF8-6E162BDDA424} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-info@LITTLEREDCAR.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {545AD991-EFC6-4E19-B638-11CF7E812E61} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: {553B776C-491B-4396-8226-DDF7A943CE9C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {608FC35D-450D-4D2E-A6C9-7B3D71A6167F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {72D75CFA-AE2C-41A5-A21D-6568372C485F} - System32\Tasks\Opera scheduled Autoupdate 1377195848 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {7BCDF7A1-0647-41F6-8CD6-17A041C32DF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {8189DCEF-36DE-4D67-B6F6-D04DD634311B} - System32\Tasks\AdobeAAMUpdater-1.0-LITTLEREDCAR-LITTLEREDCAR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8AC449AE-4930-42B9-8922-74367E8A749E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0409d7a1a9c71 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {9AE966D1-D995-409D-85E9-F09B005C5E94} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9E908CB5-35EB-4F80-B413-BE2E19B385D6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9EC5ACED-0802-4F1B-A57D-085D8BCBB72E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {AC4069AC-AE34-4E5A-ACBE-0EBA47B4F94C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B6921BD3-5E2A-4B01-95D9-871F226ED6DE} - System32\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001 => C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe [2015-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B88D5377-8A53-41A8-8B3E-2E045092BC10} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BD01A949-AD26-4533-A5DA-0D8E4A674371} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {BE694AFC-A345-4BD5-B44E-50B1E4D43F59} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {FC9671CB-7E52-480D-8578-FE9F06B8E79A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4126030575-41912768-2344454900-1001.job => C:\Users\LITTLEREDCAR\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090d0cb19ae91.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0409d7a1a9c71.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-01 15:20 - 2013-08-23 13:36 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () E:\programme\Notepad++\NppShell_06.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-07-26 06:34 - 2011-07-26 06:34 - 00034304 _____ () C:\WINDOWS\System32\ml285pl6.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\LITTLEREDCAR\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4126030575-41912768-2344454900-1001\Control Panel\Desktop\\Wallpaper -> E:\design\wallpapers\halfbike\halfbike02.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-4126030575-41912768-2344454900-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{BE29F091-236E-47CF-9EB3-09FF6B629001}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe
FirewallRules: [TCP Query User{0A1D2D06-585A-48AF-A0F4-84D41CB8B01F}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe
FirewallRules: [UDP Query User{0A944A22-A8AB-41C6-B348-EF98A54AD4B4}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [TCP Query User{7759FB35-FEBA-4FEB-9B6F-9B8C966036DA}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [UDP Query User{2A33EE1C-54AE-41A7-B4A1-0E3F8EA70CF4}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [TCP Query User{42C8C742-CE14-47B0-9B7C-4526C8CD8C89}E:\programme\ws_ftp professional\wsftpgui.exe] => (Allow) E:\programme\ws_ftp professional\wsftpgui.exe
FirewallRules: [UDP Query User{37665F5D-5C0E-4F8D-81E8-178FCBE02D8D}E:\programme\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\programme\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{F43EC174-32C5-4F0F-85ED-4E365886DEEA}E:\programme\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\programme\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{10D5A730-F7FB-4E69-931C-68979A31BE64}] => (Allow) E:\programme\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{7FCA922C-DFB5-481D-94F6-BB0EDD98B7DF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{73BCEC83-667E-4861-A023-8FB190A17451}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{5F9F6B7C-EA6F-4018-94D7-8917BF974E94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BFAEC8EB-B3F7-4D9F-B406-83C3BCB842FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F72A9FCE-2F6B-46E8-ACAE-4C23B64B49B6}] => (Allow) LPort=1900
FirewallRules: [{FEA90377-AA98-41C6-8F59-EC9BA9FB54C5}] => (Allow) LPort=2869
FirewallRules: [{EB2281D8-6635-4AFA-A6D2-A59478D8B350}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{FC3E5D3E-D3D7-44F1-9FDE-3E7B23B635F2}E:\programme\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) E:\programme\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{7F45F8F2-7340-49C2-B857-93888169D741}E:\programme\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) E:\programme\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [TCP Query User{188B1406-2226-47BD-B727-F8BDEC0F83B8}E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [UDP Query User{D3C44DFE-57CA-465A-A9A9-19D4B4B27A97}E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) E:\programme\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [{B888E982-88F1-4345-A08E-B5A7577316A5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{6D3B69AF-D9F3-4514-8BE4-87553EB5D7E8}E:\programme\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\programme\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{77959F26-57DE-437C-8B95-1102408EE379}E:\programme\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\programme\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{7837D2BF-2B49-463A-A512-0A0536FB17F8}E:\programme\macaw\macaw-node.exe] => (Allow) E:\programme\macaw\macaw-node.exe
FirewallRules: [UDP Query User{E59990BF-9E71-4AE3-9E41-5E528222A02C}E:\programme\macaw\macaw-node.exe] => (Allow) E:\programme\macaw\macaw-node.exe
FirewallRules: [TCP Query User{93285B16-4392-4540-90D4-8E55CCCD6C30}C:\program files (x86)\macaw\macaw-node.exe] => (Allow) C:\program files (x86)\macaw\macaw-node.exe
FirewallRules: [UDP Query User{20C8E973-566B-4D72-B2EA-D6D4A9429439}C:\program files (x86)\macaw\macaw-node.exe] => (Allow) C:\program files (x86)\macaw\macaw-node.exe
FirewallRules: [{5F42B699-2FE0-45B3-9351-477C96DD75FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECFAF84D-C8D6-49D5-8B54-20828F077D24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{26AD6D33-DBCA-4A64-ABEC-4BFF8FDAABB9}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe
FirewallRules: [UDP Query User{378880FC-B0C0-4A85-B9CB-DC84246BD034}C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe] => (Allow) C:\program files (x86)\dji product\ground station 4.0.11\release\groundstationver4.exe
FirewallRules: [{5F7CF6DB-A428-4E63-BD8B-B00A13394982}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 07:48:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563b224
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b84
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (06/24/2015 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563b224
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b84
ID des fehlerhaften Prozesses: 0x11bc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (06/24/2015 04:05:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f78

