Browser öffnet automatisch (Wonderlandsads.com)

zoror · 01.03.2017, 13:54

Hallo Zusammen,

schon einmal Danke für eure Unterstützung. Ich bin schon langsam am verzweifeln und weiß nicht mehr weiter und deswegen mache ich einen neuen Thread auf. Ich habe das Problem, dass mein Mozilla Firefox sich automatisch öffnet und mir die Mailware "Wonderlandads" gezeigt wird. Ich habe jetzt, um es zumindest zu unterdrücken, Adblock einen Filter eingerichtet, jedoch öffnet der Browser dennoch.

Ich habe ein Programm installiert, welchen ein Mod für ein Spiel darstellen sollte, jedoch war es doch ein Virus. Ich habe vorher auch den Virenscanner "Trend Micro Office Scan Agent" über die Datei laufen lassen und dies ergab nichts. Die Datei an sich habe ich schon gelöscht.

Ich habe natürlich wie es sich für einen mit IT-Kenntnissen gehört schon einige Dinge probiert bzw. selbst durchgeführt. Ich habe folgendes ausgeführt:

- vollständigen Scan mit Trend Micro
- Scan mit Malwarebytes
- Scan mit Adwcleaner
- Diese Anleitung durchgeführt bis zum Punkt ESET Online Scanner: http://www.trojaner-board.de/175581-...entfernen.html
- Zusätzlich habe ich auch alle Browser zurückgesetzt und jede Software dir mir nicht bekannt ist und die in letzter Zeit installiert wurden entfernt.
- Auch habe ich mit HijackThis eine Logfile erstellt und Probleme mit dem Programm behoben

Jetzt verzweifle ich aber langsam, weil das alles nichts gebracht hat. Vielleicht kann mir einer von euch helfen?

Ich habe gesehen, dass ihr einen anderen User schon helfen konntet: http://www.trojaner-board.de/183665-...erlandads.html

Viele Grüße,
Johann

M-K-D-B · 01.03.2017, 21:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Du hast bereits AdwCleaner und MBAM ausgeführt? Warum postest du nicht die dazugehörigen Logdateien? Bitte nachreichen.
Hinweis: Du sollst die beiden Programme nicht nochmal ausführen!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die bereits durchgeführten Logdateien von AdwCleaner und MBAM,
die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

zoror · 02.03.2017, 08:22

Hallo Matthias,

schon einmal danke für die schnelle Antwort! Ich habe glaube ich mir das Ganze durch Mail.ru eingefangen. Es werden auch andere Seiten als Wonderlandsads.com aufgerufen. (Ist anscheinend random) Eine illegale Software ist nicht auf dem Rechner.

Nun folgend die Logs, welche ich anonymisiert habe. (Mein Vollständiger Name) Die Stellen wurden durch XXX ersetzt.

Wie versprochen das MBAM-Log:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 01.03.17
Scan-Zeit: 17:05
Protokolldatei: MBAM.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1394
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 407679
Abgelaufene Zeit: 3 Min., 14 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 10
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EFVN75F0.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}, In Quarantäne, [3131], [371154],1.0.1394

Datei: 48
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\agree_continue.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\bodybg.jpg, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\context-icon.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\dont_help.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon32.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon48.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo_settings.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\mrwips.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark14.png, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\authentication.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.jsm, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteAdvanced.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteEditWebsite.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteSetWebsite.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config_special.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\convert2RegExp.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\hex_sha256.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\md5.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteBlack.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteWhite.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.css, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.html, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\tooltip.css, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\translate.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\Usage.xul, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wips.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wipstats.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.dtd, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.properties, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\contents.rdf, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.dtd, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.properties, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\contents.rdf, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences\prefs.js, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\manifest.mf, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.rsa, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.sf, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome.manifest, In Quarantäne, [3131], [371154],1.0.1394
PUP.Optional.BlockSite, D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\install.rdf, In Quarantäne, [3131], [371154],1.0.1394

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Und das AdwCleaner:

Code:

ATTFilter

# AdwCleaner v6.043 - Bericht erstellt am 27/02/2017 um 11:52:18
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-27.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : XXX
# Gestartet von : D:\Users\XXX\Downloads\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: D:\Users\XXX\AppData\Local\Mail.Ru
[-] Ordner gelöscht: C:\ProgramData\Mail.Ru
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Mail.Ru
[-] Ordner gelöscht: C:\Program Files (x86)\Mail.Ru


***** [ Dateien ] *****

[-] Datei gelöscht: D:\Users\XXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] Datei gelöscht: D:\Users\XXX\Favorites\Mail.Ru.url
[-] Datei gelöscht: D:\Users\XXX\Favorites\Mail.Ru Агент - используй для общения!.url
[-] Datei gelöscht: D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\c0dj7xeh.default-1473789788148\searchplugins\mailru.xml
[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****

[!] Verknüpfung nicht gelöscht: D:\Users\XXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk


***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Mail.Ru
[-] Schlüssel gelöscht: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Xpom
[-] Schlüssel gelöscht: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\AppDataLow\Software\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Xpom
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Xpom
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Schlüssel gelöscht: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Daten  wiederhergestellt: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Daten  wiederhergestellt: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht: HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

*************************

D:\AdwCleaner\AdwCleaner[C0].txt - [4034 Bytes] - [27/02/2017 11:52:18]
D:\AdwCleaner\AdwCleaner[S0].txt - [4035 Bytes] - [27/02/2017 11:52:00]

########## EOF - D:\AdwCleaner\AdwCleaner[C0].txt - [4180 Bytes] ##########

Deine Anleitung werde ich jetzt ausführen und danach die Ergebnisse als neuen Post einstellen.

Viele Grüße,
Johann

Jetzt habe ich die beiden Programme ausgeführt und die entsprechenden Log-Files bekommen. Wie auch schon bei den ersten Log Uploads habe ich gewisse Daten (Namen, Computernamen) anonymisiert mit XXX.

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
durchgeführt von XXX (Administrator) auf XXX (02-03-2017 08:05:16)
Gestartet von D:\Users\XXX\Desktop
Geladene Profile: XXX (Verfügbare Profile: XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Trend Micro Inc.) C:\Windows\System32\dgagent\dsagent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Trend Micro Inc.) C:\Windows\System32\ShowMsg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Autonomy Inc.) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-10-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe [1414944 2013-11-12] (Autonomy Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503096 2016-09-30] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {0e77388a-78b7-11e4-b1ba-00a0c6000012} - F:\Autorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {e5ea185a-1d65-11e4-bba1-806e6f6e6963} - E:\SMS\bin\i386\TSMBAutorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll.INACTIVE
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicy\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{23F19CDE-3C6F-4ADB-95A0-10C85795AD63}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3EECC2C4-79E1-479C-8452-8788DB61E1C0}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{8F6D75BA-C493-473F-A755-73E356CBFEA7}: [DhcpNameServer] 10.110.25.7 10.110.14.7 10.2.92.17 10.1.11.130

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.corp.sopra
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\WINDOWS\TEMP\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://otevpn3.ote.gr/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\WINDOWS\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://alm12prod.corp.sopra:8080/qcbin/ALM-Platform-Loader.12.2x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\WINDOWS\TEMP\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\WINDOWS\TEMP\f5tmp\f5syschk.cab
DPF: HKLM-x32 {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://alm.steria.com:8080/qcbin/ALM-Platform-Loader.11.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: efvn75f0.default
FF ProfilePath: D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default [2017-03-01]
FF Extension: (LeechBlock) - D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-01]
FF Extension: (Adblock Plus) - D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\efvn75f0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-01]
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-01-31]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260904419-1400770398-4175912926-321081: LWAPlugin15.8 -> D:\Users\XXX\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [Keine Datei]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2012-07-01] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-01-06] <==== ACHTUNG

