Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Trojaner WIN32 Dynamer!ac

Windows 7: Trojaner WIN32 Dynamer!ac


Log-Analyse und Auswertung: Windows 7: Trojaner WIN32 Dynamer!ac

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 13.11.2016, 21:46   #1
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Hallo!

Das Microsoft Virenprogramm hat den Trojaner WIN32 Dynamer!ac gemeldet. Nach weiterer Suche habe ich im Taskmanger drei Prozesse gefunden, die ich keinem Programm zuordnen kann:
winlogon.exe
csrss.exe
RAVBg64.exe

Da habe ich mir wohl etwas eingefangen, oder?
Für eure Hilfe bin ich euch sehr dankbar!

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
durchgeführt von Philipp (Administrator) auf PHILIPP-PC (13-11-2016 21:36:52)
Gestartet von C:\Users\Philipp\Downloads
Geladene Profile: Philipp (Verfügbare Profile: Philipp)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ownCloud) C:\Program Files (x86)\ownCloud\owncloud.exe
(Spotify Ltd) C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637720 2014-09-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-30] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2026510 2016-09-27] (ownCloud)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [Spotify Web Helper] => C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [Spotify] => C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\MountPoints2: {8a9a3ba9-d239-11e5-9e69-34e6d7384f97} - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-11-09]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-10-30]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{0E94286B-C5AF-4EB2-8F30-F7FFDBDA0788}: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{7A121BC6-62AF-4DB0-8D7B-28FD13853819}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-636208486-627765941-1348474775-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-636208486-627765941-1348474775-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-636208486-627765941-1348474775-1001 -> DefaultScope {58D579D1-596D-4A75-87EB-351FD15E9A64} URL = 
SearchScopes: HKU\S-1-5-21-636208486-627765941-1348474775-1001 -> {58D579D1-596D-4A75-87EB-351FD15E9A64} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 19vpdgjx.Standard-Benutzer
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default [2016-11-13]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\f4u8sz6l.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\f4u8sz6l.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\f4u8sz6l.default -> hxxp://enerion.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\f4u8sz6l.default -> hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Extension: (Bing Search Engine) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\bingsearch.full@microsoft.com [2016-11-13] [ist nicht signiert]
FF Extension: (Firefox Hotfix) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2016-10-17]
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\19vpdgjx.Standard-Benutzer [2016-11-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-03-10] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{DC4CD23A-A05A-479C-82C0-C461F39F9AE8}

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-03] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-16] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2013-10-11] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-13 21:36 - 2016-11-13 21:37 - 00021711 _____ C:\Users\Philipp\Downloads\FRST.txt
2016-11-13 21:36 - 2016-11-13 21:36 - 02411520 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2016-11-13 21:36 - 2016-11-13 21:36 - 00000000 ____D C:\FRST
2016-11-13 21:25 - 2016-11-13 21:25 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-13 21:25 - 2016-11-13 21:25 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-13 21:25 - 2016-11-13 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-13 21:25 - 2016-11-13 21:25 - 00000000 ____D C:\Program Files\CCleaner
2016-11-13 21:24 - 2016-11-13 21:24 - 08270712 _____ (Piriform Ltd) C:\Users\Philipp\Downloads\ccsetup523.exe
2016-11-13 21:12 - 2016-11-13 21:12 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Philipp\Downloads\flashplayer23axau_ha_install.exe
2016-11-13 20:13 - 2016-11-13 21:21 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Spotify
2016-11-13 20:13 - 2016-11-13 21:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\Spotify
2016-11-13 20:13 - 2016-11-13 20:13 - 00353488 _____ (Spotify Ltd) C:\Users\Philipp\Downloads\SpotifySetup(1).exe
2016-11-13 20:13 - 2016-11-13 20:13 - 00001821 _____ C:\Users\Philipp\Desktop\Spotify.lnk
2016-11-13 20:13 - 2016-11-13 20:13 - 00001807 _____ C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-11-13 20:00 - 2016-11-13 20:00 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:00 - 2016-11-13 20:00 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-13 20:00 - 2016-11-13 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-13 19:18 - 2016-11-13 19:18 - 00000308 _____ C:\Users\Philipp\Desktop\The Journey Is The Destination The Ryan McGinley Purple Book photobook by Ryan McGinley.URL
2016-11-13 19:18 - 2016-11-13 19:18 - 00000244 _____ C:\Users\Philipp\Desktop\The Syncronicles - YouTube.URL
2016-11-13 19:18 - 2016-11-13 19:18 - 00000242 _____ C:\Users\Philipp\Desktop\Amtsgericht Aachen Zwangsversteigerungs*termine.URL
2016-11-13 14:43 - 2016-11-13 14:43 - 00000273 _____ C:\Users\Philipp\Desktop\Desire will set you free - ZDFmediathek.URL
2016-11-11 21:57 - 2016-11-11 21:17 - 00370031 _____ C:\Users\Philipp\Desktop\CV_P.Klever.pdf
2016-11-11 18:44 - 2016-11-11 18:44 - 00901248 _____ C:\Users\Philipp\Desktop\merkblatt_energieaudits.pdf
2016-11-11 11:59 - 2016-11-11 11:59 - 05785595 _____ C:\Users\Philipp\Desktop\Energiemanagement.pdf
2016-11-07 00:06 - 2016-11-07 00:06 - 00000278 _____ C:\Users\Philipp\Desktop\Dissertation_Roland_Becker_Mai_2006.pdf.URL
2016-11-07 00:06 - 2016-11-07 00:06 - 00000266 _____ C:\Users\Philipp\Desktop\Grundlagen der Fotografie Eine Übersicht für Anfänger › kwerfeldein – Magazin für Fotografie.URL
2016-11-07 00:06 - 2016-11-07 00:06 - 00000239 _____ C:\Users\Philipp\Desktop\Grundlagen der Fotografie - einfach schöne Fotos machen!.URL
2016-11-04 14:27 - 2016-11-04 14:27 - 15620001 _____ C:\Users\Philipp\Desktop\bok%3A978-3-662-50397-3.pdf
2016-11-01 18:28 - 2016-11-01 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e!Sankey 3.2
2016-11-01 18:27 - 2016-11-01 18:27 - 00003746 _____ C:\Windows\System32\Tasks\{407044A4-D710-4135-B58F-5028E6B88DCC}
2016-11-01 16:47 - 2016-11-01 16:47 - 00008887 _____ C:\Users\Philipp\Documents\Mappe1 (Automatisch gespeichert).xlsx
2016-10-25 10:36 - 2016-10-25 10:36 - 00000245 _____ C:\Users\Philipp\Desktop\Karex Kantenschutzprofile.URL
2016-10-24 19:06 - 2016-10-24 19:09 - 12575120 _____ C:\Users\Philipp\Desktop\DSC04958a.pdn
2016-10-19 15:51 - 2016-10-19 15:51 - 00000214 _____ C:\Users\Philipp\Desktop\Funny Holiday Cards and Merry Christmas eCards - JibJab.com.URL
2016-10-19 11:34 - 2016-10-19 11:34 - 00000284 _____ C:\Users\Philipp\Desktop\Heribert-Hirte - CSR-Richtlinie-Umsetzungsgesetz.URL
2016-10-18 16:42 - 2016-10-18 16:42 - 00000312 _____ C:\Users\Philipp\Desktop\IHK BonnRhein-Sieg**Pressemeldung Einzelansicht.URL

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-13 21:33 - 2015-03-10 15:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\Deployment
2016-11-13 21:33 - 2015-02-24 21:55 - 00000000 ____D C:\Users\Philipp\Documents\Outlook-Dateien
2016-11-13 21:21 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-13 21:21 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-13 21:17 - 2015-02-10 00:47 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-11-13 21:12 - 2015-02-24 17:40 - 00000000 ____D C:\Users\Philipp\ownCloud
2016-11-13 21:11 - 2015-03-30 10:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-13 21:11 - 2015-02-24 17:36 - 00000000 ____D C:\Users\Philipp\AppData\Local\ownCloud
2016-11-13 21:11 - 2015-02-10 00:43 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-13 20:45 - 2015-03-30 10:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-13 20:28 - 2010-11-21 07:50 - 00704038 _____ C:\Windows\system32\perfh007.dat
2016-11-13 20:28 - 2010-11-21 07:50 - 00151144 _____ C:\Windows\system32\perfc007.dat
2016-11-13 20:28 - 2009-07-14 06:13 - 01631966 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-13 20:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-13 20:12 - 2015-03-30 10:34 - 00000000 ___RD C:\Users\Philipp\Google Drive
2016-11-13 20:00 - 2015-02-24 17:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-13 19:58 - 2015-03-03 11:14 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Skype
2016-11-13 19:58 - 2015-02-28 19:33 - 00000000 ____D C:\Users\Philipp\AppData\Local\CrashDumps
2016-11-13 19:55 - 2015-02-24 17:20 - 00000000 ____D C:\Users\Philipp
2016-11-13 19:54 - 2016-03-15 20:18 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\dvdcss
2016-11-13 19:54 - 2015-02-25 23:08 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\vlc
2016-11-13 19:54 - 2015-02-24 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Creative
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-13 19:53 - 2015-10-09 12:39 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\IGC
2016-11-13 19:53 - 2015-08-31 10:38 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\ifu Hamburg GmbH, Germany
2016-11-13 19:53 - 2015-02-24 17:39 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Mozilla
2016-11-13 19:53 - 2015-02-24 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Adobe
2016-11-13 19:53 - 2015-02-24 17:20 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Intel
2016-11-13 19:45 - 2016-08-22 08:49 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 17:05 - 2015-03-03 11:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-09 17:05 - 2015-03-03 11:14 - 00000000 ____D C:\ProgramData\Skype
2016-11-05 17:56 - 2015-03-30 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-01 18:27 - 2015-08-31 10:38 - 00000000 ____D C:\Program Files (x86)\ifu Hamburg
2016-11-01 18:26 - 2015-08-31 10:38 - 00000000 ____D C:\Users\Philipp\Documents\e!Sankey
2016-10-28 02:22 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-23 15:58 - 2015-02-10 00:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-23 15:57 - 2015-10-30 18:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-19 14:04 - 2016-06-24 22:23 - 00000000 ____D C:\Users\Philipp\Desktop\102_FUJI
2016-10-17 15:24 - 2016-10-10 16:06 - 00000000 ____D C:\Users\Philipp\Desktop\bilder

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-06-17 07:54 - 2016-06-17 07:54 - 0000181 ____H () C:\Users\Philipp\AppData\Roaming\Accra
2016-06-17 07:53 - 2016-06-17 07:53 - 0004563 ____H () C:\Users\Philipp\AppData\Roaming\dotsdarkoverlay.png
2016-06-17 07:53 - 2016-06-17 07:53 - 0001849 ____H () C:\Users\Philipp\AppData\Roaming\excluded.txt
1991-04-14 08:00 - 1991-04-14 08:00 - 0296364 ____H () C:\Users\Philipp\AppData\Roaming\Tarbrush.M
2016-01-14 15:54 - 2016-01-14 15:54 - 0000820 _____ () C:\Users\Philipp\AppData\Local\recently-used.xbel
2016-02-26 15:57 - 2016-08-06 23:23 - 0007618 _____ () C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
2016-01-30 14:22 - 2016-01-30 14:22 - 0000000 _____ () C:\Users\Philipp\AppData\Local\{A30B4EBE-8FB5-441A-9BE3-2975B2B43C0A}

Einige Dateien in TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\EpsonPageDriverDownloader.EXE
C:\Users\Philipp\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Philipp\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-04 16:15

==================== Ende von FRST.txt ============================

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2016
durchgeführt von Philipp (13-11-2016 21:37:17)
Gestartet von C:\Users\Philipp\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-02-24 16:20:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-636208486-627765941-1348474775-500 - Administrator - Disabled)
Gast (S-1-5-21-636208486-627765941-1348474775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-636208486-627765941-1348474775-1002 - Limited - Enabled)
Philipp (S-1-5-21-636208486-627765941-1348474775-1001 - Administrator - Enabled) => C:\Users\Philipp

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
cFos Outlook DAV v1.80 (HKLM-x32\...\cFos Outlook DAV) (Version: 1.80 - cFos Software GmbH, Bonn)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
e!Sankey 3.2 (HKLM-x32\...\{3606B2AD-BEEB-4459-8837-092370C5733A}) (Version: 3.2.2 - ifu Hamburg GmbH)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
OpenVPN 2.3.10-I603  (HKLM\...\OpenVPN) (Version: 2.3.10-I603 - )
outlook_dav (HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\BD6B9EC7CF7AD0CFDA8AD98E4A649F10726F5B31) (Version: 1.80.2080.0 - outlook_dav)
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.2.4.6408 - ownCloud)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A35357A-3543-47A6-A416-39422D34753D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {11753924-8C5D-4DF3-A50F-EDBD4E0A4905} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
Task: {164A2D85-0BC2-43A6-9271-CB4899169CF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {1EBD1D86-9125-41D6-8FA3-A527DBDFA72B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {1FFF40F0-EC40-4B3C-B3A8-A5ED9554EFDC} - System32\Tasks\cFos\Registration Tasks\Open Browser => Firefox.exe -osint -new-window "hxxp://www.cfos.de/de/traffic-shaping/calibration-message.htm?sw-10.10.2238&days=30&tsa="
Task: {5007FD2A-1F57-45F5-B762-C9CB04C17DCA} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-02] (Realtek Semiconductor)
Task: {5D348F60-4737-47E2-A7C3-6CE006600147} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {67B3920D-2AAA-4C0F-8C7C-57434E04A157} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {6C68445B-F82F-475B-BCB9-53E80BC6E27D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {837F6D9B-603C-44CE-9D4A-E0057731DBB3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {97609CE3-953C-4E5F-9382-170B5637B2F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {AD0FD5AE-5394-4E2C-8347-D7CE8DA74F8A} - System32\Tasks\{407044A4-D710-4135-B58F-5028E6B88DCC} => pcalua.exe -a C:\Users\Philipp\ownCloud\Portfolio\Software\esankey\setup-eSankey-v3.2.2.558.exe -d "C:\Users\Philipp\ownCloud\Projekte\Caritas Köln\1_Projektbearbeitung\05_Verbraucherverzeichnisse und Sankey\e-sankey Dateien" -c "C:\Users\Philipp\ownCloud\Projekte\Caritas Köln\1_Projektbearbeitung\05_Verbrauch (Der Dateneintrag hat 75 mehr Zeichen).
Task: {AE86F1C7-B835-4412-AAC8-884B1F51D7CE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation)
Task: {E50A2D99-B968-4639-80CE-AA9A0CE21768} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {EC03F30D-CD70-4305-80AC-3E871D425F63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: 