Startzeit: 01d0ae4159986199

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 05e99f45-1a7a-11e5-8167-001f81000830

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/23/2015 05:40:27 PM) (Source: MsiInstaller) (EventID: 11925) (User: LITTLEREDCAR)
Description: Product: Balsamiq Mockups 3 -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.

Error: (06/23/2015 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563b224
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 11.0.6715.60, Zeitstempel: 0x43306199
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052b84
ID des fehlerhaften Prozesses: 0x494
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (06/23/2015 04:56:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/23/2015 04:56:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (06/26/2015 10:57:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 10:57:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 10:57:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 10:57:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 10:57:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero BackItUp Scheduler 3" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 10:57:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 10:57:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 10:57:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 10:57:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 10:57:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ArcSoft Exchange Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/24/2015 07:48:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224MSONSEXT.DLL11.0.6715.6043306199c000000500052b8417d801d0aea10d2170e1C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL3bb3b8e8-1a99-11e5-8167-001f81000830

Error: (06/24/2015 04:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224MSONSEXT.DLL11.0.6715.6043306199c000000500052b8411bc01d0ae4160ea7169C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLLc40ee6f3-1a7a-11e5-8167-001f81000830

Error: (06/24/2015 04:05:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667f7801d0ae41599861990C:\WINDOWS\Explorer.EXE05e99f45-1a7a-11e5-8167-001f81000830

Error: (06/23/2015 05:40:27 PM) (Source: MsiInstaller) (EventID: 11925) (User: LITTLEREDCAR)
Description: Product: Balsamiq Mockups 3 -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/23/2015 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224MSONSEXT.DLL11.0.6715.6043306199c000000500052b8449401d0ad9ae9a01640C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLLa934bc80-19bb-11e5-8165-d43d7e2ed550

Error: (06/23/2015 04:56:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\DOWNLOADS\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exeC:\Users\LITTLEREDCAR\Desktop\jre-8u45-windows-x64.exe0

Error: (06/23/2015 04:56:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\$Recycle.Bin\S-1-5-21-4126030575-41912768-2344454900-1001\$RM9Q0ZI.exeC:\$Recycle.Bin\S-1-5-21-4126030575-41912768-2344454900-1001\$RM9Q0ZI.exe0


CodeIntegrity Errors:
===================================
  Date: 2014-02-28 12:59:35.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:35.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 12:59:34.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8136.17 MB
Available physical RAM: 6339.34 MB
Total Pagefile: 9416.17 MB
Available Pagefile: 7491.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:252.79 GB) (Free:154.45 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.75 GB) NTFS
Drive e: (Daten) (Fixed) (Total:1548.17 GB) (Free:976.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 10118449)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

DANKE!

schrauber · 27.06.2015, 08:08

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

littleredcar · 28.06.2015, 17:15

hi schrauber.

habe deine letzte vorgehensweise noch nicht durchgespielt, da es heute schon den ganzen tag HERRLICH RUHIG ist! ;-)
soll ich die letzten schritte trotzdem nochmal durchfuehren? oder habe ich den schurken dann bereits erwischt?

merci fuer deine tolle hilfe und gruss!

schrauber · 29.06.2015, 06:56

Auf jeden Fall, als Kontrolle

29.06.2015, 06:56	#8
schrauber /// the machine /// TB-Ausbilder	WIN 8.1 64bit: auch ich habe musik im hintergrund laufen - prozesse teilweise SEHR lahm! ;-( Auf jeden Fall, als Kontrolle __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

WIN 8.1 64bit: auch ich habe musik im hintergrund laufen - prozesse teilweise SEHR lahm! ;-(

Plagegeister aller Art und deren Bekämpfung: WIN 8.1 64bit: auch ich habe musik im hintergrund laufen - prozesse teilweise SEHR lahm! ;-(