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7213344 2013-11-12] (Autonomy Corporation plc)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842344 2014-06-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [634024 2014-06-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R3 DSASvc; C:\WINDOWS\system32\dgagent\DSAGENT.exe [8696320 2016-11-14] (Trend Micro Inc.)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2015-08-10] (F5 Networks, Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [Datei ist nicht signiert]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [192104 2013-11-22] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4456040 2013-11-22] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5695536 2016-09-30] (Trend Micro Inc.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-10-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2015-01-26] (Realtek Semiconductor.) [Datei ist nicht signiert]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2014-06-22] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-09-07] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [852648 2016-09-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5309680 2016-09-30] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [601360 2015-05-14] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-06] (Microsoft Corporation)
S3 Smcinst; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\SmcLU\Setup\smcinst.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 btmaudio; C:\WINDOWS\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-10] (F5 Networks, Inc.)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2013-10-31] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [2261464 2013-10-31] (Realtek Semiconductor Corp.)
S3 JabraDFU; C:\WINDOWS\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2015-01-26] (GN Netcom A/S)
R2 LV_Tracker; C:\WINDOWS\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-02] (Malwarebytes)
R3 O2FJ2RDR; C:\WINDOWS\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-10-31] (O2Micro )
R3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R2 SAKFile; C:\WINDOWS\System32\drivers\sakfile.sys [122080 2016-11-14] (Trend Micro Inc.)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 ST_Accel; C:\WINDOWS\System32\DRIVERS\ST_Accel.sys [89312 2013-10-31] (STMicroelectronics)
R3 swg3kmbb05; C:\WINDOWS\System32\DRIVERS\swg3kmbb05.sys [482608 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3knmea05; C:\WINDOWS\System32\DRIVERS\swg3knmea05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3kser05; C:\WINDOWS\System32\DRIVERS\swg3kser05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swibus05; C:\WINDOWS\System32\DRIVERS\swibus05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R3 swibusflt05; C:\WINDOWS\System32\DRIVERS\swibusflt05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [128736 2016-10-05] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [322768 2016-08-26] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [86752 2016-10-05] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [157432 2015-06-16] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102624 2016-09-22] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [290296 2015-06-16] (Trend Micro Inc.)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpnv64.sys [45776 2012-04-06] (F5 Networks, Inc.)
S1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R2 VMparport; C:\WINDOWS\system32\drivers\VMparport.sys [32472 2015-06-24] (VMware, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-02 08:05 - 2017-03-02 08:05 - 00035085 _____ D:\Users\XXX\Desktop\FRST.txt
2017-03-02 08:04 - 2017-03-02 08:05 - 00000000 ____D C:\FRST
2017-03-02 08:02 - 2017-03-02 08:02 - 04747704 _____ (AO Kaspersky Lab) D:\Users\XXX\Desktop\tdsskiller.exe
2017-03-02 08:02 - 2017-03-02 08:02 - 02423808 _____ (Farbar) D:\Users\XXX\Desktop\FRST64.exe
2017-03-02 07:49 - 2017-03-02 07:51 - 00000000 ____D D:\Users\XXX\Desktop\Virus
2017-03-01 17:55 - 2017-03-01 17:55 - 00259584 _____ (OldTimer Tools) D:\Users\XXX\Downloads\OTH.scr
2017-03-01 12:10 - 2017-03-01 12:10 - 00001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2017-03-01 12:08 - 2017-03-01 12:08 - 04999096 _____ D:\Users\XXX\Downloads\ausetup_5.3.1.21.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 02870984 _____ (ESET) D:\Users\XXX\Downloads\esetsmartinstaller_deu.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 00465536 _____ (Bleeping Computer, LLC) D:\Users\XXX\Downloads\sc-cleaner.exe
2017-03-01 11:55 - 2017-03-01 11:55 - 01663736 _____ (Malwarebytes) D:\Users\XXX\Downloads\JRT.exe
2017-03-01 07:48 - 2017-03-01 07:48 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Mozilla
2017-03-01 07:48 - 2017-03-01 07:48 - 00000000 ____D D:\Users\XXX\AppData\Local\Mozilla
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barco
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\Program Files (x86)\Barco
2017-03-01 07:43 - 2017-03-01 07:43 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-01 07:43 - 2017-03-01 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-01 07:43 - 2017-03-01 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-28 17:09 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-28 13:59 - 2017-02-28 13:59 - 00054186 _____ D:\Users\XXX\Desktop\bookmarks-2017-02-28.json
2017-02-28 13:58 - 2017-02-28 13:58 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-28 13:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-28 13:57 - 2017-02-28 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-28 13:57 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 13:54 - 2017-02-28 13:56 - 46525608 _____ (Safer-Networking Ltd. ) D:\Users\XXX\Downloads\spybot-2.4.exe
2017-02-28 13:52 - 2017-03-02 07:44 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 13:52 - 2017-03-02 07:44 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-28 13:52 - 2017-03-02 07:44 - 00081696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-28 13:52 - 2017-03-02 07:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-28 13:52 - 2017-03-01 08:19 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-28 13:51 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-28 13:06 - 2017-02-28 13:07 - 55566792 _____ (Malwarebytes ) D:\Users\XXX\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-28 12:55 - 2017-02-28 12:55 - 00388608 _____ (Trend Micro Inc.) D:\Users\XXX\Downloads\HijackThis.exe
2017-02-28 12:41 - 2017-02-28 12:41 - 04015056 _____ D:\Users\XXX\Downloads\AdwCleaner_6.043.exe
2017-02-28 07:28 - 2017-02-28 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D D:\Users\XXX\Documents\My Cheat Tables
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-02-27 16:49 - 2017-02-27 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_Vorlagen 6.28 für Office 2010
2017-02-27 15:35 - 2017-02-27 15:35 - 00379520 _____ C:\WINDOWS\ntbtlog.txt
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Unity
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\Local\Unity
2017-02-27 11:12 - 2017-02-27 11:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\only-newsorggrowsm
2017-02-27 10:15 - 2017-02-27 10:15 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Cheat Happens
2017-02-27 09:02 - 2017-02-27 09:02 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Jujubee S_A_
2017-02-27 08:07 - 2017-02-27 08:07 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\CEF
2017-02-27 07:50 - 2017-03-01 20:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-27 07:50 - 2017-02-27 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-22 15:45 - 2017-02-22 15:45 - 00000000 ____D D:\Users\XXX\Desktop\Belege Reisekostenabrechnung
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-21 13:46 - 2017-02-21 13:46 - 00000353 _____ D:\Users\XXX\Documents\Beispiel Kennzahlenimport.csv
2017-02-17 06:27 - 2017-02-23 20:06 - 00011994 _____ D:\Users\XXX\Documents\Autokalkulation.xlsx
2017-02-17 06:27 - 2017-02-17 06:35 - 00011503 _____ D:\Users\XXX\Documents\33716BB0.tmp
2017-02-17 06:27 - 2017-02-17 06:27 - 00000165 ____H D:\Users\XXX\Documents\~$Autokalkulation.xlsx
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-04 17:19 - 2017-02-04 17:19 - 00851608 _____ C:\WINDOWS\Minidump\020417-9625-01.dmp
2017-02-02 11:44 - 2017-02-02 11:44 - 00009431 _____ D:\Users\XXX\Documents\Mappe1.xlsx
2017-01-31 09:30 - 2017-01-31 09:30 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2017-01-31 09:30 - 2017-01-31 09:30 - 00000000 ____D C:\WINDOWS\system32\tmumh

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-02 07:54 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 07:54 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 07:52 - 2011-04-12 08:26 - 00718418 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-02 07:52 - 2011-04-12 08:26 - 00156816 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-02 07:52 - 2009-07-14 06:13 - 01672678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-02 07:52 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-02 07:44 - 2016-05-02 11:22 - 00001214 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-02 07:44 - 2014-10-01 17:25 - 00000638 _____ C:\WINDOWS\SMSCFG.INI
2017-03-02 07:43 - 2017-01-29 10:40 - 00000000 ____D C:\WINDOWS\system32\dgagent
2017-03-02 07:43 - 2015-11-30 12:18 - 00000000 ____D C:\ProgramData\VMware
2017-03-02 07:43 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-01 19:43 - 2014-10-01 17:27 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-01 19:26 - 2016-05-02 11:22 - 00001218 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-01 07:43 - 2014-12-04 21:32 - 00000000 ____D C:\WINDOWS\SecurityCompliance
2017-03-01 07:39 - 2014-10-01 17:24 - 00001128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-02-28 20:40 - 2017-01-30 08:11 - 00011907 _____ C:\WINDOWS\cfgall.ini
2017-02-28 12:41 - 2016-05-02 09:01 - 00000000 ____D D:\Users\XXX\AppData\Roaming\KeePass
2017-02-28 11:06 - 2014-10-01 19:13 - 00101725 __RSH C:\ProgramData\ntuser.pol
2017-02-28 07:28 - 2016-05-02 11:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 17:33 - 2016-10-31 08:25 - 00000000 ____D D:\Users\XXX\Desktop\Test_CSV
2017-02-27 17:29 - 2015-01-23 10:45 - 00000000 ____D D:\Users\XXX\Desktop\Dokumentenablage Desktop
2017-02-27 17:00 - 2014-10-02 09:19 - 00000000 ____D D:\Users\XXX
2017-02-27 16:49 - 2014-10-01 17:26 - 00000000 ____D C:\WINDOWS\ccmcache
2017-02-27 16:26 - 2014-10-02 09:19 - 00015328 __RSH D:\Users\XXX\ntuser.pol
2017-02-27 15:54 - 2015-06-30 12:55 - 00000000 ____D C:\Program Files\Freedom Scientific
2017-02-27 15:48 - 2009-07-14 06:08 - 00032632 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-02-27 11:12 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-27 08:04 - 2016-05-03 12:40 - 00000000 ____D C:\WINDOWS\pss
2017-02-27 07:55 - 2015-09-22 15:48 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2017-02-23 15:14 - 2016-08-24 08:14 - 00000000 ____D D:\Users\XXX\Desktop\TEMP
2017-02-23 14:38 - 2015-01-12 14:10 - 00000000 ____D C:\tmp
2017-02-23 13:26 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Local\VMware
2017-02-23 12:37 - 2009-07-14 06:32 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-23 12:34 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Roaming\VMware
2017-02-15 07:43 - 2014-10-01 17:27 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-15 07:43 - 2014-10-01 17:27 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 07:43 - 2014-10-01 17:27 - 00003822 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-07 09:32 - 2014-10-21 19:19 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 17:19 - 2015-04-27 07:42 - 1162779313 _____ C:\WINDOWS\MEMORY.DMP
2017-02-04 17:19 - 2015-04-27 07:42 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 12:45 - 2015-03-06 08:53 - 00000000 ____D D:\Users\XXX\Desktop\Notepad
2017-02-01 10:11 - 2015-09-08 18:22 - 00000000 ____D D:\Users\XXX\AppData\Local\ElevatedDiagnostics
2017-02-01 10:11 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-01 17:53 - 2014-10-01 17:53 - 0000872 _____ () C:\ProgramData\NCIDebug.log