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 18:40 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-08-25 02:31 - 2016-08-25 02:31 - 00059904 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2015-02-10 00:47 - 2014-07-03 04:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-02-10 00:41 - 2013-11-13 22:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-27 10:11 - 2016-09-27 10:11 - 00692750 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll
2016-04-21 17:07 - 2016-04-21 17:07 - 00097326 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2016-04-21 17:07 - 2016-04-21 17:07 - 00922727 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll
2016-09-27 10:11 - 2016-09-27 10:11 - 01084430 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll
2016-04-21 15:45 - 2016-04-21 15:45 - 00085548 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll
2016-04-21 15:48 - 2016-04-21 15:48 - 02197765 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll
2016-04-21 15:48 - 2016-04-21 15:48 - 01308778 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll
2016-04-21 15:48 - 2016-04-21 15:48 - 21539975 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll
2016-04-21 15:44 - 2016-04-21 15:44 - 00148117 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll
2016-04-21 15:47 - 2016-04-21 15:47 - 01366986 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll
2016-04-21 15:49 - 2016-04-21 15:49 - 00209711 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll
2016-05-09 21:13 - 2016-05-09 21:13 - 00048461 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll
2016-04-21 15:47 - 2016-04-21 15:47 - 00154982 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll
2016-04-21 15:45 - 2016-04-21 15:45 - 00350662 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll
2016-04-21 15:46 - 2016-04-21 15:46 - 00689339 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2016-04-21 16:10 - 2016-04-21 16:10 - 00247540 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll
2016-04-21 15:51 - 2016-04-21 15:51 - 01169416 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll
2016-04-21 17:48 - 2016-04-21 17:48 - 00231727 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-10-30 22:38 - 2016-09-23 11:57 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-02-10 00:47 - 2014-07-31 00:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-02-10 00:47 - 2012-11-26 06:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-10 00:47 - 2012-11-26 06:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-10-30 22:39 - 2015-10-30 22:40 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2016-05-28 19:49 - 2016-09-13 07:45 - 01041608 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3696 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3748 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3846 [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-636208486-627765941-1348474775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.179.1 - 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FEBD21A2-920F-4A69-956A-155449BD21FE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8D07DB29-2055-4D09-B68B-B9CF11BEFF6B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0DF7E4EA-8345-448D-ADDA-71CF98B7BED4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{224D5AC9-ABD2-4787-B8C9-B545BB6C7CCB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{80B366D3-88B1-4034-B0B0-19D71700C197}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [UDP Query User{554BAC21-B1B0-409E-A0BD-A7F27BBEB8DA}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [{D4192398-EC7C-4501-B0E3-9AE2BAF8EA3A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A353DD0F-CEA3-4B1C-9351-642D973D4310}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ECB3E2D-5639-401A-B936-646A51F2A884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FD0A37D-65B0-4535-BB1C-806B9E5EA896}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EBBA9CF6-0CA6-4BAD-BD9F-0134CEB0839B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E0BED4BA-F3F3-4AFA-9B80-1CA8310376DD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{84A7FBC5-8045-45E5-A7BB-412EB34F01B7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{19586E79-A065-4A7C-9A53-DF09CBCD6FED}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{078079CD-1B99-4D1E-A5FB-558FCF82EF32}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{839ED1B1-2E10-40B8-A886-723FF942BECD}] => (Block) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0172AD8A-B0C1-4BBC-9DB4-B649E7D7B7AB}] => (Block) C:\users\philipp\appdata\roaming\spotify\spotify.exe

==================== Wiederherstellungspunkte =========================

13-11-2016 19:00:01 Windows-Sicherung
13-11-2016 19:03:36 Windows-Sicherung
13-11-2016 19:06:48 Windows-Sicherung
13-11-2016 19:19:31 Wiederherstellungsvorgang
13-11-2016 19:24:33 Windows-Sicherung
13-11-2016 19:26:26 Wiederherstellungsvorgang
13-11-2016 19:35:43 Windows-Sicherung
13-11-2016 19:39:04 Windows-Sicherung
13-11-2016 19:40:11 Windows Update
13-11-2016 19:52:56 Wiederherstellungsvorgang
13-11-2016 20:05:52 Windows-Sicherung
13-11-2016 20:08:24 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/13/2016 09:30:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 5.23.0.5808 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a58

Startzeit: 01d23dec0cd2d015

Endzeit: 18

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID: 0af1ff70-a9e0-11e6-a60b-d8fc9363fbb8

Error: (11/13/2016 08:24:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (11/13/2016 07:58:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Name des fehlerhaften Moduls: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Ausnahmecode: 0x40000015
Fehleroffset: 0x00020940
ID des fehlerhaften Prozesses: 0x148c
Startzeit der fehlerhaften Anwendung: 0x01d23ddff0ef37a8
Pfad der fehlerhaften Anwendung: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Pfad des fehlerhaften Moduls: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Berichtskennung: 2f76c121-a9d3-11e6-8e05-d8fc9363fbb8

Error: (11/13/2016 07:55:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (11/13/2016 07:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (11/13/2016 07:36:31 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Lesen aus der Schattenkopie auf einem der zu sichernden Volumes durch die Windows-Sicherung. Prüfen Sie die Ereignisprotokolle auf relevante Fehler. (0x81000037)"

Error: (11/13/2016 07:32:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Name des fehlerhaften Moduls: libcef.dll, Version: 3.2785.1481.0, Zeitstempel: 0x57e0c159
Ausnahmecode: 0x80000003
Fehleroffset: 0x00dba17d
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0x01d23ddc53e5f506
Pfad der fehlerhaften Anwendung: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Pfad des fehlerhaften Moduls: C:\Users\Philipp\AppData\Roaming\Spotify\libcef.dll
Berichtskennung: 91fb3c73-a9cf-11e6-845d-d8fc9363fbb8

Error: (11/13/2016 07:31:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Name des fehlerhaften Moduls: libcef.dll, Version: 3.2785.1481.0, Zeitstempel: 0x57e0c159
Ausnahmecode: 0x80000003
Fehleroffset: 0x00dba17d
ID des fehlerhaften Prozesses: 0x1870
Startzeit der fehlerhaften Anwendung: 0x01d23ddc30fae20d
Pfad der fehlerhaften Anwendung: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Pfad des fehlerhaften Moduls: C:\Users\Philipp\AppData\Roaming\Spotify\libcef.dll
Berichtskennung: 6f0b66b9-a9cf-11e6-845d-d8fc9363fbb8

Error: (11/13/2016 07:30:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Name des fehlerhaften Moduls: libcef.dll, Version: 3.2785.1481.0, Zeitstempel: 0x57e0c159
Ausnahmecode: 0x80000003
Fehleroffset: 0x00dba17d
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0x01d23ddc1277a6a2
Pfad der fehlerhaften Anwendung: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Pfad des fehlerhaften Moduls: C:\Users\Philipp\AppData\Roaming\Spotify\libcef.dll
Berichtskennung: 5083688e-a9cf-11e6-845d-d8fc9363fbb8

Error: (11/13/2016 07:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Spotify.exe, Version: 1.0.41.375, Zeitstempel: 0x580878db
Name des fehlerhaften Moduls: libcef.dll, Version: 3.2785.1481.0, Zeitstempel: 0x57e0c159
Ausnahmecode: 0x80000003
Fehleroffset: 0x00dba17d
ID des fehlerhaften Prozesses: 0x1bb4
Startzeit der fehlerhaften Anwendung: 0x01d23ddbff847234
Pfad der fehlerhaften Anwendung: C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
Pfad des fehlerhaften Moduls: C:\Users\Philipp\AppData\Roaming\Spotify\libcef.dll
Berichtskennung: 3d92957f-a9cf-11e6-845d-d8fc9363fbb8


Systemfehler:
=============
Error: (11/13/2016 08:24:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/13/2016 07:57:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/13/2016 07:57:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/13/2016 07:55:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/13/2016 07:55:06 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (11/13/2016 07:55:45 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: Aktuell

	Fehlercode: 0x80070002

	Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. 

	Signaturversion: 0.0.0.0;0.0.0.0

	Modulversion: 0.0.0.0

Error: (11/13/2016 07:48:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/13/2016 07:45:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.231.1810.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://www.microsoft.com

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13202.0

	Fehlercode: 0x8024001e

	Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Error: (11/13/2016 07:45:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.231.1810.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://www.microsoft.com

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13202.0

	Fehlercode: 0x8024001e

	Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Error: (11/13/2016 07:29:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4310U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 8097.4 MB
Verfügbarer physikalischer RAM: 4319.98 MB
Summe virtueller Speicher: 16192.98 MB
Verfügbarer virtueller Speicher: 12152.4 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:107.44 GB) (Free:15.01 GB) NTFS
Drive e: (My Book) (Fixed) (Total:596.02 GB) (Free:58.02 GB) FAT32
Drive f: (My Passport) (Fixed) (Total:465.65 GB) (Free:330.23 GB) FAT32
Drive g: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:347.05 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:3.93 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 54D959A8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F79678AA)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 596.2 GB) (Disk ID: ACDD9B22)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 498D7415)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
Und der Log von MSE:
Code:
ATTFilter
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
file:C:\Users\Philipp\AppData\Roaming\Linker.dll
Geändert von Auweiha (13.11.2016 um 22:00 Uhr)

Alt 14.11.2016, 00:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 14.11.2016, 09:32   #3
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Hallo Cosinus,

vielen Dank für deine Hilfe. Untenstehend findest du die Reports der beiden Programme:

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18524

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 8490737664, free: 5643280384

Downloaded database version: v2016.11.14.04
Downloaded database version: v2016.10.31.01
Downloaded database version: v2016.09.21.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     11/14/2016 09:16:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorA.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\Netwsw02.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\O2FJ2w7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ST_Accel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\usb3Hub.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTDVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\cvusbdrv.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\drivers\btmaud.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\System32\Drivers\wbfcvusbdrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\Drivers\iqvw64e.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.11.14.04
  rootkit: v2016.10.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006e14060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006e14b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006e14060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d148c0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8006d14c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800666b4d0, DeviceName: \Device\0000006d\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 54D959A8

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
    Partition is not bootable

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 24662016
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24743936  Numsec = 225323008
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8015478060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013c65b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8015478060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8013efbab0, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa801546d720, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F79678AA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64  Numsec = 1953520065
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204885504 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80154c7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80154c7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80154c7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8013ef3c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8015478b60, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ACDD9B22

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1250258562
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80154cd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80154c6690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80154cd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8015435660, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80154c6b60, DeviceName: \Device\0000009f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 498D7415

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-1AAE909009AFB9FDBA81527174AF260CD23058E9.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-24743936-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-64-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
__________________
Alt 14.11.2016, 09:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Bitte das richtige Log von MBAR posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2016, 09:38   #5
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Code:
ATTFilter
09:27:41.0306 0x1a10  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
09:27:46.0528 0x1a10  ============================================================
09:27:46.0528 0x1a10  Current date / time: 2016/11/14 09:27:46.0528
09:27:46.0528 0x1a10  SystemInfo:
09:27:46.0528 0x1a10  
09:27:46.0528 0x1a10  OS Version: 6.1.7601 ServicePack: 1.0
09:27:46.0528 0x1a10  Product type: Workstation
09:27:46.0529 0x1a10  ComputerName: PHILIPP-PC
09:27:46.0529 0x1a10  UserName: Philipp
09:27:46.0529 0x1a10  Windows directory: C:\Windows
09:27:46.0529 0x1a10  System windows directory: C:\Windows
09:27:46.0529 0x1a10  Running under WOW64
09:27:46.0529 0x1a10  Processor architecture: Intel x64
09:27:46.0529 0x1a10  Number of processors: 4
09:27:46.0529 0x1a10  Page size: 0x1000
09:27:46.0529 0x1a10  Boot type: Normal boot
09:27:46.0529 0x1a10  CodeIntegrityOptions = 0x00000001
09:27:46.0529 0x1a10  ============================================================
09:27:46.0730 0x1a10  KLMD registered as C:\Windows\system32\drivers\33183176.sys
09:27:46.0730 0x1a10  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23569, osProperties = 0x1
09:27:47.0279 0x1a10  System UUID: {72B16DE3-5171-823B-5AE1-161055D76BCE}
09:27:47.0993 0x1a10  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:27:50.0620 0x1a10  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5E00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:27:51.0113 0x1a10  Drive \Device\Harddisk2\DR2 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:27:51.0130 0x1a10  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:27:51.0131 0x1a10  ============================================================
09:27:51.0131 0x1a10  \Device\Harddisk0\DR0:
09:27:51.0134 0x1a10  MBR partitions:
09:27:51.0134 0x1a10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1785000
09:27:51.0134 0x1a10  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1799000, BlocksNum 0xD6E2800
09:27:51.0134 0x1a10  \Device\Harddisk1\DR1:
09:27:51.0134 0x1a10  MBR partitions:
09:27:51.0134 0x1a10  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x747059C1
09:27:51.0134 0x1a10  \Device\Harddisk2\DR2:
09:27:51.0135 0x1a10  MBR partitions:
09:27:51.0135 0x1a10  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A856E82
09:27:51.0135 0x1a10  \Device\Harddisk3\DR3:
09:27:51.0135 0x1a10  MBR partitions:
09:27:51.0135 0x1a10  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
09:27:51.0135 0x1a10  ============================================================
09:27:51.0136 0x1a10  C: <-> \Device\Harddisk0\DR0\Partition2
09:27:51.0137 0x1a10  E: <-> \Device\Harddisk2\DR2\Partition1
09:27:51.0137 0x1a10  F: <-> \Device\Harddisk3\DR3\Partition1
09:27:51.0162 0x1a10  G: <-> \Device\Harddisk1\DR1\Partition1
09:27:51.0162 0x1a10  ============================================================
09:27:51.0162 0x1a10  Initialize success
09:27:51.0162 0x1a10  ============================================================
09:28:38.0612 0x1118  ============================================================
09:28:38.0612 0x1118  Scan started
09:28:38.0612 0x1118  Mode: Manual; SigCheck; TDLFS; 
09:28:38.0612 0x1118  ============================================================
09:28:38.0612 0x1118  KSN ping started
09:28:38.0726 0x1118  KSN ping finished: true
09:28:39.0036 0x1118  ================ Scan system memory ========================
09:28:39.0036 0x1118  System memory - ok
09:28:39.0038 0x1118  ================ Scan services =============================
09:28:39.0089 0x1118  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:28:39.0133 0x1118  1394ohci - ok
09:28:39.0145 0x1118  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:28:39.0160 0x1118  ACPI - ok
09:28:39.0164 0x1118  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:28:39.0184 0x1118  AcpiPmi - ok
09:28:39.0189 0x1118  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:28:39.0197 0x1118  AdobeARMservice - ok
09:28:39.0210 0x1118  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:28:39.0230 0x1118  adp94xx - ok
09:28:39.0240 0x1118  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:28:39.0255 0x1118  adpahci - ok
09:28:39.0262 0x1118  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:28:39.0274 0x1118  adpu320 - ok
09:28:39.0279 0x1118  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:28:39.0293 0x1118  AeLookupSvc - ok
09:28:39.0309 0x1118  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
09:28:39.0330 0x1118  AFD - ok
09:28:39.0336 0x1118  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:28:39.0344 0x1118  agp440 - ok
09:28:39.0349 0x1118  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:28:39.0367 0x1118  ALG - ok
09:28:39.0370 0x1118  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:28:39.0378 0x1118  aliide - ok
09:28:39.0382 0x1118  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:28:39.0390 0x1118  amdide - ok
09:28:39.0394 0x1118  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:28:39.0404 0x1118  AmdK8 - ok
09:28:39.0409 0x1118  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:28:39.0419 0x1118  AmdPPM - ok
09:28:39.0424 0x1118  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:28:39.0434 0x1118  amdsata - ok
09:28:39.0442 0x1118  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:28:39.0455 0x1118  amdsbs - ok
09:28:39.0459 0x1118  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:28:39.0466 0x1118  amdxata - ok
09:28:39.0480 0x1118  [ 02C7FFB7791AC5B0A2A5EBA5E01F18CA, FE07FC0417F7BC7A5F36A14FC717C17EA12236C400D51A0B3165CF604AEFFFBF ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
09:28:39.0506 0x1118  ApfiltrService - ok
09:28:39.0512 0x1118  [ 39E327BC1E1FB314E1C3960B68A25DF5, 1C508FB786C7CC16A8C90312EC184A137D3C54B1E9AD3D8D072E40D2AFCF1C24 ] ApHidMonitorService C:\Program Files\DellTPad\HidMonitorSvc.exe
09:28:39.0520 0x1118  ApHidMonitorService - ok
09:28:39.0524 0x1118  [ 0CD7BFDE151223C6976C5D1B3D49EB84, A16FAB4F77D03C0664CCE8082E40A7673BC7FA4E89854F9027D478CD99EB2088 ] AppID           C:\Windows\system32\drivers\appid.sys
09:28:39.0545 0x1118  AppID - ok
09:28:39.0549 0x1118  [ F9842669B31F20B8B157D33CCC457820, AC8FA65F0A3C479D3CFE10EFE9B3EC5BAE48059F57A12D8C2D7963A22EB043B8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:28:39.0569 0x1118  AppIDSvc - ok
09:28:39.0574 0x1118  [ B46099A534B7989D80330EA82D9092D6, 0CAC09732FAFAE805E55428B6BE001DCC39EBC599539FADE7AA68571A8A554E5 ] Appinfo         C:\Windows\System32\appinfo.dll
09:28:39.0586 0x1118  Appinfo - ok
09:28:39.0593 0x1118  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:28:39.0610 0x1118  AppMgmt - ok
09:28:39.0615 0x1118  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:28:39.0628 0x1118  arc - ok
09:28:39.0633 0x1118  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:28:39.0643 0x1118  arcsas - ok
09:28:39.0656 0x1118  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:28:39.0664 0x1118  aspnet_state - ok
09:28:39.0669 0x1118  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:28:39.0719 0x1118  AsyncMac - ok
09:28:39.0723 0x1118  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:28:39.0733 0x1118  atapi - ok
09:28:39.0751 0x1118  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:28:39.0779 0x1118  AudioEndpointBuilder - ok
09:28:39.0795 0x1118  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:28:39.0817 0x1118  AudioSrv - ok
09:28:39.0823 0x1118  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:28:39.0845 0x1118  AxInstSV - ok
09:28:39.0857 0x1118  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:28:39.0882 0x1118  b06bdrv - ok
09:28:39.0893 0x1118  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:28:39.0911 0x1118  b57nd60a - ok
09:28:39.0918 0x1118  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:28:39.0932 0x1118  BDESVC - ok
09:28:39.0935 0x1118  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:28:39.0966 0x1118  Beep - ok
09:28:39.0982 0x1118  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:28:40.0012 0x1118  BFE - ok
09:28:40.0032 0x1118  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:28:40.0108 0x1118  BITS - ok
09:28:40.0113 0x1118  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:28:40.0125 0x1118  blbdrive - ok
09:28:40.0150 0x1118  [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
09:28:40.0180 0x1118  Bluetooth Device Monitor - ok
09:28:40.0223 0x1118  [ F6234C4C494D411DEE452483C866EFC8, 9F12A93D9DDF2D436900447B64855549866B8E895128B1A9BE9717ED77F722F7 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
09:28:40.0264 0x1118  Bluetooth Media Service - ok
09:28:40.0296 0x1118  [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
09:28:40.0327 0x1118  Bluetooth OBEX Service - ok
09:28:40.0334 0x1118  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:28:40.0359 0x1118  bowser - ok
09:28:40.0363 0x1118  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:28:40.0376 0x1118  BrFiltLo - ok
09:28:40.0379 0x1118  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:28:40.0393 0x1118  BrFiltUp - ok
09:28:40.0399 0x1118  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:28:40.0416 0x1118  Browser - ok
09:28:40.0424 0x1118  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:28:40.0443 0x1118  Brserid - ok
09:28:40.0448 0x1118  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:28:40.0465 0x1118  BrSerWdm - ok
09:28:40.0469 0x1118  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:28:40.0485 0x1118  BrUsbMdm - ok
09:28:40.0488 0x1118  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:28:40.0500 0x1118  BrUsbSer - ok
09:28:40.0505 0x1118  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
09:28:40.0517 0x1118  BthEnum - ok
09:28:40.0523 0x1118  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:28:40.0539 0x1118  BTHMODEM - ok
09:28:40.0545 0x1118  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:28:40.0562 0x1118  BthPan - ok
09:28:40.0574 0x1118  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
09:28:40.0597 0x1118  BTHPORT - ok
09:28:40.0603 0x1118  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:28:40.0645 0x1118  bthserv - ok
09:28:40.0649 0x1118  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
09:28:40.0659 0x1118  BTHUSB - ok
09:28:40.0664 0x1118  [ 0D377E7AA849056D54638F380490A523, 9371AC68139A27DCD53AAFED243673C946AAA72C0BAE0C9AFFAD1D9CEF7A2D05 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
09:28:40.0672 0x1118  btmaudio - ok
09:28:40.0677 0x1118  [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
09:28:40.0686 0x1118  btmaux - ok
09:28:40.0714 0x1118  [ C446E06887B7064B204E7778C4A4D192, DB3F26C76D0380FAB4F324D9E0E3DF790B294A1FB9B271004130E50E8F7E69F1 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
09:28:40.0749 0x1118  btmhsf - ok
09:28:40.0758 0x1118  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:28:40.0788 0x1118  cdfs - ok
09:28:40.0793 0x1118  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:28:40.0804 0x1118  cdrom - ok
09:28:40.0808 0x1118  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:28:40.0838 0x1118  CertPropSvc - ok
09:28:40.0841 0x1118  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:28:40.0852 0x1118  circlass - ok
09:28:40.0861 0x1118  [ 3891EA60B84EFE115CE070311FA83BBB, 2A30FB15C8D0C69289C087DFE1F822AB4F9C3F091DBB3FD2E99DC5B562E90DFB ] CLFS            C:\Windows\system32\CLFS.sys
09:28:40.0881 0x1118  CLFS - ok
09:28:40.0944 0x1118  [ 99D4DBD01BC8384B8A395778D9F45D2C, 1F21E9E19FAF48CA7DDFB2A1ED39DBBB38AFCBEB86BED0A42A673D565D0C77FC ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
09:28:41.0026 0x1118  ClickToRunSvc - ok
09:28:41.0038 0x1118  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:28:41.0046 0x1118  clr_optimization_v2.0.50727_32 - ok
09:28:41.0053 0x1118  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:28:41.0062 0x1118  clr_optimization_v2.0.50727_64 - ok
09:28:41.0072 0x1118  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:28:41.0081 0x1118  clr_optimization_v4.0.30319_32 - ok
09:28:41.0087 0x1118  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:28:41.0097 0x1118  clr_optimization_v4.0.30319_64 - ok
09:28:41.0101 0x1118  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:28:41.0113 0x1118  CmBatt - ok
09:28:41.0117 0x1118  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:28:41.0126 0x1118  cmdide - ok
09:28:41.0138 0x1118  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
09:28:41.0159 0x1118  CNG - ok
09:28:41.0163 0x1118  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:28:41.0170 0x1118  Compbatt - ok
09:28:41.0174 0x1118  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:28:41.0187 0x1118  CompositeBus - ok
09:28:41.0190 0x1118  COMSysApp - ok
09:28:41.0212 0x1118  [ 1744B49845C6F9BA10C4E24F7AA4C7D7, 61E781501EAB7E5671A699397D5DC95A579C10642CB17D4A57AD4B96ADE1A89B ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:28:41.0225 0x1118  cphs - ok
09:28:41.0229 0x1118  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:28:41.0236 0x1118  crcdisk - ok
09:28:41.0264 0x1118  [ A2B5C2708EC9A712F1A7E336F3F7234B, ECE7DC47190E82132E27DC02411299A849AB1308DDADC760F97EE8CB860C8C21 ] Credential Vault Host Control Service c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
09:28:41.0291 0x1118  Credential Vault Host Control Service - ok
09:28:41.0296 0x1118  [ B27BF3C9A70AB1E326F50468F6E3714C, D7D58DE2C4DE69A003E092746168E327EA9BB0C430C628127EB1BE5CF89C36B1 ] Credential Vault Host Storage c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
09:28:41.0303 0x1118  Credential Vault Host Storage - ok
09:28:41.0311 0x1118  [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:28:41.0328 0x1118  CryptSvc - ok
09:28:41.0342 0x1118  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:28:41.0365 0x1118  CSC - ok
09:28:41.0381 0x1118  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:28:41.0405 0x1118  CscService - ok
09:28:41.0412 0x1118  [ 58CB536DA016641C9D24D183197F6DBF, 59B2EB716CCD45928517FF6254D95609BE5C3E40E08FC9EFEF88104DF91363C9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:28:41.0429 0x1118  CtClsFlt - ok
09:28:41.0434 0x1118  [ 7826702AF015D62A885139D66A268470, 7636CC2AB9F8FD2B31BC910838BEFD408ED555D55A9C73BFA02EF4EE3D77CE78 ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
09:28:41.0467 0x1118  cvusbdrv - ok
09:28:41.0472 0x1118  [ A4700D1F78539C0ED32FA50E64F9C692, 5CB03B5F36307BA152245BAD29CB2AC703BBE8197ABC0338A7092ADEA1C3221A ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
09:28:41.0482 0x1118  dc3d - ok
09:28:41.0496 0x1118  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:28:41.0519 0x1118  DcomLaunch - ok
09:28:41.0528 0x1118  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:28:41.0563 0x1118  defragsvc - ok
09:28:41.0570 0x1118  [ B503A0F8201068C75AB47A72EF18F225, 30A290EEC5D8616EB9B1D98DD4B745ABEC19AD49C1703691D0F50241B6EC43FC ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
09:28:41.0580 0x1118  Dell Foundation Services - ok
09:28:41.0583 0x1118  Dell.CommandPowerManager.Service - ok
09:28:41.0591 0x1118  [ EDC701B55802DE6B5A27546991D6900D, 65D0A86B210C401EF01EE032F80B0EB04E036146DC1902EA52462A12ED89E3FE ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
09:28:41.0607 0x1118  DellDigitalDelivery - ok
09:28:41.0612 0x1118  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:28:41.0624 0x1118  DfsC - ok
09:28:41.0633 0x1118  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:28:41.0652 0x1118  Dhcp - ok
09:28:41.0682 0x1118  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
09:28:41.0722 0x1118  DiagTrack - ok
09:28:41.0729 0x1118  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:28:41.0758 0x1118  discache - ok
09:28:41.0762 0x1118  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
09:28:41.0771 0x1118  Disk - ok
09:28:41.0775 0x1118  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:28:41.0788 0x1118  dmvsc - ok
09:28:41.0794 0x1118  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:28:41.0808 0x1118  Dnscache - ok
09:28:41.0816 0x1118  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:28:41.0847 0x1118  dot3svc - ok
09:28:41.0853 0x1118  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:28:41.0883 0x1118  DPS - ok