Einige Dateien in TEMP:
====================
2017-03-02 07:44 - 2017-03-02 07:44 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\4nw5kdhv.dll
2017-03-01 13:59 - 2017-03-01 13:59 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\ikttexnb.dll
2017-03-01 13:59 - 2017-03-02 07:45 - 0011776 _____ () D:\Users\XXX\AppData\Local\Temp\Microsoft.GeneratedCode.dll
2012-07-20 04:05 - 2012-07-20 04:05 - 75674640 ____R () D:\Users\XXX\AppData\Local\Temp\Setup.exe
2017-03-01 17:15 - 2017-03-01 17:15 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\stcue2qu.dll
2017-03-01 07:47 - 2017-03-01 07:47 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\vof3im5k.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-22 12:44

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-03-2017
durchgeführt von XXX (02-03-2017 08:05:46)
Gestartet von D:\Users\XXX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-01 18:09:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3113988489-2351696136-3761002224-500 - Administrator - Enabled)
Gast (S-1-5-21-3113988489-2351696136-3761002224-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
FW: Trend Micro Personal Firewall (Enabled) {BA79574A-0BD2-4111-E9B9-4C4D19E825DB}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.2.1677 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALM-Platform Loader 12.2x (HKLM-x32\...\{F895EE9A-5B77-4C5E-ADBF-1C1037B6F19A}) (Version: 12.21.4389.0 - HP)
BIG-IP Component Installer (HKLM-x32\...\{FD351D58-7BAE-403D-98A4-683FE7298F01}) (Version: 70.2013.1115.1202 - F5 Networks)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0811.0317 - F5 Networks, Inc.)
Browser Settings (HKLM-x32\...\{B4853DBD-27A9-489F-B559-D25D1C4EB1D2}) (Version: 5.8.0 - DSI)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
ClickShare Launcher (HKLM-x32\...\{25E136CF-DAD8-48B5-A1DF-E236E1ECF627}) (Version: 1.9.0.2 - Barco N.V.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.0.2 - Autonomy Corporation plc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Folder Creation (x32 Version: 1.0.0 - GDS CoE, SopraSteria) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Greenshot 1.1.8.35 (HKLM\...\Greenshot_is1) (Version: 1.1.8.35 - Greenshot)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Lotus Notes 8.5.3 de (HKLM-x32\...\{122A716C-63AD-4F73-BDCD-309F0A799C91}) (Version: 8.53.11286 - IBM)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MDS Version 2.5 (HKLM-x32\...\{06128DD2-874A-4635-8890-A27ECB901B6F}_is1) (Version: 2.5 - ProLogic S.E. GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 45.6.0 ESR (x86 de) (HKLM-x32\...\Mozilla Firefox 45.6.0 ESR (x86 de)) (Version: 45.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
NICI U.S./Worldwide 2.77.2.0 (x64) (HKLM\...\{31173D4D-50FB-47B7-B7AC-622EDFA97B88}) (Version: 2.77.2.0 - Novell, Inc.)
NICI U.S./Worldwide 2.77.3.0 (x32) (HKLM-x32\...\{7BD5D2CC-3186-4FE9-921E-4C4F64C68CAF}) (Version: 2.77.3.0 - Novell, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
PDF24 Creator (HKLM-x32\...\{3CB29F1E-FF6F-40EC-88FC-09BCBEC97662}) (Version: 6.3.2 - www.pdf24.org)
PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RDP - via Citrix (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RDP - via Citrix) (Version: 1.0 - Delivered by Citrix)
Realpolitiks (HKLM\...\Steam App 553260) (Version:  - Jujubee S.A.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RemoteAccess A1 (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RemoteAccess A1) (Version: 1.0 - Delivered by Citrix)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 2 - SAP)
Security Compliance (x32 Version: 1.7.0 - Steria) Hidden
Self-Service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Show active Citrix Sessions (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.Show active Citrix Sessions) (Version: 1.0 - Delivered by Citrix)
Skype for Business Basic 2016 - de-de (HKLM\...\SkypeforBusinessEntryRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software)
Sopra Steria Office 2010 Templates (HKLM-x32\...\{73BE14F5-DBA1-424A-852A-C30D700A2F75}) (Version: 5.1.0.0 - GDS CoE, Steria)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSO Management (x32 Version: 1.6.0 - Sopra Steria) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steria Browser Settings - Germany (HKLM-x32\...\{C8EF86F1-DB02-4DA8-9F1E-1611BB00F2A1}) (Version: 1.00.0000 - GDS CoE, Steria)
Steria Customization (HKLM-x32\...\{4D03E58B-C5FD-4E0C-81A0-0118F1FDC3CD}) (Version: 2.5.0.0 - GDS CoE, Steria)
Steria Theme - Germany (HKLM-x32\...\{7947BC9E-3B19-4CBC-AFAB-143555A66F37}) (Version: 1.0.0 - GDS CoE, Steria)
Steria Theme - Group (HKLM\...\{01889ADA-B618-4DF3-9447-7262449D2D03}) (Version: 4.0.0 - GDS CoE, Steria)
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.44109 - TeamViewer)
TeamViewer 8 Host (MSI Wrapper) (HKLM-x32\...\{A8BCD0F9-F225-4C7C-B46E-F04079553507}) (Version: 8.0.44109 - TeamViewer)
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.6158 - Trend Micro Inc.)
Trend Micro OfficeScan Agent (x32 Version: 11.0.6158 - Trend Micro Inc.) Hidden
Visual Paradigm 12.2 (HKLM\...\1106-5897-7327-6550) (Version: 12.2 - Visual Paradigm International Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
Vorlagen 6.08 für Office 2010 (HKLM-x32\...\{392314EF-73F0-4F04-AEFB-CA635D98E424}) (Version: 6.8.0.0 - Sopra Steria GmbH)
Vorlagen 6.28 für Office 2010 (HKLM-x32\...\{BFBA74D8-6E64-4ABA-BE03-CA76E1B58E5C}) (Version: 6.28.0.0 - Sopra Steria GmbH)
WinRAR 5.40 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> D:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1B5B6600-CDE0-4D18-9136-190EC86190EA} - System32\Tasks\{C93DC0BC-58DE-4A5F-8154-FAA6DAF5FF91} => pcalua.exe -a D:\Users\XXX\Downloads\templates_scrapbook_collection_full.exe -d D:\Users\XXX\Downloads
Task: {2E1F5968-A7D5-4814-AC63-480DC994279D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6EF3968C-97B6-4C69-A5A7-4B095AFAF868} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)
Task: {771E622A-0451-409B-8366-CF73EDB81B74} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Start Workspace Runtime at logon
Task: {7D22B5B1-E0B7-4ABF-85E5-E4E0ADC824AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {8067E513-9FF7-4072-BFCE-8DCF7E2F4BFD} - System32\Tasks\only-newsorggrowsm => Firefox.exe only-news.org/growsm
Task: {8A3515AE-0D71-4758-82F2-0C27982F5997} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9B03BA62-3569-4269-A2CE-8B0870C51FFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9DD9BE81-CE92-4E70-969C-931AD9F29C83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9DE65B24-5196-4C64-97FE-C940723C0876} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {A0D641B6-D017-4E64-8A2C-B6B7C44DB49F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AB21DBCC-5A07-4F7C-B593-26E2C210336E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {AC4C0A15-B431-48B2-BF6E-3132981221FB} - System32\Tasks\{08A0304F-FDD6-4269-B68E-819F4B1F6E77} => pcalua.exe -a D:\Users\XXX\Downloads\template_calendar_notes.exe -d D:\Users\XXX\Downloads
Task: {E4750597-2244-4500-86F4-B8DFD75930E5} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Update connections => Rundll32.exe tsworkspace,TaskUpdateWorkspaces2
Task: {E756CC9C-F1DD-4941-9D92-3269EA0A4C7B} - System32\Tasks\{4C30F20C-5A99-40A3-98D9-20939F63F437} => pcalua.exe -a "D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\700IB44V\JavaSetup8u51.exe" -d D:\Users\XXX\Desktop
Task: {F38D0629-EC66-4720-A314-6979D43D4054} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Report update status => Rundll32.exe tsworkspace,WorkspaceStatusNotify2
Task: {F6A7DDA6-B372-416C-8FEA-1655AB539AD9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {FC488C2E-B744-4DE8-A659-2DC141F0BF52} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-13 14:27 - 2012-12-06 13:09 - 00136704 _____ () C:\WINDOWS\System32\zlhp1600.dll
2014-12-26 15:22 - 2014-12-26 15:22 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2007-05-16 10:42 - 2007-05-16 10:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2012-12-19 03:06 - 2012-12-19 03:06 - 01300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll
2017-02-28 13:51 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-28 13:51 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-28 13:51 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00712480 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Library.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00411936 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Resources.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00471840 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Controls.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00231200 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.Enterprise.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00052000 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.dll
2017-03-02 07:44 - 2017-03-02 07:44 - 00775680 _____ () D:\Users\XXX\AppData\Local\Temp\4nw5kdhv.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00183072 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\de-DE\Connected.Agent.UI.Resources.resources.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00026408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_system-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00058320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_57.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00686608 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00110320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00036160 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_chrono-vc110-mt-1_57.dll
2016-09-11 09:20 - 2016-09-11 09:20 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00076576 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\SDK8.dll
2017-02-28 13:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-02-28 13:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-28 13:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\.DEFAULT\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\amadeus.com -> hxxps://amadeus.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\api.mykds.com -> hxxps://api.mykds.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\frvab-appone01 -> hxxp://frvab-appone01
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\gallery.mailchimp.com -> gallery.mailchimp.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sap.com -> hxxps://crmemeahub1.tdc.sap.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.com -> sopra.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.fr -> sopra.fr
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopragroup.com -> sopragroup.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\steria.com -> hxxps://remoteaccess.steria.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\w.mykds.com -> hxxps://w.mykds.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-02-03 09:37 - 2017-03-01 07:37 - 00000937 ____A C:\WINDOWS\system32\Drivers\etc\hosts

10.110.68.93	v65.sap-labor.steria-mummert.de
52.28.180.197   v71.sap-labor.aws.internal           # V71 IFRS 1&1

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\SopraSteria\wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClickShare Launcher.lnk => C:\WINDOWS\pss\ClickShare Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\WINDOWS\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\WINDOWS\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingSvc => D:\Users\XXX\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B08E6C6CDE2758572C4F043B5B3B8653 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Greenshot => C:\Program Files\Greenshot\Greenshot.exe
MSCONFIG\startupreg: HP LaserJet 200 color MFP M276 Series Fax => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 200 color MFP M276 Series Fax"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: WavesSvc => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{852BB7C3-13E4-48B3-BF1A-1EF2A39A42F1}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\FaxApplications.exe
FirewallRules: [{D64C9794-3004-423C-84E2-E5B75FDA3884}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\DigitalWizards.exe
FirewallRules: [{213940B5-73D5-4AC8-9971-7C06FA43636C}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
FirewallRules: [{561A043D-7D46-4CEF-AD47-5EC94D0718A1}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
FirewallRules: [{1AED275B-174D-4F58-96B8-80051DF55814}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Installer\hpbcsiInstaller.exe
FirewallRules: [{72AB160E-A28F-493D-A22A-1FFCD44E961A}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Installer\hpbcsiInstaller.exe
FirewallRules: [{346E28FE-409A-4953-94F4-3E8F34E4781A}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{A2381FC8-FE95-4742-8605-13D27B51D786}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39061EF3-1CF7-4F37-86D9-0B2F99957C7A}] => (Allow) C:\Program Files\Freedom Scientific\Activator\3.0\fsClientActivator.exe
FirewallRules: [{97AC998E-D1AC-473D-8E03-D5A467C22E9A}] => (Allow) C:\Program Files\Freedom Scientific\Activator\3.0\fsClientActivator.exe
FirewallRules: [{CB5A8192-53AD-434A-8B02-91A49BA9B5CB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6A3E0E0F-0ADB-4D09-BE75-67A87C4752EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{9E45F71C-6A76-4AA3-B0E1-E6CE40D5B870}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3BFD62B8-E863-4668-AB82-21D0311571E5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{1D740652-E43E-4C4A-909C-311F67B60D17}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E34C8388-097E-4796-9EF3-D4C0A0294082}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{88A13055-A45F-4E43-A8B7-1A2734FFE511}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B4FC0C82-A18D-4FB3-86E9-4F3A0B683847}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F831FDFA-B862-42D0-A5D6-C1FA27E69B48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{741C1F71-D5A6-437A-8D7F-3F4D7B77E300}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0BCFC957-5239-44E3-ACF5-3855DB9F456D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{184B9B95-71ED-486B-81B8-7D98D8771611}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E69D40-2A18-4D0F-8244-E88D4C9468E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3FFDBE0-4B79-4D81-BB06-1D4DFD994A22}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{83008C14-C90D-4E8F-80F5-61D31E9FDF89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4ED2E120-81F7-4537-9E43-6652D13E8E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realpolitiks\realpolitiks.exe
FirewallRules: [{FC17899F-9B47-4EED-B3AB-5778EB1F194E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realpolitiks\realpolitiks.exe
FirewallRules: [{B3C201AE-1E59-4DB9-9AEC-D66B3B9CA4E9}] => (Allow) D:\Users\XXX\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{6C5C9B0E-2710-43C2-94C2-70D5145FD793}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6DE7D55A-8706-4BC8-B228-D7684447B612}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACE971FC-8AB3-4CA1-B486-56764AF0056A}] => (Allow) LPort=12345
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

28-02-2017 16:47:41 Removed ClickShare Launcher
01-03-2017 11:55:38 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/02/2017 07:48:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "d:\users\XXX\downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/02/2017 07:44:25 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/02/2017 07:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/02/2017 07:43:45 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/01/2017 05:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/01/2017 05:17:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/01/2017 05:17:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/01/2017 05:14:55 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/01/2017 05:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/01/2017 05:14:09 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (03/02/2017 07:45:54 AM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (03/02/2017 07:44:24 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: AD-ONE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/02/2017 07:43:57 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID 
{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}
 und APPID 
{AD65A69D-3831-40D7-9629-9B0B50A93843}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (03/02/2017 07:43:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
VBoxNetAdp

Error: (03/02/2017 07:43:34 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/02/2017 07:43:34 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne AD-ONE aufgrund der folgenden
Ursache nicht einrichten: 
Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar.


Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (03/01/2017 08:20:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/01/2017 06:00:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Multi-user Cleanup Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2017 06:00:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lotus Notes-Diagnose" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/01/2017 06:00:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lotus Notes Smart Upgrade Service       " wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4600M CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8097.27 MB
Verfügbarer physikalischer RAM: 5425.39 MB
Summe virtueller Speicher: 16192.71 MB
Verfügbarer virtueller Speicher: 13108.69 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:80 GB) (Free:8.91 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:158.47 GB) (Free:42.65 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A61E5F51)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=158.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

zoror · 02.03.2017, 08:26

TDSSKiller-Teil 1:

Code:

ATTFilter

08:09:45.0427 0x1a04  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
08:09:50.0711 0x1a04  ============================================================
08:09:50.0711 0x1a04  Current date / time: 2017/03/02 08:09:50.0711
08:09:50.0711 0x1a04  SystemInfo:
08:09:50.0711 0x1a04  
08:09:50.0711 0x1a04  OS Version: 6.1.7601 ServicePack: 1.0
08:09:50.0711 0x1a04  Product type: Workstation
08:09:50.0712 0x1a04  ComputerName: XXX
08:09:50.0712 0x1a04  UserName: XXX
08:09:50.0712 0x1a04  Windows directory: C:\WINDOWS
08:09:50.0712 0x1a04  System windows directory: C:\WINDOWS
08:09:50.0712 0x1a04  Running under WOW64
08:09:50.0712 0x1a04  Processor architecture: Intel x64
08:09:50.0712 0x1a04  Number of processors: 4
08:09:50.0712 0x1a04  Page size: 0x1000
08:09:50.0712 0x1a04  Boot type: Normal boot
08:09:50.0712 0x1a04  CodeIntegrityOptions = 0x00000001
08:09:50.0712 0x1a04  ============================================================
08:09:51.0121 0x1a04  KLMD registered as C:\WINDOWS\system32\drivers\58738549.sys
08:09:51.0121 0x1a04  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23572, osProperties = 0x1
08:09:51.0284 0x1a04  System UUID: {9FC86420-6418-C61B-EF51-9EDD2AEAACF9}
08:09:51.0794 0x1a04  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:09:51.0800 0x1a04  ============================================================
08:09:51.0800 0x1a04  \Device\Harddisk0\DR0:
08:09:51.0800 0x1a04  MBR partitions:
08:09:51.0800 0x1a04  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
08:09:51.0800 0x1a04  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x13CF2000
08:09:51.0800 0x1a04  ============================================================
08:09:51.0801 0x1a04  C: <-> \Device\Harddisk0\DR0\Partition1
08:09:51.0803 0x1a04  D: <-> \Device\Harddisk0\DR0\Partition2
08:09:51.0803 0x1a04  ============================================================
08:09:51.0803 0x1a04  Initialize success
08:09:51.0803 0x1a04  ============================================================
08:10:22.0402 0x0e2c  ============================================================
08:10:22.0402 0x0e2c  Scan started
08:10:22.0402 0x0e2c  Mode: Manual; 
08:10:22.0402 0x0e2c  ============================================================
08:10:22.0402 0x0e2c  KSN ping started
08:10:22.0592 0x0e2c  KSN ping finished: true
08:10:22.0927 0x0e2c  ================ Scan system memory ========================
08:10:22.0927 0x0e2c  System memory - ok
08:10:22.0927 0x0e2c  ================ Scan services =============================
08:10:22.0953 0x0e2c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\WINDOWS\system32\drivers\1394ohci.sys
08:10:22.0956 0x0e2c  1394ohci - ok
08:10:22.0978 0x0e2c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
08:10:22.0982 0x0e2c  ACPI - ok
08:10:22.0985 0x0e2c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\WINDOWS\system32\drivers\acpipmi.sys
08:10:22.0986 0x0e2c  AcpiPmi - ok
08:10:22.0990 0x0e2c  [ 5AE65DCD983077278A6173C2872BCA99, 81C4DE30A3C20338761D04121773C7B4BB88F8A0AF82F55B8EBF3C84194AD9B6 ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
08:10:22.0992 0x0e2c  acsock - ok
08:10:22.0997 0x0e2c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:10:22.0999 0x0e2c  AdobeARMservice - ok
08:10:23.0018 0x0e2c  [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:10:23.0021 0x0e2c  AdobeFlashPlayerUpdateSvc - ok
08:10:23.0032 0x0e2c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
08:10:23.0038 0x0e2c  adp94xx - ok
08:10:23.0046 0x0e2c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
08:10:23.0051 0x0e2c  adpahci - ok
08:10:23.0057 0x0e2c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
08:10:23.0060 0x0e2c  adpu320 - ok
08:10:23.0064 0x0e2c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
08:10:23.0066 0x0e2c  AeLookupSvc - ok
08:10:23.0076 0x0e2c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
08:10:23.0082 0x0e2c  AFD - ok
08:10:23.0194 0x0e2c  [ 8CBF62DB3F78A97567F12A43ADA9C8B4, 21386C9641538ACBDFE7A7D2AC4C58F9B9B98E28DC3A5EDB6870E7B3B4373351 ] AgentService    C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
08:10:23.0277 0x0e2c  AgentService - ok
08:10:23.0287 0x0e2c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
08:10:23.0288 0x0e2c  agp440 - ok
08:10:23.0292 0x0e2c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\WINDOWS\System32\alg.exe
08:10:23.0293 0x0e2c  ALG - ok
08:10:23.0296 0x0e2c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\WINDOWS\system32\drivers\aliide.sys
08:10:23.0297 0x0e2c  aliide - ok
08:10:23.0303 0x0e2c  [ 652F9EBA0766207CB0B9477E25B5B08F, ABCA8DCD3CF4D3068CAA680C0AAC107848AA81805E42C90A39279E319E562F5E ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
08:10:23.0306 0x0e2c  AMD External Events Utility - ok
08:10:23.0309 0x0e2c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\WINDOWS\system32\drivers\amdide.sys
08:10:23.0310 0x0e2c  amdide - ok
08:10:23.0314 0x0e2c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\WINDOWS\system32\drivers\amdk8.sys
08:10:23.0315 0x0e2c  AmdK8 - ok
08:10:23.0482 0x0e2c  [ 285118981EA17669264A5E4B0190AA9A, A077B4FF5BED35BF5045239188BD26288116FD750C6781BE59A1736822FC8AC4 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
08:10:23.0615 0x0e2c  amdkmdag - ok
08:10:23.0640 0x0e2c  [ D6A60E1F6B4B02F2E6107B5A169D9F54, A20A2F539F11B794A2025244A9B9B9428C2489E3C0F910503478A530D4F4E309 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
08:10:23.0647 0x0e2c  amdkmdap - ok
08:10:23.0651 0x0e2c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\WINDOWS\system32\drivers\amdppm.sys
08:10:23.0652 0x0e2c  AmdPPM - ok
08:10:23.0656 0x0e2c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
08:10:23.0658 0x0e2c  amdsata - ok
08:10:23.0664 0x0e2c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
08:10:23.0666 0x0e2c  amdsbs - ok
08:10:23.0670 0x0e2c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
08:10:23.0671 0x0e2c  amdxata - ok
08:10:23.0680 0x0e2c  [ 8F67421782B5D818247AA559718D664B, 1394FC821EDF9AB9A9738678A156B0C31E0B383BE2043EF677B7B1F0C99CC167 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:10:23.0687 0x0e2c  ApfiltrService - ok
08:10:23.0691 0x0e2c  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
08:10:23.0692 0x0e2c  AppID - ok
08:10:23.0695 0x0e2c  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
08:10:23.0696 0x0e2c  AppIDSvc - ok
08:10:23.0700 0x0e2c  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\WINDOWS\System32\appinfo.dll
08:10:23.0701 0x0e2c  Appinfo - ok
08:10:23.0710 0x0e2c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:10:23.0713 0x0e2c  AppMgmt - ok
08:10:23.0717 0x0e2c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\WINDOWS\system32\drivers\arc.sys
08:10:23.0719 0x0e2c  arc - ok
08:10:23.0723 0x0e2c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
08:10:23.0725 0x0e2c  arcsas - ok
08:10:23.0735 0x0e2c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:10:23.0737 0x0e2c  aspnet_state - ok
08:10:23.0740 0x0e2c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:10:23.0741 0x0e2c  AsyncMac - ok
08:10:23.0744 0x0e2c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
08:10:23.0745 0x0e2c  atapi - ok
08:10:23.0760 0x0e2c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\WINDOWS\System32\Audiosrv.dll
08:10:23.0769 0x0e2c  AudioEndpointBuilder - ok
08:10:23.0782 0x0e2c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\WINDOWS\System32\Audiosrv.dll
08:10:23.0794 0x0e2c  AudioSrv - ok
08:10:23.0799 0x0e2c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
08:10:23.0801 0x0e2c  AxInstSV - ok
08:10:23.0810 0x0e2c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
08:10:23.0816 0x0e2c  b06bdrv - ok
08:10:23.0823 0x0e2c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\WINDOWS\system32\DRIVERS\b57nd60a.sys
08:10:23.0827 0x0e2c  b57nd60a - ok
08:10:23.0832 0x0e2c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
08:10:23.0834 0x0e2c  BDESVC - ok
08:10:23.0836 0x0e2c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:10:23.0837 0x0e2c  Beep - ok
08:10:23.0849 0x0e2c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\WINDOWS\System32\bfe.dll
08:10:23.0858 0x0e2c  BFE - ok
08:10:23.0874 0x0e2c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\WINDOWS\System32\qmgr.dll
08:10:23.0885 0x0e2c  BITS - ok
08:10:23.0889 0x0e2c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\WINDOWS\system32\DRIVERS\blbdrive.sys
08:10:23.0890 0x0e2c  blbdrive - ok