09:28:41.0887 0x1118  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:28:41.0898 0x1118  drmkaud - ok
09:28:41.0918 0x1118  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:28:41.0945 0x1118  DXGKrnl - ok
09:28:41.0960 0x1118  [ C47C212490AE1C2AB4A34A40C39485B4, 1B739D8F5BA344F14C78B547ABE281EEE13916D976A7E97B39A9E779D198B9E3 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
09:28:41.0976 0x1118  e1dexpress - ok
09:28:41.0981 0x1118  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:28:42.0012 0x1118  EapHost - ok
09:28:42.0074 0x1118  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:28:42.0153 0x1118  ebdrv - ok
09:28:42.0164 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] EFS             C:\Windows\System32\lsass.exe
09:28:42.0172 0x1118  EFS - ok
09:28:42.0188 0x1118  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:28:42.0214 0x1118  ehRecvr - ok
09:28:42.0219 0x1118  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:28:42.0230 0x1118  ehSched - ok
09:28:42.0241 0x1118  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:28:42.0259 0x1118  elxstor - ok
09:28:42.0263 0x1118  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:28:42.0271 0x1118  ErrDev - ok
09:28:42.0283 0x1118  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:28:42.0318 0x1118  EventSystem - ok
09:28:42.0332 0x1118  [ BF220856C02DF9AB74786BE92246A0E1, 9F35F4A08967634206B965BF94469380C0ACCF8A6C973E90ED85ECECF284CE34 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:28:42.0350 0x1118  EvtEng - ok
09:28:42.0357 0x1118  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:28:42.0389 0x1118  exfat - ok
09:28:42.0395 0x1118  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:28:42.0426 0x1118  fastfat - ok
09:28:42.0442 0x1118  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:28:42.0466 0x1118  Fax - ok
09:28:42.0471 0x1118  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:28:42.0480 0x1118  fdc - ok
09:28:42.0482 0x1118  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:28:42.0510 0x1118  fdPHost - ok
09:28:42.0513 0x1118  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:28:42.0541 0x1118  FDResPub - ok
09:28:42.0545 0x1118  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:28:42.0553 0x1118  FileInfo - ok
09:28:42.0556 0x1118  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:28:42.0584 0x1118  Filetrace - ok
09:28:42.0587 0x1118  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:28:42.0595 0x1118  flpydisk - ok
09:28:42.0602 0x1118  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:28:42.0615 0x1118  FltMgr - ok
09:28:42.0638 0x1118  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
09:28:42.0674 0x1118  FontCache - ok
09:28:42.0679 0x1118  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:28:42.0686 0x1118  FontCache3.0.0.0 - ok
09:28:42.0690 0x1118  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:28:42.0697 0x1118  FsDepends - ok
09:28:42.0700 0x1118  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:28:42.0707 0x1118  Fs_Rec - ok
09:28:42.0714 0x1118  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:28:42.0726 0x1118  fvevol - ok
09:28:42.0730 0x1118  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:28:42.0738 0x1118  gagp30kx - ok
09:28:42.0754 0x1118  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
09:28:42.0781 0x1118  gpsvc - ok
09:28:42.0788 0x1118  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:28:42.0796 0x1118  gupdate - ok
09:28:42.0800 0x1118  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:28:42.0807 0x1118  gupdatem - ok
09:28:42.0810 0x1118  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:28:42.0822 0x1118  hcw85cir - ok
09:28:42.0831 0x1118  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:28:42.0848 0x1118  HdAudAddService - ok
09:28:42.0853 0x1118  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:28:42.0866 0x1118  HDAudBus - ok
09:28:42.0869 0x1118  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:28:42.0878 0x1118  HidBatt - ok
09:28:42.0882 0x1118  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:28:42.0894 0x1118  HidBth - ok
09:28:42.0898 0x1118  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:28:42.0909 0x1118  HidIr - ok
09:28:42.0912 0x1118  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:28:42.0940 0x1118  hidserv - ok
09:28:42.0944 0x1118  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:28:42.0955 0x1118  HidUsb - ok
09:28:42.0959 0x1118  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:28:42.0988 0x1118  hkmsvc - ok
09:28:42.0994 0x1118  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:28:43.0010 0x1118  HomeGroupListener - ok
09:28:43.0016 0x1118  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:28:43.0028 0x1118  HomeGroupProvider - ok
09:28:43.0032 0x1118  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:28:43.0040 0x1118  HpSAMD - ok
09:28:43.0056 0x1118  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:28:43.0083 0x1118  HTTP - ok
09:28:43.0087 0x1118  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:28:43.0093 0x1118  hwpolicy - ok
09:28:43.0098 0x1118  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:28:43.0107 0x1118  i8042prt - ok
09:28:43.0123 0x1118  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
09:28:43.0143 0x1118  iaStorA - ok
09:28:43.0146 0x1118  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:28:43.0152 0x1118  IAStorDataMgrSvc - ok
09:28:43.0156 0x1118  [ C018747131B4E90E9267BA5B31EB43A7, 0FA045B63500D6AA98CADD72BA8052BD2631387FD1270A9FD5A77EB7A7A14536 ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
09:28:43.0163 0x1118  iaStorF - ok
09:28:43.0172 0x1118  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:28:43.0187 0x1118  iaStorV - ok
09:28:43.0194 0x1118  [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva         C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
09:28:43.0201 0x1118  iBtSiva - ok
09:28:43.0208 0x1118  [ 0316165998C74A0C109D5943F0027925, 91093906A100DD3FDC635AF8274910DB4BCEA10D6A003702786246D208CC4BBB ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
09:28:43.0218 0x1118  ibtusb - ok
09:28:43.0237 0x1118  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:28:43.0261 0x1118  idsvc - ok
09:28:43.0265 0x1118  IEEtwCollectorService - ok
09:28:43.0338 0x1118  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:28:43.0444 0x1118  igfx - ok
09:28:43.0452 0x1118  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:28:43.0460 0x1118  iirsp - ok
09:28:43.0477 0x1118  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:28:43.0501 0x1118  IKEEXT - ok
09:28:43.0506 0x1118  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
09:28:43.0513 0x1118  intaud_WaveExtensible - ok
09:28:43.0558 0x1118  [ 428C61AB08A41B95428484BD1CAB32DA, 380545E5CACBA42366FCD23CD9984C563EF0634884D16660B9174F4D8A0BAC38 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
09:28:43.0619 0x1118  IntcAzAudAddService - ok
09:28:43.0632 0x1118  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:28:43.0647 0x1118  IntcDAud - ok
09:28:43.0664 0x1118  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:28:43.0682 0x1118  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
09:28:43.0748 0x1118  Detect skipped due to KSN trusted
09:28:43.0748 0x1118  Intel(R) Capability Licensing Service Interface - ok
09:28:43.0783 0x1118  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:28:44.0436 0x1118  Intel(R) Capability Licensing Service TCP IP Interface - ok
09:28:44.0444 0x1118  [ 98D8094CC724D751E8EC3B2B3446FAA3, DC88496C0D92B4BCCD71467DE3C5D346DF9B5A27BAE703FF53168A284D2F64A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
09:28:44.0455 0x1118  Intel(R) PROSet Monitoring Service - ok
09:28:44.0458 0x1118  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:28:44.0465 0x1118  intelide - ok
09:28:44.0469 0x1118  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:28:44.0478 0x1118  intelppm - ok
09:28:44.0481 0x1118  [ 5110BDC376983C85C36E1FAB868BD9B9, 97884A8493BBC35CA8BD8ED4A08E8191D6144E12F95B4B2707161CBD61F97C45 ] InvProtectDrv   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
09:28:44.0489 0x1118  InvProtectDrv - ok
09:28:44.0535 0x1118  [ 7E0635798816219A3B93F6D60EAC1803, 38FA226A88A199D650FA27325E32AC95AC91C9ACEF152C23F41E2FF39BF83837 ] InvProtectSvc   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
09:28:44.0594 0x1118  InvProtectSvc - ok
09:28:44.0602 0x1118  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:28:44.0632 0x1118  IPBusEnum - ok
09:28:44.0636 0x1118  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:28:44.0664 0x1118  IpFilterDriver - ok
09:28:44.0677 0x1118  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:28:44.0699 0x1118  iphlpsvc - ok
09:28:44.0704 0x1118  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:28:44.0713 0x1118  IPMIDRV - ok
09:28:44.0717 0x1118  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:28:44.0747 0x1118  IPNAT - ok
09:28:44.0750 0x1118  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:28:44.0762 0x1118  IRENUM - ok
09:28:44.0765 0x1118  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:28:44.0772 0x1118  isapnp - ok
09:28:44.0779 0x1118  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:28:44.0792 0x1118  iScsiPrt - ok
09:28:44.0795 0x1118  [ 83E5C169258459BC8D069C08106E6779, 1D5441EA2779CFC5A93A1372A7C34CD968A75D58A71107858468A1640721F47E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:28:44.0801 0x1118  iusb3hcs - ok
09:28:44.0811 0x1118  [ A858FEA618433EA053858F4C63A411EA, A194E8C07332847ABC09CC55ABB3D4AA9FEC29F053A3025FCAC7841AFE5F21F2 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:28:44.0824 0x1118  iusb3hub - ok
09:28:44.0840 0x1118  [ C77F6D488C5F4A7AB4357895BD6EC1FF, EED9B5A71E2C58E15482F36218815E9D9C091F9CEC43D1FD9E90BCAD6A8DB216 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:28:44.0862 0x1118  iusb3xhc - ok
09:28:44.0866 0x1118  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
09:28:44.0872 0x1118  iwdbus - ok
09:28:44.0878 0x1118  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:28:44.0887 0x1118  jhi_service - ok
09:28:44.0891 0x1118  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:28:44.0898 0x1118  kbdclass - ok
09:28:44.0901 0x1118  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:28:44.0910 0x1118  kbdhid - ok
09:28:44.0912 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] KeyIso          C:\Windows\system32\lsass.exe
09:28:44.0920 0x1118  KeyIso - ok
09:28:44.0925 0x1118  [ 1F4B52A496A43C65AB0F26169650FAF2, 6D6F3505997A7DDEE6F127B3FB537AFFDE687D4F34489679674DC12FB12B842C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:28:44.0933 0x1118  KSecDD - ok
09:28:44.0938 0x1118  [ E4A599EDFAAB66C2BC17FB1593DC129B, 13098694B649E9146214D320FB14C3D305FCA155438CB531A8BAA4A70231D1A7 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:28:44.0948 0x1118  KSecPkg - ok
09:28:44.0951 0x1118  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:28:44.0979 0x1118  ksthunk - ok
09:28:44.0988 0x1118  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:28:45.0023 0x1118  KtmRm - ok
09:28:45.0030 0x1118  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:28:45.0062 0x1118  LanmanServer - ok
09:28:45.0067 0x1118  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:28:45.0096 0x1118  LanmanWorkstation - ok
09:28:45.0101 0x1118  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:28:45.0130 0x1118  lltdio - ok
09:28:45.0139 0x1118  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:28:45.0173 0x1118  lltdsvc - ok
09:28:45.0176 0x1118  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:28:45.0204 0x1118  lmhosts - ok
09:28:45.0214 0x1118  [ 08E2B577DB95156F9A658C988EE71F5D, D229FFD97EE9478169D2418A722FD2AD6AD10108FF1B0156BE9A1ADF38B5633A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:28:45.0228 0x1118  LMS - ok
09:28:45.0234 0x1118  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:28:45.0243 0x1118  LSI_FC - ok
09:28:45.0247 0x1118  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:28:45.0256 0x1118  LSI_SAS - ok
09:28:45.0260 0x1118  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:28:45.0268 0x1118  LSI_SAS2 - ok
09:28:45.0273 0x1118  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:28:45.0282 0x1118  LSI_SCSI - ok
09:28:45.0286 0x1118  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:28:45.0316 0x1118  luafv - ok
09:28:45.0320 0x1118  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:28:45.0331 0x1118  Mcx2Svc - ok
09:28:45.0334 0x1118  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:28:45.0341 0x1118  megasas - ok
09:28:45.0349 0x1118  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:28:45.0361 0x1118  MegaSR - ok
09:28:45.0365 0x1118  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:28:45.0374 0x1118  MEIx64 - ok
09:28:45.0378 0x1118  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:28:45.0407 0x1118  MMCSS - ok
09:28:45.0410 0x1118  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:28:45.0438 0x1118  Modem - ok
09:28:45.0442 0x1118  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:28:45.0452 0x1118  monitor - ok
09:28:45.0455 0x1118  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:28:45.0463 0x1118  mouclass - ok
09:28:45.0466 0x1118  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:28:45.0475 0x1118  mouhid - ok
09:28:45.0479 0x1118  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:28:45.0487 0x1118  mountmgr - ok
09:28:45.0494 0x1118  [ 572BD5A99648652147A5D3C6DA946C99, FFDAD4A5682864977C926A5DDDB632CDB2A166BF025757801CC56F2828720023 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:28:45.0504 0x1118  MozillaMaintenance - ok
09:28:45.0513 0x1118  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:28:45.0528 0x1118  MpFilter - ok
09:28:45.0533 0x1118  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:28:45.0544 0x1118  mpio - ok
09:28:45.0548 0x1118  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:28:45.0576 0x1118  mpsdrv - ok
09:28:45.0593 0x1118  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:28:45.0636 0x1118  MpsSvc - ok
09:28:45.0643 0x1118  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:28:45.0656 0x1118  MRxDAV - ok
09:28:45.0662 0x1118  [ 25F918BB5D57C99FFEB0255143D0DF9A, E4BB656C3AEE19094B0F87828828DC73F248B45B30B678AA759DBAB3087399A2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:28:45.0683 0x1118  mrxsmb - ok
09:28:45.0691 0x1118  [ 8DF2B80510F438CFEC479181BD29C794, ECA5BC17D1DB92B887D468B0FF1D6302518DBD7C3607B14FA291ECDA204D5E85 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:28:45.0715 0x1118  mrxsmb10 - ok
09:28:45.0720 0x1118  [ F7622CFE3402A9BF10227BB124901E54, 3EE6BA42E712505AED9D3920163814719FAC591FB5CFF589E230C7005CB598AF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:28:45.0740 0x1118  mrxsmb20 - ok
09:28:45.0743 0x1118  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:28:45.0750 0x1118  msahci - ok
09:28:45.0755 0x1118  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:28:45.0764 0x1118  msdsm - ok
09:28:45.0769 0x1118  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:28:45.0780 0x1118  MSDTC - ok
09:28:45.0786 0x1118  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:28:45.0814 0x1118  Msfs - ok
09:28:45.0817 0x1118  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:28:45.0845 0x1118  mshidkmdf - ok
09:28:45.0847 0x1118  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:28:45.0854 0x1118  msisadrv - ok
09:28:45.0860 0x1118  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:28:45.0891 0x1118  MSiSCSI - ok
09:28:45.0894 0x1118  msiserver - ok
09:28:45.0897 0x1118  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:28:45.0926 0x1118  MSKSSRV - ok
09:28:45.0931 0x1118  [ 5542A0007C55C2470E15EFEBE8FB9843, AEEC32DD4F280EEC8D53C9E7BB6A2FE186FEA9CF9BAA3F6FF5DCBF4C03EC5AFE ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:28:45.0941 0x1118  MsMpSvc - ok
09:28:45.0944 0x1118  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:28:45.0973 0x1118  MSPCLOCK - ok
09:28:45.0975 0x1118  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:28:46.0003 0x1118  MSPQM - ok
09:28:46.0012 0x1118  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:28:46.0025 0x1118  MsRPC - ok
09:28:46.0030 0x1118  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:28:46.0037 0x1118  mssmbios - ok
09:28:46.0040 0x1118  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:28:46.0072 0x1118  MSTEE - ok
09:28:46.0075 0x1118  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:28:46.0084 0x1118  MTConfig - ok
09:28:46.0087 0x1118  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:28:46.0095 0x1118  Mup - ok