08:10:23.0911 0x0e2c  [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
08:10:23.0925 0x0e2c  Bluetooth Device Monitor - ok
08:10:23.0955 0x0e2c  [ F6234C4C494D411DEE452483C866EFC8, 9F12A93D9DDF2D436900447B64855549866B8E895128B1A9BE9717ED77F722F7 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
08:10:23.0975 0x0e2c  Bluetooth Media Service - ok
08:10:23.0995 0x0e2c  [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
08:10:24.0009 0x0e2c  Bluetooth OBEX Service - ok
08:10:24.0014 0x0e2c  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
08:10:24.0016 0x0e2c  bowser - ok
08:10:24.0018 0x0e2c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\WINDOWS\system32\drivers\BrFiltLo.sys
08:10:24.0019 0x0e2c  BrFiltLo - ok
08:10:24.0022 0x0e2c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\WINDOWS\system32\drivers\BrFiltUp.sys
08:10:24.0023 0x0e2c  BrFiltUp - ok
08:10:24.0027 0x0e2c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\WINDOWS\System32\browser.dll
08:10:24.0030 0x0e2c  Browser - ok
08:10:24.0036 0x0e2c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\WINDOWS\System32\Drivers\Brserid.sys
08:10:24.0040 0x0e2c  Brserid - ok
08:10:24.0043 0x0e2c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\WINDOWS\System32\Drivers\BrSerWdm.sys
08:10:24.0044 0x0e2c  BrSerWdm - ok
08:10:24.0047 0x0e2c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
08:10:24.0048 0x0e2c  BrUsbMdm - ok
08:10:24.0051 0x0e2c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\WINDOWS\System32\Drivers\BrUsbSer.sys
08:10:24.0052 0x0e2c  BrUsbSer - ok
08:10:24.0055 0x0e2c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:10:24.0057 0x0e2c  BthEnum - ok
08:10:24.0060 0x0e2c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:10:24.0061 0x0e2c  BTHMODEM - ok
08:10:24.0065 0x0e2c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:10:24.0067 0x0e2c  BthPan - ok
08:10:24.0078 0x0e2c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
08:10:24.0085 0x0e2c  BTHPORT - ok
08:10:24.0089 0x0e2c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\WINDOWS\system32\bthserv.dll
08:10:24.0091 0x0e2c  bthserv - ok
08:10:24.0094 0x0e2c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:10:24.0096 0x0e2c  BTHUSB - ok
08:10:24.0099 0x0e2c  [ 0D377E7AA849056D54638F380490A523, 9371AC68139A27DCD53AAFED243673C946AAA72C0BAE0C9AFFAD1D9CEF7A2D05 ] btmaudio        C:\WINDOWS\system32\drivers\btmaud.sys
08:10:24.0101 0x0e2c  btmaudio - ok
08:10:24.0105 0x0e2c  [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
08:10:24.0107 0x0e2c  btmaux - ok
08:10:24.0131 0x0e2c  [ C446E06887B7064B204E7778C4A4D192, DB3F26C76D0380FAB4F324D9E0E3DF790B294A1FB9B271004130E50E8F7E69F1 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
08:10:24.0148 0x0e2c  btmhsf - ok
08:10:24.0184 0x0e2c  [ 1B55CCCCDCE6D25FA03369C788AF3EC9, D04D5A425894D3E8C589DA00385F416F9E3A9C6ED3F247420E8E1936D96F3379 ] CcmExec         C:\WINDOWS\CCM\CcmExec.exe
08:10:24.0205 0x0e2c  CcmExec - ok
08:10:24.0211 0x0e2c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
08:10:24.0213 0x0e2c  cdfs - ok
08:10:24.0217 0x0e2c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:10:24.0220 0x0e2c  cdrom - ok
08:10:24.0223 0x0e2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
08:10:24.0225 0x0e2c  CertPropSvc - ok
08:10:24.0229 0x0e2c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\WINDOWS\system32\drivers\circlass.sys
08:10:24.0230 0x0e2c  circlass - ok
08:10:24.0238 0x0e2c  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\WINDOWS\system32\CLFS.sys
08:10:24.0243 0x0e2c  CLFS - ok
08:10:24.0309 0x0e2c  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
08:10:24.0351 0x0e2c  ClickToRunSvc - ok
08:10:24.0359 0x0e2c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:10:24.0361 0x0e2c  clr_optimization_v2.0.50727_32 - ok
08:10:24.0367 0x0e2c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:10:24.0369 0x0e2c  clr_optimization_v2.0.50727_64 - ok
08:10:24.0376 0x0e2c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:10:24.0380 0x0e2c  clr_optimization_v4.0.30319_32 - ok
08:10:24.0384 0x0e2c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:10:24.0387 0x0e2c  clr_optimization_v4.0.30319_64 - ok
08:10:24.0389 0x0e2c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:10:24.0390 0x0e2c  CmBatt - ok
08:10:24.0393 0x0e2c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\WINDOWS\system32\drivers\cmdide.sys
08:10:24.0394 0x0e2c  cmdide - ok
08:10:24.0406 0x0e2c  [ 231F29AAFD9D67630A4EF137BD2B9580, A8A479D49CD830BD5E3FD4A7963EF715BC226D45E5C60423D3863085ABCA4BC4 ] CmRcService     C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
08:10:24.0414 0x0e2c  CmRcService - ok
08:10:24.0433 0x0e2c  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
08:10:24.0439 0x0e2c  CNG - ok
08:10:24.0442 0x0e2c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\WINDOWS\system32\drivers\compbatt.sys
08:10:24.0443 0x0e2c  Compbatt - ok
08:10:24.0446 0x0e2c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\WINDOWS\system32\DRIVERS\CompositeBus.sys
08:10:24.0447 0x0e2c  CompositeBus - ok
08:10:24.0449 0x0e2c  COMSysApp - ok
08:10:24.0467 0x0e2c  [ D9A15B9C213E7581AA434F11BA69DCEA, D4A5F601A619C424ADE66110DE87565970EC537A9E55472ED20D94AFC4E5BB0B ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
08:10:24.0471 0x0e2c  cphs - ok
08:10:24.0474 0x0e2c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\WINDOWS\system32\drivers\crcdisk.sys
08:10:24.0475 0x0e2c  crcdisk - ok
08:10:24.0480 0x0e2c  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
08:10:24.0483 0x0e2c  CryptSvc - ok
08:10:24.0493 0x0e2c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\WINDOWS\system32\drivers\csc.sys
08:10:24.0500 0x0e2c  CSC - ok
08:10:24.0512 0x0e2c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\WINDOWS\System32\cscsvc.dll
08:10:24.0521 0x0e2c  CscService - ok
08:10:24.0526 0x0e2c  [ 6C9CF7CB91048B306341346924CC2E08, C8D681EF93E89710FFEFD230D7710A874AED38DB8C578F56EA0D412878578FDC ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
08:10:24.0528 0x0e2c  ctxusbm - ok
08:10:24.0532 0x0e2c  [ D4D81C4A43F8FF9BCA56D594C3B145EE, 66584A367E721CC0E726629BB85AFFAC2149301315B582E226CF2F9E35A7DDF2 ] cvusbdrv        C:\WINDOWS\system32\Drivers\cvusbdrv.sys
08:10:24.0533 0x0e2c  cvusbdrv - ok
08:10:24.0539 0x0e2c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
08:10:24.0541 0x0e2c  dbupdate - ok
08:10:24.0545 0x0e2c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
08:10:24.0547 0x0e2c  dbupdatem - ok
08:10:24.0550 0x0e2c  dbx - ok
08:10:24.0553 0x0e2c  [ 5B7A202DECF962A6C9A2E759551BF05E, 6BA11F7728C0A13EA4B6EF478584AE0117BA5909346FF6FE20308674F34701D7 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
08:10:24.0555 0x0e2c  DbxSvc - ok
08:10:24.0565 0x0e2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:10:24.0572 0x0e2c  DcomLaunch - ok
08:10:24.0579 0x0e2c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
08:10:24.0584 0x0e2c  defragsvc - ok
08:10:24.0588 0x0e2c  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\WINDOWS\system32\Drivers\dfsc.sys
08:10:24.0590 0x0e2c  DfsC - ok
08:10:24.0597 0x0e2c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
08:10:24.0601 0x0e2c  Dhcp - ok
08:10:24.0625 0x0e2c  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
08:10:24.0642 0x0e2c  DiagTrack - ok
08:10:24.0646 0x0e2c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\WINDOWS\system32\drivers\discache.sys
08:10:24.0647 0x0e2c  discache - ok
08:10:24.0651 0x0e2c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\WINDOWS\system32\drivers\disk.sys
08:10:24.0653 0x0e2c  Disk - ok
08:10:24.0656 0x0e2c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\WINDOWS\system32\drivers\dmvsc.sys
08:10:24.0657 0x0e2c  dmvsc - ok
08:10:24.0662 0x0e2c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:10:24.0665 0x0e2c  Dnscache - ok
08:10:24.0672 0x0e2c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:10:24.0676 0x0e2c  dot3svc - ok
08:10:24.0680 0x0e2c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\WINDOWS\system32\dps.dll
08:10:24.0683 0x0e2c  DPS - ok
08:10:24.0686 0x0e2c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:10:24.0687 0x0e2c  drmkaud - ok
08:10:24.0810 0x0e2c  [ 716B5149F7866AE6D421718ACFE3ED3E, 6A3DD1E02ABCDBA188115A2864241EB76F90048618BB010465FE2AEF49027878 ] DSASvc          C:\WINDOWS\system32\dgagent\DSAGENT.exe
08:10:24.0909 0x0e2c  DSASvc - ok
08:10:24.0936 0x0e2c  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
08:10:24.0948 0x0e2c  DXGKrnl - ok
08:10:24.0959 0x0e2c  [ C47C212490AE1C2AB4A34A40C39485B4, 1B739D8F5BA344F14C78B547ABE281EEE13916D976A7E97B39A9E779D198B9E3 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d62x64.sys
08:10:24.0965 0x0e2c  e1dexpress - ok
08:10:24.0970 0x0e2c  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\WINDOWS\system32\DRIVERS\E1G6032E.sys
08:10:24.0973 0x0e2c  E1G60 - ok
08:10:24.0977 0x0e2c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:10:24.0979 0x0e2c  EapHost - ok
08:10:25.0028 0x0e2c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
08:10:25.0068 0x0e2c  ebdrv - ok
08:10:25.0078 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\WINDOWS\System32\lsass.exe
08:10:25.0082 0x0e2c  EFS - ok
08:10:25.0093 0x0e2c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\WINDOWS\system32\drivers\elxstor.sys
08:10:25.0100 0x0e2c  elxstor - ok
08:10:25.0102 0x0e2c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\WINDOWS\system32\drivers\errdev.sys
08:10:25.0103 0x0e2c  ErrDev - ok
08:10:25.0107 0x0e2c  [ BE8117569CAA36E03683CC1BACEA1347, F4C55264838166EFC8A05ED1BA36F13B9BAD500CC17204D4C814050B8C18E107 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
08:10:25.0109 0x0e2c  ESProtectionDriver - ok
08:10:25.0118 0x0e2c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\WINDOWS\system32\es.dll
08:10:25.0123 0x0e2c  EventSystem - ok
08:10:25.0128 0x0e2c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
08:10:25.0131 0x0e2c  exfat - ok
08:10:25.0139 0x0e2c  [ E71180813FB5B34DBC2E367E991FB150, F06B0EF56328EF338604347642002951AC34CD0BDF2C9BA75A0C0880F3BE359E ] F5 Networks Component Installer C:\WINDOWS\SysWOW64\F5InstallerService.exe
08:10:25.0145 0x0e2c  F5 Networks Component Installer - ok
08:10:25.0149 0x0e2c  [ 424B57205692F603116370EB17CBFC98, 5A24A3701870022FECA1EAC0A845925830AA188862F0CC238B2D5C9515F57E98 ] f5ipfw          C:\WINDOWS\system32\drivers\urfltv64.sys
08:10:25.0150 0x0e2c  f5ipfw - ok
08:10:25.0155 0x0e2c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
08:10:25.0158 0x0e2c  fastfat - ok
08:10:25.0170 0x0e2c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:10:25.0179 0x0e2c  Fax - ok
08:10:25.0182 0x0e2c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\WINDOWS\system32\drivers\fdc.sys
08:10:25.0183 0x0e2c  fdc - ok
08:10:25.0186 0x0e2c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
08:10:25.0187 0x0e2c  fdPHost - ok
08:10:25.0189 0x0e2c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
08:10:25.0191 0x0e2c  FDResPub - ok
08:10:25.0194 0x0e2c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
08:10:25.0196 0x0e2c  FileInfo - ok
08:10:25.0198 0x0e2c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
08:10:25.0199 0x0e2c  Filetrace - ok
08:10:25.0202 0x0e2c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\WINDOWS\system32\drivers\flpydisk.sys
08:10:25.0203 0x0e2c  flpydisk - ok
08:10:25.0209 0x0e2c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:10:25.0213 0x0e2c  FltMgr - ok
08:10:25.0233 0x0e2c  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\WINDOWS\system32\FntCache.dll
08:10:25.0247 0x0e2c  FontCache - ok
08:10:25.0252 0x0e2c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:10:25.0253 0x0e2c  FontCache3.0.0.0 - ok
08:10:25.0256 0x0e2c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
08:10:25.0257 0x0e2c  FsDepends - ok
08:10:25.0259 0x0e2c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:10:25.0260 0x0e2c  Fs_Rec - ok
08:10:25.0265 0x0e2c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
08:10:25.0268 0x0e2c  fvevol - ok
08:10:25.0271 0x0e2c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
08:10:25.0272 0x0e2c  gagp30kx - ok
08:10:25.0286 0x0e2c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
08:10:25.0296 0x0e2c  gpsvc - ok
08:10:25.0302 0x0e2c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:10:25.0304 0x0e2c  gupdate - ok
08:10:25.0308 0x0e2c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:10:25.0310 0x0e2c  gupdatem - ok
08:10:25.0313 0x0e2c  [ 9932E254656DF50C514B8AE61EF12CCC, 502C06A9FE869CF65508155ABCD29640D5A0097FBF199DF0D61D9193D98C978B ] hcmon           C:\WINDOWS\system32\drivers\hcmon.sys
08:10:25.0315 0x0e2c  hcmon - ok
08:10:25.0317 0x0e2c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\WINDOWS\system32\drivers\hcw85cir.sys
08:10:25.0318 0x0e2c  hcw85cir - ok
08:10:25.0325 0x0e2c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
08:10:25.0330 0x0e2c  HdAudAddService - ok
08:10:25.0334 0x0e2c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:10:25.0336 0x0e2c  HDAudBus - ok
08:10:25.0338 0x0e2c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\WINDOWS\system32\drivers\HidBatt.sys
08:10:25.0339 0x0e2c  HidBatt - ok
08:10:25.0342 0x0e2c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\WINDOWS\system32\drivers\hidbth.sys
08:10:25.0344 0x0e2c  HidBth - ok
08:10:25.0346 0x0e2c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\WINDOWS\system32\drivers\hidir.sys
08:10:25.0348 0x0e2c  HidIr - ok
08:10:25.0350 0x0e2c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\WINDOWS\system32\hidserv.dll
08:10:25.0352 0x0e2c  hidserv - ok
08:10:25.0354 0x0e2c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:10:25.0355 0x0e2c  HidUsb - ok
08:10:25.0358 0x0e2c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
08:10:25.0360 0x0e2c  hkmsvc - ok
08:10:25.0365 0x0e2c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
08:10:25.0369 0x0e2c  HomeGroupListener - ok
08:10:25.0374 0x0e2c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
08:10:25.0377 0x0e2c  HomeGroupProvider - ok
08:10:25.0381 0x0e2c  [ 86724A200BF1F08A03FB563660FCD928, E2BDD30D7AFECB0F517BB02C788C93D506FB2B180DCA239BC4A1FEDB1E986EAD ] HP DS Service   C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
08:10:25.0381 0x0e2c  HP DS Service - ok
08:10:25.0386 0x0e2c  [ 9C42E435F629CD8512BECFA082762425, BC817D05E5B8BE05CAB05F075A2C0B3CCF39E6BBD924BD0040C698F4D4580677 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
08:10:25.0388 0x0e2c  HP LaserJet Service - ok
08:10:25.0391 0x0e2c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
08:10:25.0393 0x0e2c  HpSAMD - ok
08:10:25.0406 0x0e2c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
08:10:25.0415 0x0e2c  HTTP - ok
08:10:25.0418 0x0e2c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
08:10:25.0419 0x0e2c  hwpolicy - ok
08:10:25.0424 0x0e2c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:10:25.0425 0x0e2c  i8042prt - ok
08:10:25.0450 0x0e2c  [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA         C:\WINDOWS\system32\DRIVERS\iaStorA.sys
08:10:25.0458 0x0e2c  iaStorA - ok
08:10:25.0464 0x0e2c  [ B9D5AE799CB622C144AE5399C55EF29B, 5C2858590436EEDDE029C5448AEC3ACBB1C0FCED23F305302BAF831C6EC1654A ] iaStorF         C:\WINDOWS\system32\DRIVERS\iaStorF.sys
08:10:25.0465 0x0e2c  iaStorF - ok
08:10:25.0481 0x0e2c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
08:10:25.0486 0x0e2c  iaStorV - ok
08:10:25.0491 0x0e2c  [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] ibtfltcoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
08:10:25.0493 0x0e2c  ibtfltcoex - ok
08:10:25.0503 0x0e2c  [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva         C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
08:10:25.0505 0x0e2c  iBtSiva - ok
08:10:25.0510 0x0e2c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:10:25.0511 0x0e2c  IDriverT - ok
08:10:25.0527 0x0e2c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:10:25.0538 0x0e2c  idsvc - ok
08:10:25.0541 0x0e2c  IEEtwCollectorService - ok
08:10:25.0607 0x0e2c  [ 13AD8E01E974926E09D053DB370F2E41, 2D2EC184D02742001B65B92B2A4E044AAAC64794D5C230257FD3C2BAD3AD4E87 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
08:10:25.0658 0x0e2c  igfx - ok
08:10:25.0668 0x0e2c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
08:10:25.0670 0x0e2c  iirsp - ok
08:10:25.0687 0x0e2c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
08:10:25.0701 0x0e2c  IKEEXT - ok
08:10:25.0745 0x0e2c  [ CCB47A176CC6D8B6A092695A0D929A95, F32BF742F9B385EE3175EEEAD057FFC49A41E9D994BB9EED192C36511D52F36D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTDVHD64.sys
08:10:25.0776 0x0e2c  IntcAzAudAddService - ok
08:10:25.0788 0x0e2c  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
08:10:25.0794 0x0e2c  IntcDAud - ok
08:10:25.0802 0x0e2c  [ 7C57484163A14A6635C00BAC8E860B73, 516A55BA7A16760375CA6A6CB1F79ABC66CA543924D7ADCA668CCD5319BA6E9E ] Intel(R) PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