09:28:46.0102 0x1118  [ 1EE90E273094252917843D111E898C94, D0D7D155E3CA022BC1F718327165E44F954A40B96259DEE5266C48ADCC8B4556 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:28:46.0114 0x1118  MyWiFiDHCPDNS - ok
09:28:46.0125 0x1118  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:28:46.0163 0x1118  napagent - ok
09:28:46.0172 0x1118  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:28:46.0192 0x1118  NativeWifiP - ok
09:28:46.0212 0x1118  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:28:46.0239 0x1118  NDIS - ok
09:28:46.0243 0x1118  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:28:46.0271 0x1118  NdisCap - ok
09:28:46.0274 0x1118  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:28:46.0306 0x1118  NdisTapi - ok
09:28:46.0310 0x1118  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:28:46.0342 0x1118  Ndisuio - ok
09:28:46.0347 0x1118  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:28:46.0380 0x1118  NdisWan - ok
09:28:46.0383 0x1118  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:28:46.0413 0x1118  NDProxy - ok
09:28:46.0416 0x1118  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:28:46.0446 0x1118  NetBIOS - ok
09:28:46.0453 0x1118  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:28:46.0469 0x1118  NetBT - ok
09:28:46.0472 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] Netlogon        C:\Windows\system32\lsass.exe
09:28:46.0480 0x1118  Netlogon - ok
09:28:46.0489 0x1118  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:28:46.0525 0x1118  Netman - ok
09:28:46.0534 0x1118  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:46.0544 0x1118  NetMsmqActivator - ok
09:28:46.0549 0x1118  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:46.0558 0x1118  NetPipeActivator - ok
09:28:46.0569 0x1118  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:28:46.0606 0x1118  netprofm - ok
09:28:46.0611 0x1118  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:46.0620 0x1118  NetTcpActivator - ok
09:28:46.0624 0x1118  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:46.0633 0x1118  NetTcpPortSharing - ok
09:28:46.0639 0x1118  [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
09:28:46.0650 0x1118  netvsc - ok
09:28:46.0710 0x1118  [ C9D91D5E057D7A2C483DC838A7639C08, 405593E8195B61A05E83EDE85457D9BEFBBE332CC63C902B8548044429ED96D1 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
09:28:46.0785 0x1118  NETwNs64 - ok
09:28:46.0795 0x1118  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:28:46.0802 0x1118  nfrd960 - ok
09:28:46.0808 0x1118  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:28:46.0819 0x1118  NisDrv - ok
09:28:46.0827 0x1118  [ 3B38C9497141BFD6D587DD3709FA933E, AAA4AA80BE3741308F682226512D2C14017B5127675EC0BB1AD610BEF2711E24 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
09:28:46.0840 0x1118  NisSrv - ok
09:28:46.0849 0x1118  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:28:46.0867 0x1118  NlaSvc - ok
09:28:46.0871 0x1118  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:28:46.0899 0x1118  Npfs - ok
09:28:46.0902 0x1118  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:28:46.0930 0x1118  nsi - ok
09:28:46.0933 0x1118  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:28:46.0960 0x1118  nsiproxy - ok
09:28:46.0991 0x1118  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:28:47.0033 0x1118  Ntfs - ok
09:28:47.0037 0x1118  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:28:47.0066 0x1118  Null - ok
09:28:47.0071 0x1118  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:28:47.0081 0x1118  nvraid - ok
09:28:47.0087 0x1118  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:28:47.0097 0x1118  nvstor - ok
09:28:47.0101 0x1118  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:28:47.0111 0x1118  nv_agp - ok
09:28:47.0117 0x1118  [ 59E028ED21D8C9F26DC9A5A110A90A9B, 8C2E825C372E962564A15922C259B9B83F3D3D720AD7489A2B0DEFF577AF3C2E ] O2FJ2RDR        C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys
09:28:47.0140 0x1118  O2FJ2RDR - ok
09:28:47.0144 0x1118  [ BBD0246FB5DCFF52C0AACC27212DDC55, AE148A89F1EF88735635C395BB8FCDEF1E3F4039F4C4CEFB8ED6AC056EB06C8B ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
09:28:47.0156 0x1118  O2FLASH - ok
09:28:47.0161 0x1118  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:28:47.0170 0x1118  ohci1394 - ok
09:28:47.0174 0x1118  [ 8314FBE6FDD8FB682346E7E8C1CEA722, 6A351BDA75CF4D6C539D59FB59D00E4EF779739E3CAE7433A26E9DB4907623E8 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
09:28:47.0182 0x1118  OpenVPNService - ok
09:28:47.0187 0x1118  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:28:47.0196 0x1118  ose - ok
09:28:47.0281 0x1118  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:28:47.0396 0x1118  osppsvc - ok
09:28:47.0410 0x1118  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:28:47.0428 0x1118  p2pimsvc - ok
09:28:47.0439 0x1118  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:28:47.0455 0x1118  p2psvc - ok
09:28:47.0460 0x1118  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:28:47.0470 0x1118  Parport - ok
09:28:47.0474 0x1118  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:28:47.0482 0x1118  partmgr - ok
09:28:47.0488 0x1118  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:28:47.0503 0x1118  PcaSvc - ok
09:28:47.0509 0x1118  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:28:47.0519 0x1118  pci - ok
09:28:47.0522 0x1118  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:28:47.0529 0x1118  pciide - ok
09:28:47.0535 0x1118  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:28:47.0546 0x1118  pcmcia - ok
09:28:47.0550 0x1118  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:28:47.0557 0x1118  pcw - ok
09:28:47.0572 0x1118  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:28:47.0593 0x1118  PEAUTH - ok
09:28:47.0619 0x1118  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:28:47.0658 0x1118  PeerDistSvc - ok
09:28:47.0677 0x1118  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:28:47.0686 0x1118  PerfHost - ok
09:28:47.0716 0x1118  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:28:47.0771 0x1118  pla - ok
09:28:47.0782 0x1118  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:28:47.0801 0x1118  PlugPlay - ok
09:28:47.0804 0x1118  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:28:47.0813 0x1118  PNRPAutoReg - ok
09:28:47.0822 0x1118  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:28:47.0835 0x1118  PNRPsvc - ok
09:28:47.0847 0x1118  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:28:47.0868 0x1118  PolicyAgent - ok
09:28:47.0874 0x1118  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
09:28:47.0890 0x1118  Power - ok
09:28:47.0895 0x1118  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:28:47.0924 0x1118  PptpMiniport - ok
09:28:47.0928 0x1118  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:28:47.0937 0x1118  Processor - ok
09:28:47.0943 0x1118  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:28:47.0958 0x1118  ProfSvc - ok
09:28:47.0962 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] ProtectedStorage C:\Windows\system32\lsass.exe
09:28:47.0970 0x1118  ProtectedStorage - ok
09:28:47.0974 0x1118  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:28:48.0002 0x1118  Psched - ok
09:28:48.0030 0x1118  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:28:48.0068 0x1118  ql2300 - ok
09:28:48.0074 0x1118  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:28:48.0083 0x1118  ql40xx - ok
09:28:48.0090 0x1118  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:28:48.0107 0x1118  QWAVE - ok
09:28:48.0111 0x1118  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:28:48.0124 0x1118  QWAVEdrv - ok
09:28:48.0127 0x1118  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:28:48.0155 0x1118  RasAcd - ok
09:28:48.0159 0x1118  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:28:48.0187 0x1118  RasAgileVpn - ok
09:28:48.0192 0x1118  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:28:48.0221 0x1118  RasAuto - ok
09:28:48.0226 0x1118  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:28:48.0255 0x1118  Rasl2tp - ok
09:28:48.0263 0x1118  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:28:48.0297 0x1118  RasMan - ok
09:28:48.0301 0x1118  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:28:48.0330 0x1118  RasPppoe - ok
09:28:48.0334 0x1118  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:28:48.0362 0x1118  RasSstp - ok
09:28:48.0370 0x1118  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:28:48.0403 0x1118  rdbss - ok
09:28:48.0406 0x1118  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:28:48.0417 0x1118  rdpbus - ok
09:28:48.0419 0x1118  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:28:48.0447 0x1118  RDPCDD - ok
09:28:48.0453 0x1118  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:28:48.0468 0x1118  RDPDR - ok
09:28:48.0470 0x1118  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:28:48.0498 0x1118  RDPENCDD - ok
09:28:48.0501 0x1118  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:28:48.0529 0x1118  RDPREFMP - ok
09:28:48.0535 0x1118  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:28:48.0551 0x1118  RDPWD - ok
09:28:48.0557 0x1118  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:28:48.0568 0x1118  rdyboost - ok
09:28:48.0573 0x1118  [ 37F021CF7D670D305C1687781173069E, 286D6D04B0A9C4399086BE8DDA5126CDE462EE3B9F5B40A65CD9CD2B7C160886 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:28:48.0582 0x1118  RegSrvc - ok
09:28:48.0586 0x1118  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:28:48.0617 0x1118  RemoteAccess - ok
09:28:48.0622 0x1118  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:28:48.0653 0x1118  RemoteRegistry - ok
09:28:48.0659 0x1118  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:28:48.0673 0x1118  RFCOMM - ok
09:28:48.0677 0x1118  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:28:48.0705 0x1118  RpcEptMapper - ok
09:28:48.0708 0x1118  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:28:48.0717 0x1118  RpcLocator - ok
09:28:48.0728 0x1118  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
09:28:48.0745 0x1118  RpcSs - ok
09:28:48.0749 0x1118  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:28:48.0777 0x1118  rspndr - ok
09:28:48.0786 0x1118  [ FC179CDBDC350D4FDD739983D42D0F08, 1C2A52E9A54C7311C5C088A27B2E3B9D3166DB1BECB7ED6818F35F1F14825423 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
09:28:48.0797 0x1118  RtkAudioService - ok
09:28:48.0800 0x1118  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:28:48.0807 0x1118  s3cap - ok
09:28:48.0810 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] SamSs           C:\Windows\system32\lsass.exe
09:28:48.0818 0x1118  SamSs - ok
09:28:48.0824 0x1118  [ 0629F45DA94F25F60714B230A88DF12B, C7D36F5EC4D5B65FA9E25235CD1CCAFA9305450F40A065675415A91B69FD5033 ] SboxDrv         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
09:28:48.0833 0x1118  SboxDrv - ok
09:28:48.0838 0x1118  [ FAEA5793F326F93F970D21DD41543C0C, 6C4E5D09FDA0CE6AFEFD268D2F22F4B801A10EF46942EA7EF4AA30AD56B9DDF8 ] SboxSvc         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
09:28:48.0848 0x1118  SboxSvc - ok
09:28:48.0852 0x1118  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:28:48.0861 0x1118  sbp2port - ok
09:28:48.0867 0x1118  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:28:48.0899 0x1118  SCardSvr - ok
09:28:48.0902 0x1118  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:28:48.0929 0x1118  scfilter - ok
09:28:48.0950 0x1118  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
09:28:48.0984 0x1118  Schedule - ok
09:28:48.0989 0x1118  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:28:49.0015 0x1118  SCPolicySvc - ok
09:28:49.0020 0x1118  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
09:28:49.0032 0x1118  sdbus - ok
09:28:49.0038 0x1118  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:28:49.0053 0x1118  SDRSVC - ok
09:28:49.0056 0x1118  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:28:49.0068 0x1118  secdrv - ok
09:28:49.0071 0x1118  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
09:28:49.0083 0x1118  seclogon - ok
09:28:49.0087 0x1118  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:28:49.0117 0x1118  SENS - ok
09:28:49.0120 0x1118  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:28:49.0132 0x1118  SensrSvc - ok
09:28:49.0135 0x1118  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:28:49.0144 0x1118  Serenum - ok
09:28:49.0148 0x1118  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:28:49.0158 0x1118  Serial - ok
09:28:49.0162 0x1118  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:28:49.0171 0x1118  sermouse - ok
09:28:49.0180 0x1118  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:28:49.0211 0x1118  SessionEnv - ok
09:28:49.0214 0x1118  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:28:49.0225 0x1118  sffdisk - ok
09:28:49.0229 0x1118  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:28:49.0239 0x1118  sffp_mmc - ok
09:28:49.0243 0x1118  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:28:49.0255 0x1118  sffp_sd - ok
09:28:49.0258 0x1118  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:28:49.0267 0x1118  sfloppy - ok
09:28:49.0306 0x1118  [ B9C662D8A5DEC62F37EFC0ADD4A1E14C, EAC25DCFC8ED24AA4B8C90DAAF9BF517C4728AD4B1D849EC4F96C33AE1283C30 ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
09:28:49.0343 0x1118  SftService - ok
09:28:49.0356 0x1118  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:28:49.0413 0x1118  SharedAccess - ok
09:28:49.0423 0x1118  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:28:49.0459 0x1118  ShellHWDetection - ok
09:28:49.0463 0x1118  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:28:49.0470 0x1118  SiSRaid2 - ok
09:28:49.0475 0x1118  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:28:49.0484 0x1118  SiSRaid4 - ok
09:28:49.0493 0x1118  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:28:49.0508 0x1118  SkypeUpdate - ok
09:28:49.0513 0x1118  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:28:49.0543 0x1118  Smb - ok
09:28:49.0557 0x1118  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:28:49.0570 0x1118  SNMPTRAP - ok
09:28:49.0574 0x1118  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:28:49.0581 0x1118  spldr - ok
09:28:49.0594 0x1118  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:28:49.0618 0x1118  Spooler - ok
09:28:49.0681 0x1118  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:28:49.0782 0x1118  sppsvc - ok
09:28:49.0789 0x1118  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:28:49.0822 0x1118  sppuinotify - ok
09:28:49.0833 0x1118  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:28:49.0853 0x1118  srv - ok
09:28:49.0863 0x1118  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:28:49.0880 0x1118  srv2 - ok
09:28:49.0886 0x1118  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:28:49.0897 0x1118  srvnet - ok
09:28:49.0904 0x1118  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:28:49.0939 0x1118  SSDPSRV - ok
09:28:49.0943 0x1118  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:28:49.0987 0x1118  SstpSvc - ok
09:28:49.0990 0x1118  [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
09:28:49.0999 0x1118  stdcfltn - ok
09:28:50.0006 0x1118  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:28:50.0016 0x1118  stexstor - ok
09:28:50.0032 0x1118  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:28:50.0070 0x1118  stisvc - ok
09:28:50.0074 0x1118  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
09:28:50.0099 0x1118  StorSvc - ok
09:28:50.0106 0x1118  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:28:50.0117 0x1118  storvsc - ok
09:28:50.0144 0x1118  [ AB1C3402A04C4594D9A778574E87C4B2, 46D20F5432B9A8ED5FAEDC75838AD86548585C1BA86E160AB9C5F893FB11815C ] ST_ACCEL        C:\Windows\system32\DRIVERS\ST_Accel.sys
09:28:50.0161 0x1118  ST_ACCEL - ok
09:28:50.0168 0x1118  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:28:50.0180 0x1118  swenum - ok
09:28:50.0198 0x1118  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:28:50.0253 0x1118  swprv - ok
09:28:50.0257 0x1118  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
09:28:50.0269 0x1118  SynthVid - ok
09:28:50.0305 0x1118  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
09:28:50.0353 0x1118  SysMain - ok
09:28:50.0359 0x1118  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:28:50.0374 0x1118  TabletInputService - ok
09:28:50.0378 0x1118  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
09:28:50.0391 0x1118  tap0901 - ok
09:28:50.0399 0x1118  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:28:50.0434 0x1118  TapiSrv - ok
09:28:50.0468 0x1118  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:28:50.0513 0x1118  Tcpip - ok
09:28:50.0550 0x1118  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:28:50.0591 0x1118  TCPIP6 - ok
09:28:50.0600 0x1118  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:28:50.0612 0x1118  tcpipreg - ok
09:28:50.0616 0x1118  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:28:50.0629 0x1118  TDPIPE - ok
09:28:50.0632 0x1118  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:28:50.0641 0x1118  TDTCP - ok
09:28:50.0647 0x1118  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:28:50.0658 0x1118  tdx - ok
09:28:50.0664 0x1118  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:28:50.0672 0x1118  TermDD - ok
09:28:50.0691 0x1118  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
09:28:50.0715 0x1118  TermService - ok
09:28:50.0720 0x1118  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:28:50.0734 0x1118  Themes - ok
09:28:50.0738 0x1118  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:28:50.0766 0x1118  THREADORDER - ok
09:28:50.0773 0x1118  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:28:50.0807 0x1118  TrkWks - ok
09:28:50.0813 0x1118  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:28:50.0845 0x1118  TrustedInstaller - ok
09:28:50.0849 0x1118  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:28:50.0858 0x1118  tssecsrv - ok
09:28:50.0862 0x1118  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:28:50.0875 0x1118  TsUsbFlt - ok
09:28:50.0878 0x1118  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:28:50.0886 0x1118  TsUsbGD - ok
09:28:50.0891 0x1118  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:28:50.0920 0x1118  tunnel - ok
09:28:50.0923 0x1118  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:28:50.0931 0x1118  uagp35 - ok
09:28:50.0940 0x1118  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:28:50.0973 0x1118  udfs - ok
09:28:50.0979 0x1118  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:28:50.0989 0x1118  UI0Detect - ok
09:28:50.0992 0x1118  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:28:51.0001 0x1118  uliagpkx - ok
09:28:51.0004 0x1118  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:28:51.0013 0x1118  umbus - ok
09:28:51.0016 0x1118  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:28:51.0024 0x1118  UmPass - ok
09:28:51.0030 0x1118  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:28:51.0042 0x1118  UmRdpService - ok
09:28:51.0052 0x1118  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:28:51.0086 0x1118  upnphost - ok
09:28:51.0093 0x1118  [ 73E350C9099837826A08792D3E96E189, D4C07C70E8140FFCB5F98EF377B7851D8CA01E1C2FAE9852FF3286E8C8337180 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
09:28:51.0103 0x1118  usb3Hub - ok
09:28:51.0107 0x1118  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:28:51.0121 0x1118  usbccgp - ok
09:28:51.0125 0x1118  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:28:51.0138 0x1118  usbcir - ok
09:28:51.0142 0x1118  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:28:51.0154 0x1118  usbehci - ok
09:28:51.0163 0x1118  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
09:28:51.0177 0x1118  usbhub - ok
09:28:51.0180 0x1118  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:28:51.0187 0x1118  usbohci - ok
09:28:51.0191 0x1118  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:28:51.0202 0x1118  usbprint - ok
09:28:51.0205 0x1118  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:28:51.0217 0x1118  usbscan - ok
09:28:51.0221 0x1118  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:28:51.0234 0x1118  USBSTOR - ok
09:28:51.0237 0x1118  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:28:51.0244 0x1118  usbuhci - ok
09:28:51.0251 0x1118  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:28:51.0265 0x1118  usbvideo - ok
09:28:51.0269 0x1118  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:28:51.0299 0x1118  UxSms - ok
09:28:51.0302 0x1118  [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] VaultSvc        C:\Windows\system32\lsass.exe
09:28:51.0309 0x1118  VaultSvc - ok
09:28:51.0313 0x1118  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:28:51.0320 0x1118  vdrvroot - ok
09:28:51.0332 0x1118  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:28:51.0369 0x1118  vds - ok
09:28:51.0373 0x1118  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:28:51.0383 0x1118  vga - ok
09:28:51.0386 0x1118  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:28:51.0414 0x1118  VgaSave - ok
09:28:51.0420 0x1118  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:28:51.0431 0x1118  vhdmp - ok
09:28:51.0434 0x1118  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:28:51.0441 0x1118  viaide - ok
09:28:51.0443 0x1118  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:28:51.0452 0x1118  VMBusHID - ok
09:28:51.0455 0x1118  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:28:51.0463 0x1118  volmgr - ok
09:28:51.0472 0x1118  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:28:51.0488 0x1118  volmgrx - ok
09:28:51.0496 0x1118  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:28:51.0512 0x1118  volsnap - ok
09:28:51.0523 0x1118  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:28:51.0538 0x1118  vsmraid - ok
09:28:51.0573 0x1118  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:28:51.0649 0x1118  VSS - ok
09:28:51.0670 0x1118  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:28:51.0684 0x1118  vwifibus - ok
09:28:51.0690 0x1118  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:28:51.0706 0x1118  vwififlt - ok
09:28:51.0709 0x1118  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:28:51.0725 0x1118  vwifimp - ok
09:28:51.0736 0x1118  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:28:51.0784 0x1118  W32Time - ok
09:28:51.0791 0x1118  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:28:51.0802 0x1118  WacomPen - ok
09:28:51.0808 0x1118  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:28:51.0845 0x1118  WANARP - ok
09:28:51.0855 0x1118  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:28:51.0889 0x1118  Wanarpv6 - ok
09:28:51.0920 0x1118  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:28:51.0957 0x1118  WatAdminSvc - ok
09:28:51.0991 0x1118  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:28:52.0044 0x1118  wbengine - ok
09:28:52.0057 0x1118  [ 4E4F71F764114A6047D632D3232306D3, 7825BC02854437637E9B19A53D03764FAB651F23B6BCF0A0AB50AAB232876E47 ] wbfcvusbdrv     C:\Windows\system32\Drivers\wbfcvusbdrv.sys
09:28:52.0087 0x1118  wbfcvusbdrv - ok
09:28:52.0094 0x1118  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:28:52.0112 0x1118  WbioSrvc - ok
09:28:52.0121 0x1118  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:28:52.0141 0x1118  wcncsvc - ok
09:28:52.0144 0x1118  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:28:52.0157 0x1118  WcsPlugInService - ok
09:28:52.0160 0x1118  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:28:52.0168 0x1118  Wd - ok
09:28:52.0183 0x1118  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:28:52.0207 0x1118  Wdf01000 - ok
09:28:52.0212 0x1118  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:28:52.0225 0x1118  WdiServiceHost - ok
09:28:52.0228 0x1118  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:28:52.0238 0x1118  WdiSystemHost - ok
09:28:52.0246 0x1118  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
09:28:52.0259 0x1118  WebClient - ok
09:28:52.0267 0x1118  [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:28:52.0283 0x1118  Wecsvc - ok
09:28:52.0288 0x1118  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:28:52.0318 0x1118  wercplsupport - ok
09:28:52.0323 0x1118  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:28:52.0353 0x1118  WerSvc - ok
09:28:52.0356 0x1118  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:28:52.0384 0x1118  WfpLwf - ok
09:28:52.0389 0x1118  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:28:52.0396 0x1118  WIMMount - ok
09:28:52.0398 0x1118  WinDefend - ok
09:28:52.0403 0x1118  WinHttpAutoProxySvc - ok
09:28:52.0413 0x1118  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:28:52.0445 0x1118  Winmgmt - ok
09:28:52.0481 0x1118  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:28:52.0533 0x1118  WinRM - ok
09:28:52.0542 0x1118  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
09:28:52.0553 0x1118  WinUsb - ok
09:28:52.0571 0x1118  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:28:52.0601 0x1118  Wlansvc - ok
09:28:52.0605 0x1118  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:28:52.0613 0x1118  WmiAcpi - ok
09:28:52.0620 0x1118  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:28:52.0633 0x1118  wmiApSrv - ok
09:28:52.0636 0x1118  WMPNetworkSvc - ok
09:28:52.0639 0x1118  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:28:52.0652 0x1118  WPCSvc - ok
09:28:52.0656 0x1118  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:28:52.0673 0x1118  WPDBusEnum - ok
09:28:52.0676 0x1118  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:28:52.0704 0x1118  ws2ifsl - ok
09:28:52.0708 0x1118  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:28:52.0723 0x1118  wscsvc - ok
09:28:52.0726 0x1118  WSearch - ok
09:28:52.0774 0x1118  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:28:52.0837 0x1118  wuauserv - ok
09:28:52.0844 0x1118  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:28:52.0856 0x1118  WudfPf - ok
09:28:52.0864 0x1118  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:28:52.0875 0x1118  WUDFRd - ok
09:28:52.0880 0x1118  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:28:52.0890 0x1118  wudfsvc - ok
09:28:52.0897 0x1118  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:28:52.0913 0x1118  WwanSvc - ok
09:28:52.0982 0x1118  [ 8D809F4ECFE9E80723C49B427854068A, 4186B6C56BA70106A95D28371360C780F55FECA1A1C61966F091A07A390BA189 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
09:28:53.0059 0x1118  ZeroConfigService - ok
09:28:53.0073 0x1118  ================ Scan global ===============================
09:28:53.0076 0x1118  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:28:53.0084 0x1118  [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
09:28:53.0094 0x1118  [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
09:28:53.0100 0x1118  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:28:53.0109 0x1118  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:28:53.0116 0x1118  [ Global ] - ok
09:28:53.0116 0x1118  ================ Scan MBR ==================================
09:28:53.0118 0x1118  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:28:53.0175 0x1118  \Device\Harddisk0\DR0 - ok
09:28:53.0180 0x1118  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
09:28:53.0593 0x1118  \Device\Harddisk1\DR1 - ok
09:28:54.0089 0x1118  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
09:28:54.0194 0x1118  \Device\Harddisk2\DR2 - ok
09:28:54.0202 0x1118  [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk3\DR3
09:28:54.0592 0x1118  \Device\Harddisk3\DR3 - ok
09:28:54.0592 0x1118  ================ Scan VBR ==================================
09:28:54.0594 0x1118  [ EF57B8308981746C7A13D117F73A5D64 ] \Device\Harddisk0\DR0\Partition1
09:28:54.0595 0x1118  \Device\Harddisk0\DR0\Partition1 - ok
09:28:54.0597 0x1118  [ 143EC6690014E36C7931F95F2480B715 ] \Device\Harddisk0\DR0\Partition2
09:28:54.0598 0x1118  \Device\Harddisk0\DR0\Partition2 - ok
09:28:54.0604 0x1118  [ 293DD55F8C9D4ADD859DBD9F83F166CF ] \Device\Harddisk1\DR1\Partition1
09:28:54.0608 0x1118  \Device\Harddisk1\DR1\Partition1 - ok
09:28:54.0611 0x1118  [ BDB7D135ABD1484193C68AF0F7129BFC ] \Device\Harddisk2\DR2\Partition1
09:28:54.0612 0x1118  \Device\Harddisk2\DR2\Partition1 - ok
09:28:54.0614 0x1118  [ F0E7D2099E64663AA327C795B77E7C57 ] \Device\Harddisk3\DR3\Partition1
09:28:54.0616 0x1118  \Device\Harddisk3\DR3\Partition1 - ok
09:28:54.0618 0x1118  ================ Scan generic autorun ======================
09:28:54.0637 0x1118  [ FAF64638A42A32B449E7EB474064731A, 40462B51B3CAE21E5650525F90BAB5FCB6C1B44EA4C2DBB8AA0991A0F2EE7837 ] C:\Program Files\DellTPad\Apoint.exe
09:28:54.0661 0x1118  Apoint - ok
09:28:54.0792 0x1118  [ 83BF5129DC2A305C85A26340ECB91725, F2BD435B452AF76FC7B977F3E3FDF45FC3A9B2DABB974908EEE8321A3002D6CF ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
09:28:54.0939 0x1118  RtHDVCpl - ok
09:28:54.0971 0x1118  [ EC7059FE43C74A6281ECC08253B6D5DB, AE14E00733C0AC394457BFCD4A5ECD884286038BE2C7AAE34E3D32F3F992F29F ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
09:28:55.0001 0x1118  RtHDVBg - ok
09:28:55.0011 0x1118  [ FEAD27FF63A67513FF3780CED52166EA, 00256F92A107B7F7C391C518E0E2704A4250E41B3C3424C1DC4D36E3E98ECC11 ] C:\Windows\system32\igfxtray.exe
09:28:55.0023 0x1118  IgfxTray - ok
09:28:55.0039 0x1118  [ 5D3F714A254E7A7AF2A96DB739A0A430, 277A93E97771B6D091F3B3AD6D384E97A1BD0E31AC2A51A1BB2CD0C8C087B343 ] C:\Windows\system32\hkcmd.exe
09:28:55.0058 0x1118  HotKeysCmds - ok
09:28:55.0074 0x1118  [ 1AA3227DC32145F6D468B6177C6CA2DA, 67DD3AF86942C8ACE0383DE6CCC279743C02E38740E6A6F65224C37899A0874C ] C:\Windows\system32\igfxpers.exe
09:28:55.0093 0x1118  Persistence - ok
09:28:55.0176 0x1118  [ 86ABD61318AA20217A75F67023C5AAE5, ED188D96319B652E0EA57BBBCDD8FA29621329F0E0EA24F3B31FC27FFA58198E ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
09:28:55.0268 0x1118  IntelPROSet - ok
09:28:55.0274 0x1118  BTMTrayAgent - ok
09:28:55.0279 0x1118  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
09:28:55.0282 0x1118  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
09:28:55.0346 0x1118  Detect skipped due to KSN trusted
09:28:55.0346 0x1118  IAStorIcon - ok
09:28:55.0397 0x1118  [ CA1F405184147B24A1ABCA76A19A7575, 1574009F10A0B3DBF7CB91A2467D02C0E6200C94C03E2C5B3642E5DACF6343EC ] C:\Program Files\Microsoft Security Client\msseces.exe
09:28:55.0430 0x1118  MSC - ok
09:28:55.0438 0x1118  [ 5956CEBC6E2DF8BB255DE08901533985, 3F9362485F64FC50429297CA339ED5964FF0889B855307E2A944A08818434CE3 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:28:55.0448 0x1118  USB3MON - ok
09:28:55.0460 0x1118  [ BC47ABD9F73C6D6A1DEFFF21A815DFF6, C9EC15D1BD40E852CF61B089820DC4F6DFDC8AF1FA8434D2E7712ADCD7B9AB00 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
09:28:55.0472 0x1118  Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
09:28:55.0544 0x1118  Detect skipped due to KSN trusted
09:28:55.0544 0x1118  Dell Webcam Central - ok
09:28:55.0600 0x1118  [ 4EAF6F8F0B3BE33A0E3877EB7FFD48D4, CD89A31004E3E5A3253554CABF70B89D4F2FCBC40161FFA9E633CD85261A2769 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:28:55.0624 0x1118  Adobe ARM - ok
09:28:55.0649 0x1118  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:28:55.0685 0x1118  Sidebar - ok
09:28:55.0690 0x1118  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:28:55.0704 0x1118  mctadmin - ok
09:28:55.0727 0x1118  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:28:55.0755 0x1118  Sidebar - ok
09:28:55.0760 0x1118  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:28:55.0773 0x1118  mctadmin - ok
09:28:55.0813 0x1118  [ 0B457726FB6CFE21A3777B146490E662, 76BA33337FF69A2E6F4217D7C630235348E6819085EBE4E7F3210534AF7E4F08 ] C:\Program Files (x86)\ownCloud\owncloud.exe
09:28:55.0858 0x1118  ownCloud - detected UnsignedFile.Multi.Generic ( 1 )
09:28:55.0923 0x1118  Detect skipped due to KSN trusted
09:28:55.0923 0x1118  ownCloud - ok
09:28:55.0986 0x1118  [ 11B4662A4DD118132E2648837920AF86, 7643E9CF00C0393ED4A1D294DABA84DCEB6BE696E5B520D413284BAB16CE1CD5 ] C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe
09:28:56.0018 0x1118  Spotify Web Helper - ok
09:28:56.0141 0x1118  [ 6F8EDF5A5D23AD1F4FC168047C80ECE4, CAA605301395B70E724688515936A6C84F90D18EFFBF21CEDD336268AACA8D02 ] C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe
09:28:56.0287 0x1118  Spotify - ok
09:28:56.0454 0x1118  [ A70E699E0B0DD9C2B3B35E9A8167F903, 6CC7AFFEED646AA9C46C709C8B36751CA9EBCDDC70438ECE1D1328E6C1A02421 ] C:\Program Files\CCleaner\CCleaner64.exe
09:28:56.0625 0x1118  CCleaner Monitoring - ok
09:28:56.0633 0x1118  Waiting for KSN requests completion. In queue: 136
09:28:57.0664 0x1118  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.205.0 ), 0x61000 ( enabled : updated )
09:28:57.0670 0x1118  Win FW state via NFP2: enabled ( trusted )
09:28:57.0793 0x1118  ============================================================
09:28:57.0793 0x1118  Scan finished
09:28:57.0793 0x1118  ============================================================
09:28:57.0810 0x1a74  Detected object count: 0
09:28:57.0810 0x1a74  Actual detected object count: 0
Da ist es!

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.11.14.04
  rootkit: v2016.10.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18524
Philipp :: PHILIPP-PC [administrator]

14.11.2016 09:16:36
mbar-log-2016-11-14 (09-16-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 292111
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Alt 14.11.2016, 09:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


ja so isses richtig

Malware wurde da nicht gefunden

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
--> Windows 7: Trojaner WIN32 Dynamer!ac

Alt 14.11.2016, 09:56   #7
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Hier die Logdateien:

Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 14/11/2016 um 09:51:13
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-13.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Desktop\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1470 Bytes] - [13/11/2016 22:28:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [1658 Bytes] - [13/11/2016 22:27:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1360 Bytes] - [14/11/2016 09:51:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1433 Bytes] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by Philipp (Administrator) on 14.11.2016 at  9:53:16,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 41 

Failed to delete: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\extensions\bingsearch.full@microsoft.com\search.xml (File) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11REPE15 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBQLT88 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8ZGPBW0 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWJXHE2E (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZA7AYYT (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YETI100R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SX1C8NG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UCDI782 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PWG3289 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX52F2RT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIKLEQRZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ051Y0O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOBHM6GB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKE9AVCS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK49ISSB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNR2F8VX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11REPE15 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SX1C8NG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UCDI782 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBQLT88 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PWG3289 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX52F2RT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8ZGPBW0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIKLEQRZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ051Y0O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWJXHE2E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOBHM6GB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKE9AVCS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZA7AYYT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK49ISSB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNR2F8VX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YETI100R (Temporary Internet Files Folder) 



Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{58D579D1-596D-4A75-87EB-351FD15E9A64} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2016 at  9:54:09,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 14.11.2016, 09:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2016, 10:05   #9
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
durchgeführt von Philipp (Administrator) auf PHILIPP-PC (14-11-2016 10:03:11)
Gestartet von C:\Users\Philipp\Downloads
Geladene Profile: Philipp (Verfügbare Profile: Philipp)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637720 2014-09-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-30] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2026510 2016-09-27] (ownCloud)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [Spotify Web Helper] => C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Run: [Spotify] => C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\MountPoints2: {8a9a3ba9-d239-11e5-9e69-34e6d7384f97} - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-11-09]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-10-30]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{0E94286B-C5AF-4EB2-8F30-F7FFDBDA0788}: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{7A121BC6-62AF-4DB0-8D7B-28FD13853819}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-636208486-627765941-1348474775-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-636208486-627765941-1348474775-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-636208486-627765941-1348474775-1001 -> DefaultScope {58D579D1-596D-4A75-87EB-351FD15E9A64} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 19vpdgjx.Standard-Benutzer
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default [2016-11-14]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\f4u8sz6l.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\f4u8sz6l.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\f4u8sz6l.default -> hxxp://enerion.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\f4u8sz6l.default -> hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Extension: (Bing Search Engine) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\bingsearch.full@microsoft.com [2016-11-13] [ist nicht signiert]
FF Extension: (Firefox Hotfix) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\f4u8sz6l.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2016-10-17]
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\19vpdgjx.Standard-Benutzer [2016-11-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-03-10] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{DC4CD23A-A05A-479C-82C0-C461F39F9AE8}

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-03] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-16] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2013-10-11] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-14 09:54 - 2016-11-14 09:54 - 00007695 _____ C:\Users\Philipp\Desktop\JRT.txt
2016-11-14 09:52 - 2016-11-14 09:52 - 01631928 _____ (Malwarebytes) C:\Users\Philipp\Desktop\JRT.exe
2016-11-14 09:45 - 2016-11-14 09:45 - 03910208 _____ C:\Users\Philipp\Desktop\AdwCleaner_6.030.exe
2016-11-14 09:27 - 2016-11-14 09:37 - 00226436 _____ C:\TDSSKiller.3.1.0.12_14.11.2016_09.27.41_log.txt
2016-11-14 09:27 - 2016-11-14 09:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Philipp\Desktop\tdsskiller.exe
2016-11-14 09:16 - 2016-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-14 09:16 - 2016-11-14 09:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-14 09:16 - 2016-11-14 09:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-14 09:15 - 2016-11-14 09:26 - 00000000 ____D C:\Users\Philipp\Desktop\mbar
2016-11-14 09:15 - 2016-11-14 09:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Philipp\Downloads\mbar-1.09.3.1001.exe
2016-11-14 09:15 - 2016-11-14 09:15 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 22:27 - 2016-11-14 09:51 - 00000000 ____D C:\AdwCleaner
2016-11-13 22:01 - 2016-11-13 22:01 - 00000282 _____ C:\Users\Philipp\Desktop\Windows 7 Trojaner WIN32 Dynamer!ac.URL
2016-11-13 21:37 - 2016-11-13 21:37 - 00032714 _____ C:\Users\Philipp\Downloads\Addition.txt
2016-11-13 21:36 - 2016-11-14 10:03 - 00019779 _____ C:\Users\Philipp\Downloads\FRST.txt
2016-11-13 21:36 - 2016-11-14 10:03 - 00000000 ____D C:\FRST
2016-11-13 21:36 - 2016-11-13 21:36 - 02411520 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2016-11-13 21:24 - 2016-11-13 21:24 - 08270712 _____ (Piriform Ltd) C:\Users\Philipp\Downloads\ccsetup523.exe
2016-11-13 21:12 - 2016-11-13 21:12 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Philipp\Downloads\flashplayer23axau_ha_install.exe
2016-11-13 20:13 - 2016-11-14 09:15 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Spotify
2016-11-13 20:13 - 2016-11-14 09:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\Spotify
2016-11-13 20:13 - 2016-11-13 20:13 - 00353488 _____ (Spotify Ltd) C:\Users\Philipp\Downloads\SpotifySetup(1).exe
2016-11-13 20:13 - 2016-11-13 20:13 - 00001807 _____ C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-11-13 20:02 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-13 20:02 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-13 20:01 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-13 20:01 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-13 20:01 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-13 20:01 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-13 20:01 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-13 20:01 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-13 20:01 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-13 20:01 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-13 20:01 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-13 20:01 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-13 20:01 - 2016-10-28 04:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-13 20:01 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-13 20:01 - 2016-10-27 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-13 20:01 - 2016-10-27 20:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-13 20:01 - 2016-10-27 19:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-13 20:01 - 2016-10-27 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-13 20:01 - 2016-10-27 19:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-13 20:01 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-13 20:01 - 2016-10-27 19:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-13 20:01 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-13 20:01 - 2016-10-27 19:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-13 20:01 - 2016-10-27 19:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-13 20:01 - 2016-10-27 19:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-13 20:01 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-13 20:01 - 2016-10-27 19:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-13 20:01 - 2016-10-27 19:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-13 20:01 - 2016-10-27 19:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-13 20:01 - 2016-10-27 19:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-13 20:01 - 2016-10-27 19:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-13 20:01 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-13 20:01 - 2016-10-27 19:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-13 20:01 - 2016-10-27 19:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-13 20:01 - 2016-10-27 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-13 20:01 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-13 20:01 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-13 20:01 - 2016-10-27 19:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-13 20:01 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-13 20:01 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-13 20:01 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-13 20:01 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-13 20:01 - 2016-10-27 18:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-13 20:01 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-13 20:01 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-13 20:01 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-13 20:01 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-13 20:01 - 2016-10-25 16:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-13 20:01 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-13 20:01 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-13 20:01 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-13 20:01 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-13 20:01 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-13 20:01 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-13 20:01 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-13 20:01 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-13 20:01 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-13 20:01 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-13 20:01 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-13 20:01 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-13 20:01 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-13 20:01 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-13 20:01 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-13 20:01 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-13 20:01 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-13 20:01 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-13 20:01 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-13 20:01 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-13 20:01 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-13 20:01 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-13 20:01 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-13 20:01 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-13 20:01 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-13 20:01 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-13 20:01 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-13 20:01 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-13 20:01 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-13 20:01 - 2016-10-15 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-13 20:01 - 2016-10-15 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-13 20:01 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-13 20:01 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-13 20:01 - 2016-10-11 16:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-13 20:01 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-13 20:01 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-13 20:01 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-13 20:01 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-13 20:01 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-13 20:01 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-13 20:01 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-13 20:01 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-13 20:01 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-13 20:01 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-13 20:01 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-13 20:01 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-13 20:01 - 2016-10-11 14:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-13 20:01 - 2016-10-10 16:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-13 20:01 - 2016-10-10 16:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-13 20:01 - 2016-10-10 16:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-13 20:01 - 2016-10-10 16:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-13 20:01 - 2016-10-10 16:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-13 20:01 - 2016-10-10 16:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-13 20:01 - 2016-10-10 16:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-13 20:01 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-13 20:01 - 2016-10-10 16:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-13 20:01 - 2016-10-10 15:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-13 20:01 - 2016-10-10 15:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-13 20:01 - 2016-10-10 15:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-13 20:01 - 2016-10-10 15:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-13 20:01 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-13 20:01 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-13 20:01 - 2016-10-07 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-13 20:01 - 2016-10-07 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-13 20:01 - 2016-10-07 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-13 20:01 - 2016-10-07 16:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-13 20:01 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-13 20:01 - 2016-10-07 16:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 16:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-13 20:01 - 2016-10-07 16:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-13 20:01 - 2016-10-07 16:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-13 20:01 - 2016-10-07 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-13 20:01 - 2016-10-07 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-13 20:01 - 2016-10-07 15:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-13 20:01 - 2016-10-07 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-13 20:01 - 2016-10-07 15:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-13 20:01 - 2016-10-07 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-13 20:01 - 2016-10-07 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-13 20:01 - 2016-10-07 15:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 15:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 15:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 20:01 - 2016-10-07 15:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-13 20:01 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-13 20:01 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-13 20:01 - 2016-09-13 16:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-13 20:01 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-13 20:01 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-13 20:01 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-13 20:00 - 2016-11-13 20:00 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:00 - 2016-11-13 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-13 19:34 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-13 19:18 - 2016-11-13 19:18 - 00000308 _____ C:\Users\Philipp\Desktop\The Journey Is The Destination The Ryan McGinley Purple Book photobook by Ryan McGinley.URL
2016-11-13 19:18 - 2016-11-13 19:18 - 00000244 _____ C:\Users\Philipp\Desktop\The Syncronicles - YouTube.URL
2016-11-13 19:18 - 2016-11-13 19:18 - 00000242 _____ C:\Users\Philipp\Desktop\Amtsgericht Aachen Zwangsversteigerungs*termine.URL
2016-11-13 14:43 - 2016-11-13 14:43 - 00000273 _____ C:\Users\Philipp\Desktop\Desire will set you free - ZDFmediathek.URL
2016-11-11 21:57 - 2016-11-11 21:17 - 00370031 _____ C:\Users\Philipp\Desktop\CV_P..pdf
2016-11-11 18:44 - 2016-11-11 18:44 - 00901248 _____ C:\Users\Philipp\Desktop\merkblatt_energieaudits.pdf
2016-11-11 11:59 - 2016-11-11 11:59 - 05785595 _____ C:\Users\Philipp\Desktop\Energiemanagement.pdf
2016-11-07 00:06 - 2016-11-07 00:06 - 00000278 _____ C:\Users\Philipp\Desktop\Dissertation_Roland_Becker_Mai_2006.pdf.URL
2016-11-07 00:06 - 2016-11-07 00:06 - 00000266 _____ C:\Users\Philipp\Desktop\Grundlagen der Fotografie Eine Übersicht für Anfänger › kwerfeldein – Magazin für Fotografie.URL
2016-11-07 00:06 - 2016-11-07 00:06 - 00000239 _____ C:\Users\Philipp\Desktop\Grundlagen der Fotografie - einfach schöne Fotos machen!.URL
2016-11-04 14:27 - 2016-11-04 14:27 - 15620001 _____ C:\Users\Philipp\Desktop\bok%3A978-3-662-50397-3.pdf
2016-11-01 18:28 - 2016-11-01 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e!Sankey 3.2
2016-11-01 18:27 - 2016-11-01 18:27 - 00003746 _____ C:\Windows\System32\Tasks\{407044A4-D710-4135-B58F-5028E6B88DCC}
2016-11-01 16:47 - 2016-11-01 16:47 - 00008887 _____ C:\Users\Philipp\Documents\Mappe1 (Automatisch gespeichert).xlsx
2016-10-25 10:36 - 2016-10-25 10:36 - 00000245 _____ C:\Users\Philipp\Desktop\Karex Kantenschutzprofile.URL
2016-10-24 19:06 - 2016-10-24 19:09 - 12575120 _____ C:\Users\Philipp\Desktop\DSC04958a.pdn
2016-10-19 15:51 - 2016-10-19 15:51 - 00000214 _____ C:\Users\Philipp\Desktop\Funny Holiday Cards and Merry Christmas eCards - JibJab.com.URL
2016-10-19 11:34 - 2016-10-19 11:34 - 00000284 _____ C:\Users\Philipp\Desktop\Heribert-Hirte - CSR-Richtlinie-Umsetzungsgesetz.URL
2016-10-18 16:42 - 2016-10-18 16:42 - 00000312 _____ C:\Users\Philipp\Desktop\IHK BonnRhein-Sieg**Pressemeldung Einzelansicht.URL

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-14 09:53 - 2015-02-24 21:55 - 00000000 ____D C:\Users\Philipp\Documents\Outlook-Dateien
2016-11-14 09:52 - 2015-03-03 11:14 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Skype
2016-11-14 09:50 - 2015-02-24 17:40 - 00000000 ____D C:\Users\Philipp\ownCloud
2016-11-14 09:45 - 2015-03-30 10:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 09:39 - 2015-03-10 15:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\Deployment
2016-11-14 09:25 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 09:25 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-14 09:19 - 2015-02-10 00:47 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-11-14 09:18 - 2010-11-21 07:50 - 00704038 _____ C:\Windows\system32\perfh007.dat
2016-11-14 09:18 - 2010-11-21 07:50 - 00151144 _____ C:\Windows\system32\perfc007.dat
2016-11-14 09:18 - 2009-07-14 06:13 - 01631966 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 09:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-14 09:14 - 2015-03-30 10:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 09:14 - 2015-02-24 17:36 - 00000000 ____D C:\Users\Philipp\AppData\Local\ownCloud
2016-11-14 09:14 - 2015-02-10 00:43 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-14 09:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 09:12 - 2009-07-14 05:45 - 00440840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-14 09:10 - 2016-08-22 08:49 - 00000000 ____D C:\Windows\system32\MRT
2016-11-14 00:45 - 2016-08-22 08:49 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-13 22:03 - 2015-02-28 19:33 - 00000000 ____D C:\Users\Philipp\AppData\Local\CrashDumps
2016-11-13 22:03 - 2011-02-11 18:36 - 00000000 ____D C:\Windows\panther
2016-11-13 20:12 - 2015-03-30 10:34 - 00000000 ___RD C:\Users\Philipp\Google Drive
2016-11-13 20:00 - 2015-02-24 17:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-13 19:55 - 2015-02-24 17:20 - 00000000 ____D C:\Users\Philipp
2016-11-13 19:54 - 2016-03-15 20:18 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\dvdcss
2016-11-13 19:54 - 2015-02-25 23:08 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\vlc
2016-11-13 19:54 - 2015-02-24 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Creative
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-11-13 19:54 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-13 19:53 - 2015-10-09 12:39 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\IGC
2016-11-13 19:53 - 2015-08-31 10:38 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\ifu Hamburg GmbH, Germany
2016-11-13 19:53 - 2015-02-24 17:39 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Mozilla
2016-11-13 19:53 - 2015-02-24 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Adobe
2016-11-13 19:53 - 2015-02-24 17:20 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Intel
2016-11-09 17:05 - 2015-03-03 11:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-09 17:05 - 2015-03-03 11:14 - 00000000 ____D C:\ProgramData\Skype
2016-11-05 17:56 - 2015-03-30 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-01 18:27 - 2015-08-31 10:38 - 00000000 ____D C:\Program Files (x86)\ifu Hamburg
2016-11-01 18:26 - 2015-08-31 10:38 - 00000000 ____D C:\Users\Philipp\Documents\e!Sankey
2016-10-28 02:22 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-23 15:58 - 2015-02-10 00:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-23 15:57 - 2015-10-30 18:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-19 14:04 - 2016-06-24 22:23 - 00000000 ____D C:\Users\Philipp\Desktop\102_FUJI
2016-10-17 15:24 - 2016-10-10 16:06 - 00000000 ____D C:\Users\Philipp\Desktop\bilder

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-06-17 07:54 - 2016-06-17 07:54 - 0000181 ____H () C:\Users\Philipp\AppData\Roaming\Accra
2016-06-17 07:53 - 2016-06-17 07:53 - 0004563 ____H () C:\Users\Philipp\AppData\Roaming\dotsdarkoverlay.png
2016-06-17 07:53 - 2016-06-17 07:53 - 0001849 ____H () C:\Users\Philipp\AppData\Roaming\excluded.txt
1991-04-14 08:00 - 1991-04-14 08:00 - 0296364 ____H () C:\Users\Philipp\AppData\Roaming\Tarbrush.M
2016-01-14 15:54 - 2016-01-14 15:54 - 0000820 _____ () C:\Users\Philipp\AppData\Local\recently-used.xbel
2016-02-26 15:57 - 2016-08-06 23:23 - 0007618 _____ () C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
2016-01-30 14:22 - 2016-01-30 14:22 - 0000000 _____ () C:\Users\Philipp\AppData\Local\{A30B4EBE-8FB5-441A-9BE3-2975B2B43C0A}

Einige Dateien in TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-04 16:15

==================== Ende von FRST.txt ============================
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2016
durchgeführt von Philipp (14-11-2016 10:03:29)
Gestartet von C:\Users\Philipp\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-02-24 16:20:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-636208486-627765941-1348474775-500 - Administrator - Disabled)
Gast (S-1-5-21-636208486-627765941-1348474775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-636208486-627765941-1348474775-1002 - Limited - Enabled)
Philipp (S-1-5-21-636208486-627765941-1348474775-1001 - Administrator - Enabled) => C:\Users\Philipp

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
cFos Outlook DAV v1.80 (HKLM-x32\...\cFos Outlook DAV) (Version: 1.80 - cFos Software GmbH, Bonn)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
e!Sankey 3.2 (HKLM-x32\...\{3606B2AD-BEEB-4459-8837-092370C5733A}) (Version: 3.2.2 - ifu Hamburg GmbH)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
OpenVPN 2.3.10-I603  (HKLM\...\OpenVPN) (Version: 2.3.10-I603 - )
outlook_dav (HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\BD6B9EC7CF7AD0CFDA8AD98E4A649F10726F5B31) (Version: 1.80.2080.0 - outlook_dav)
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.2.4.6408 - ownCloud)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-636208486-627765941-1348474775-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A35357A-3543-47A6-A416-39422D34753D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {11753924-8C5D-4DF3-A50F-EDBD4E0A4905} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
Task: {164A2D85-0BC2-43A6-9271-CB4899169CF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {1FE613BE-693D-4316-8185-BF8CA35D5095} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {1FFF40F0-EC40-4B3C-B3A8-A5ED9554EFDC} - System32\Tasks\cFos\Registration Tasks\Open Browser => Firefox.exe -osint -new-window "hxxp://www.cfos.de/de/traffic-shaping/calibration-message.htm?sw-10.10.2238&amp;days=30&amp;tsa="
Task: {5007FD2A-1F57-45F5-B762-C9CB04C17DCA} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-02] (Realtek Semiconductor)
Task: {67B3920D-2AAA-4C0F-8C7C-57434E04A157} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {6C68445B-F82F-475B-BCB9-53E80BC6E27D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {837F6D9B-603C-44CE-9D4A-E0057731DBB3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {97609CE3-953C-4E5F-9382-170B5637B2F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {AD0FD5AE-5394-4E2C-8347-D7CE8DA74F8A} - System32\Tasks\{407044A4-D710-4135-B58F-5028E6B88DCC} => pcalua.exe -a C:\Users\Philipp\ownCloud\Portfolio\Software\esankey\setup-eSankey-v3.2.2.558.exe -d "C:\Users\Philipp\ownCloud\Projekte\Caritas Köln\1_Projektbearbeitung\05_Verbraucherverzeichnisse und Sankey\e-sankey Dateien" -c "C:\Users\Philipp\ownCloud\Projekte\Caritas Köln\1_Projektbearbeitung\05_Verbrauch (Der Dateneintrag hat 75 mehr Zeichen).
Task: {AE86F1C7-B835-4412-AAC8-884B1F51D7CE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation)
Task: {E50A2D99-B968-4639-80CE-AA9A0CE21768} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {EC03F30D-CD70-4305-80AC-3E871D425F63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: 

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 18:40 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-08-25 02:31 - 2016-08-25 02:31 - 00059904 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2015-02-10 00:41 - 2013-11-13 22:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3696 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3748 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3846 [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-636208486-627765941-1348474775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.179.1 - 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FEBD21A2-920F-4A69-956A-155449BD21FE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8D07DB29-2055-4D09-B68B-B9CF11BEFF6B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0DF7E4EA-8345-448D-ADDA-71CF98B7BED4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{224D5AC9-ABD2-4787-B8C9-B545BB6C7CCB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{80B366D3-88B1-4034-B0B0-19D71700C197}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [UDP Query User{554BAC21-B1B0-409E-A0BD-A7F27BBEB8DA}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [{D4192398-EC7C-4501-B0E3-9AE2BAF8EA3A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A353DD0F-CEA3-4B1C-9351-642D973D4310}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ECB3E2D-5639-401A-B936-646A51F2A884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FD0A37D-65B0-4535-BB1C-806B9E5EA896}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EBBA9CF6-0CA6-4BAD-BD9F-0134CEB0839B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E0BED4BA-F3F3-4AFA-9B80-1CA8310376DD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{84A7FBC5-8045-45E5-A7BB-412EB34F01B7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{19586E79-A065-4A7C-9A53-DF09CBCD6FED}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{078079CD-1B99-4D1E-A5FB-558FCF82EF32}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{839ED1B1-2E10-40B8-A886-723FF942BECD}] => (Block) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0172AD8A-B0C1-4BBC-9DB4-B649E7D7B7AB}] => (Block) C:\users\philipp\appdata\roaming\spotify\spotify.exe

==================== Wiederherstellungspunkte =========================

13-11-2016 19:35:43 Windows-Sicherung
13-11-2016 19:39:04 Windows-Sicherung
13-11-2016 19:40:11 Windows Update
13-11-2016 19:52:56 Wiederherstellungsvorgang
13-11-2016 20:05:52 Windows-Sicherung
13-11-2016 20:08:24 Windows Update
14-11-2016 00:43:42 Windows Update
14-11-2016 09:53:17 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/14/2016 09:12:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (11/13/2016 10:30:04 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi15. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.  (HRESULT : 0x8007007f).

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/13/2016 10:29:29 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


Systemfehler:
=============
Error: (11/14/2016 09:12:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/13/2016 10:29:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/13/2016 10:29:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (11/13/2016 10:29:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (11/13/2016 10:28:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/13/2016 10:28:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/13/2016 10:28:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/13/2016 10:28:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/13/2016 10:28:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/13/2016 10:28:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4310U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8097.4 MB
Verfügbarer physikalischer RAM: 5427.87 MB
Summe virtueller Speicher: 16192.98 MB
Verfügbarer virtueller Speicher: 13419.47 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:107.44 GB) (Free:16.53 GB) NTFS
Drive e: (My Book) (Fixed) (Total:596.02 GB) (Free:58.48 GB) FAT32
Drive f: (My Passport) (Fixed) (Total:465.65 GB) (Free:330.23 GB) FAT32
Drive g: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:347.05 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:3.93 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 54D959A8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F79678AA)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 596.2 GB) (Disk ID: ACDD9B22)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 498D7415)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
Geändert von Auweiha (14.11.2016 um 10:10 Uhr)

Alt 14.11.2016, 10:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2016, 11:13   #11
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2016
durchgeführt von Philipp (14-11-2016 11:10:56) Run:1
Gestartet von C:\Users\Philipp\Downloads
Geladene Profile: Philipp (Verfügbare Profile: Philipp)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
emptytemp:
*****************


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8587988 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 398692 B
Edge => 0 B
Chrome => 0 B
Firefox => 392732594 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 101085922 B
Philipp => 55895788 B

RecycleBin => 7825562 B
EmptyTemp: => 548.4 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:11:12 ====

Alt 14.11.2016, 11:21   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2016, 15:44   #13
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Nummer 1:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 14.11.2016
Suchlaufzeit: 11:44
Protokolldatei: mbamlog.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.14.04
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 290837
Abgelaufene Zeit: 3 Min., 2 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Nummer 2:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f3032cff4fd1304c8cdea04210e868bb
# end=init
# utc_time=2016-11-14 11:27:33
# local_time=2016-11-14 12:27:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 31403
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f3032cff4fd1304c8cdea04210e868bb
# end=updated
# utc_time=2016-11-14 11:37:48
# local_time=2016-11-14 12:37:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f3032cff4fd1304c8cdea04210e868bb
# engine=31403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-14 02:40:16
# local_time=2016-11-14 03:40:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3636417 102118410 0 0
# scanned=443144
# found=3
# cleaned=0
# scan_time=10946
sh=E3D949E073ACC6F0B8987750DCDEF5EA31CEE70C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\P-PC\Backup Set 2014-01-19 224656\Backup Files 2014-01-19 224656\Backup files 3.zip"
sh=F4AADEE3B7B1BE30BAD6F8947C8FC28F1E0D7EC0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="E:\P-PC\Backup Set 2014-01-19 224656\Backup Files 2014-01-19 224656\Backup files 5.zip"
sh=DA3A28D142C1F19B2FB5A3097271D52446CE6167 ft=1 fh=917b716edfb5e5cf vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Nero8\Nero-8.1.1.4_deu_trial.exe"

E:\PPC\Backup Set 2014-01-19 224656\Backup Files 2014-01-19 224656\Backup files 3.zip	Mehrere Bedrohungen
E:\P-PC\Backup Set 2014-01-19 224656\Backup Files 2014-01-19 224656\Backup files 5.zip	Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung
E:\Programme\Nero8\Nero-8.1.1.4_deu_trial.exe	Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung
Nummer 3:
Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 22.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (49.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
Geändert von Auweiha (14.11.2016 um 15:50 Uhr)

Alt 14.11.2016, 15:47   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Zitat:
Adobe Flash Player 22.0.0.209
Adobe Reader XI
Alles deinstallieren.

Adobe Reader: Verwende stattdessen lieber PDF-X-Change Viewer; der interne PDF-Betrachter vom Firefox reicht meist auch aus.

Flash Player: Was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen; in dem Teil werden ständig neue dicke Sicherheitslücken gefunden - für YT reicht meistens HTML5 aus, das ist der Standardplayer wenn der Flash Player inaktiv oder nicht installiert ist; für spezielle Browsergames kann es aber sein, dass du den Flash Player brauchst. Nutze Flash so sparsam wie möglich und wenn dann immer aktuell halten!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2016, 15:55   #15
Auweiha
 
Windows 7: Trojaner WIN32 Dynamer!ac - Standard

Windows 7: Trojaner WIN32 Dynamer!ac


Bereits erledigt!
Muss ich nun noch etwas unternehmen?

Antwort
Seite 1 von 2 1 2

Themen zu Windows 7: Trojaner WIN32 Dynamer!ac
ccsetup, dankbar, eingefangen, gefangen, gefunde, gen, hilfe, microsoft, office 365, problem gelöst, programm, prozesse, suche, taskma, taskmanger, troja, trojaner, virenprogramm, weiterer, win, win32, windows, windows 7, zuordnen


« Antivirsoftwarereste entfernen | Eset Online Scanner zeigt 15 Infizierungen und stürzt vor Ablauf ab »


Ähnliche Themen: Windows 7: Trojaner WIN32 Dynamer!ac


  1. Wie entferne ich "Win32/Dynamer!ac"?
    Log-Analyse und Auswertung - 23.08.2016 (10)
  2. Windows 10: Trojaner win32.Peals.elcl und andere
    Plagegeister aller Art und deren Bekämpfung - 05.08.2016 (27)
  3. Windows 7: Trojaner kommen immer wieder, meist Win32/Dynamer!ac
    Log-Analyse und Auswertung - 10.01.2016 (18)
  4. Win32/Beaugrit.gen!D; Win32/Buma!rts ; Win32/Dynamer!ac
    Plagegeister aller Art und deren Bekämpfung - 02.12.2015 (1)
  5. Windows 7 hat Trojaner "Trojan:Win32/enotet
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (22)
  6. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  7. Windows XP, Trojaner, Win32:Banker-KDL
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (13)
  8. Win32:Addlyrics-M [Adw] Trojaner Windows 8
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (19)
  9. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  10. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  11. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  12. windows.exe und PC fährt automatisch herunter - Win32/Injector.DYT Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (11)
  13. TR/Dynamer.dtc.2241, Eine Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (3)
  14. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (7)
  15. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Mülltonne - 04.04.2011 (1)
  16. Trojaner Trojan-Spy.Win32.Zbot.gen in C:\windows\system32\sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 19.03.2010 (4)
  17. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Trojaner WIN32 Dynamer!ac - Hallo! Das Microsoft Virenprogramm hat den Trojaner WIN32 Dynamer!ac gemeldet. Nach weiterer Suche habe ich im Taskmanger drei Prozesse gefunden, die ich keinem Programm zuordnen kann: winlogon.exe csrss.exe RAVBg64.exe Da - Windows 7: Trojaner WIN32 Dynamer!ac...
Archiv
Du betrachtest: Windows 7: Trojaner WIN32 Dynamer!ac auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19