08:10:25.0807 0x0e2c  Intel(R) PROSet Monitoring Service - ok
08:10:25.0810 0x0e2c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
08:10:25.0810 0x0e2c  intelide - ok
08:10:25.0814 0x0e2c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:10:25.0816 0x0e2c  intelppm - ok
08:10:25.0821 0x0e2c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\WINDOWS\system32\ipbusenum.dll
08:10:25.0823 0x0e2c  IPBusEnum - ok
08:10:25.0827 0x0e2c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:10:25.0828 0x0e2c  IpFilterDriver - ok
08:10:25.0839 0x0e2c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
08:10:25.0847 0x0e2c  iphlpsvc - ok
08:10:25.0852 0x0e2c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\WINDOWS\system32\drivers\IPMIDrv.sys
08:10:25.0853 0x0e2c  IPMIDRV - ok
08:10:25.0857 0x0e2c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
08:10:25.0859 0x0e2c  IPNAT - ok
08:10:25.0863 0x0e2c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
08:10:25.0864 0x0e2c  IRENUM - ok
08:10:25.0867 0x0e2c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
08:10:25.0868 0x0e2c  isapnp - ok
08:10:25.0875 0x0e2c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\WINDOWS\system32\drivers\msiscsi.sys
08:10:25.0879 0x0e2c  iScsiPrt - ok
08:10:25.0882 0x0e2c  [ A26955DC2350415849C05496D5563E5A, A9204F86EFDC9283252154229ECD7025FACA954980346C2205D4821EB7F3786D ] iusb3hcs        C:\WINDOWS\system32\DRIVERS\iusb3hcs.sys
08:10:25.0883 0x0e2c  iusb3hcs - ok
08:10:25.0893 0x0e2c  [ 67DE0E5CA733D0086326D242F74C72C0, 0356788C8F0AAE6E573419BF3906B003F8744E740E2D16DC587440B9F672D6EA ] iusb3hub        C:\WINDOWS\system32\DRIVERS\iusb3hub.sys
08:10:25.0898 0x0e2c  iusb3hub - ok
08:10:25.0915 0x0e2c  [ 91B6B48710A35E9F308BC97F29716427, C662FD78B02A8B5A312A95E25123CEA6BC7295E1A756ED828566A02BC7E80588 ] iusb3xhc        C:\WINDOWS\system32\DRIVERS\iusb3xhc.sys
08:10:25.0925 0x0e2c  iusb3xhc - ok
08:10:25.0929 0x0e2c  [ 8BAECD09CF6DABB25C0C1BD262E0F7F7, B16A0BB2882B65FA8339BADB847EBF4800DD0166FEBEB21A8BC79DA8F9058157 ] JabraDFU        C:\WINDOWS\system32\Drivers\JabraMobileCsrDfuX64.sys
08:10:25.0930 0x0e2c  JabraDFU - ok
08:10:25.0933 0x0e2c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:10:25.0934 0x0e2c  kbdclass - ok
08:10:25.0936 0x0e2c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:10:25.0937 0x0e2c  kbdhid - ok
08:10:25.0940 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\WINDOWS\system32\lsass.exe
08:10:25.0941 0x0e2c  KeyIso - ok
08:10:25.0944 0x0e2c  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
08:10:25.0946 0x0e2c  KSecDD - ok
08:10:25.0950 0x0e2c  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
08:10:25.0953 0x0e2c  KSecPkg - ok
08:10:25.0955 0x0e2c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
08:10:25.0956 0x0e2c  ksthunk - ok
08:10:25.0963 0x0e2c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
08:10:25.0969 0x0e2c  KtmRm - ok
08:10:25.0975 0x0e2c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
08:10:25.0979 0x0e2c  LanmanServer - ok
08:10:25.0982 0x0e2c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
08:10:25.0985 0x0e2c  LanmanWorkstation - ok
08:10:25.0989 0x0e2c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
08:10:25.0990 0x0e2c  lltdio - ok
08:10:25.0997 0x0e2c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
08:10:26.0001 0x0e2c  lltdsvc - ok
08:10:26.0004 0x0e2c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
08:10:26.0005 0x0e2c  lmhosts - ok
08:10:26.0011 0x0e2c  [ A4674B806C3CB217347470D5568EB21A, 5E8B032D26C2F35FB5F0F2DABC91D7B9671E2C8E73464E4DCB17A5F0731457F0 ] LNSUSvc         C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
08:10:26.0016 0x0e2c  LNSUSvc - ok
08:10:26.0081 0x0e2c  [ 032A8CA261133860761932695EF72031, 664ADB3CE59CCD3748E773B2EAD324FBD25D734629CFEDC018054D4A796CB3E2 ] Lotus Notes Diagnostics C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
08:10:26.0132 0x0e2c  Lotus Notes Diagnostics - ok
08:10:26.0142 0x0e2c  [ 551FC1CE339A6A7C655B6C99C07C1ABB, 26F86BB321FDEE7834B2BBF26D270BE9545E9424D450F6751D4231418FA1D813 ] lpasvc          C:\Program Files\Microsoft Policy Platform\policyHost.exe
08:10:26.0144 0x0e2c  lpasvc - ok
08:10:26.0146 0x0e2c  [ 551FC1CE339A6A7C655B6C99C07C1ABB, 26F86BB321FDEE7834B2BBF26D270BE9545E9424D450F6751D4231418FA1D813 ] lppsvc          C:\Program Files\Microsoft Policy Platform\policyHost.exe
08:10:26.0147 0x0e2c  lppsvc - ok
08:10:26.0151 0x0e2c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\WINDOWS\system32\drivers\lsi_fc.sys
08:10:26.0153 0x0e2c  LSI_FC - ok
08:10:26.0157 0x0e2c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
08:10:26.0159 0x0e2c  LSI_SAS - ok
08:10:26.0161 0x0e2c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
08:10:26.0163 0x0e2c  LSI_SAS2 - ok
08:10:26.0166 0x0e2c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
08:10:26.0168 0x0e2c  LSI_SCSI - ok
08:10:26.0172 0x0e2c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
08:10:26.0174 0x0e2c  luafv - ok
08:10:26.0177 0x0e2c  [ 1D12D4D0ABC5BB00A5E8FEB9A9601731, CD860BFBD86FD141C02537687F2B1E060B5754E2FFBA613BFCF332FFBB70CE28 ] LV_Tracker      C:\WINDOWS\system32\DRIVERS\LV_Tracker64.sys
08:10:26.0179 0x0e2c  LV_Tracker - ok
08:10:26.0183 0x0e2c  [ 0E4AD4D8C0A8048C00CAD9CFA082A26E, 77DE05486CA6A3DFAF7DDF249C27BE0CED7B678623D19419FE2B414BBA1E6F8E ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
08:10:26.0186 0x0e2c  MBAMChameleon - ok
08:10:26.0191 0x0e2c  [ E8922903632E78D9E60375E117089088, DE4E17E923AF1DAE0F42990BFBBD35CE9E0FD0483059FEDAA7B5F98034ED23AF ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
08:10:26.0193 0x0e2c  MBAMFarflt - ok
08:10:26.0195 0x0e2c  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
08:10:26.0196 0x0e2c  MBAMProtection - ok
08:10:26.0260 0x0e2c  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
08:10:26.0309 0x0e2c  MBAMService - ok
08:10:26.0321 0x0e2c  [ BDE2FC7213C0897524C1357BAAE30239, 1E1AB68145107429217E07A662477C86406E0188BE9F01CAC416AC13054D1A5E ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
08:10:26.0325 0x0e2c  MBAMSwissArmy - ok
08:10:26.0327 0x0e2c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
08:10:26.0329 0x0e2c  megasas - ok
08:10:26.0335 0x0e2c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
08:10:26.0339 0x0e2c  MegaSR - ok
08:10:26.0342 0x0e2c  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\WINDOWS\system32\DRIVERS\HECIx64.sys
08:10:26.0343 0x0e2c  MEIx64 - ok
08:10:26.0346 0x0e2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\WINDOWS\system32\mmcss.dll
08:10:26.0348 0x0e2c  MMCSS - ok
08:10:26.0350 0x0e2c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
08:10:26.0352 0x0e2c  Modem - ok
08:10:26.0354 0x0e2c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\WINDOWS\system32\DRIVERS\monitor.sys
08:10:26.0355 0x0e2c  monitor - ok
08:10:26.0357 0x0e2c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:10:26.0359 0x0e2c  mouclass - ok
08:10:26.0361 0x0e2c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:10:26.0362 0x0e2c  mouhid - ok
08:10:26.0365 0x0e2c  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
08:10:26.0367 0x0e2c  mountmgr - ok
08:10:26.0372 0x0e2c  [ 52A59A679B3F9AE6921D3D4F74C5C9E5, D8046D6E858EFEAEAFB8F64ED24BB47E9254CCC7188007E37150EE4E8A2F83F8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:10:26.0374 0x0e2c  MozillaMaintenance - ok
08:10:26.0378 0x0e2c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\WINDOWS\system32\drivers\mpio.sys
08:10:26.0381 0x0e2c  mpio - ok
08:10:26.0383 0x0e2c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
08:10:26.0385 0x0e2c  mpsdrv - ok
08:10:26.0399 0x0e2c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
08:10:26.0410 0x0e2c  MpsSvc - ok
08:10:26.0415 0x0e2c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
08:10:26.0417 0x0e2c  MRxDAV - ok
08:10:26.0422 0x0e2c  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:10:26.0425 0x0e2c  mrxsmb - ok
08:10:26.0431 0x0e2c  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
08:10:26.0436 0x0e2c  mrxsmb10 - ok
08:10:26.0439 0x0e2c  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
08:10:26.0442 0x0e2c  mrxsmb20 - ok
08:10:26.0444 0x0e2c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\WINDOWS\system32\drivers\msahci.sys
08:10:26.0445 0x0e2c  msahci - ok
08:10:26.0449 0x0e2c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\WINDOWS\system32\drivers\msdsm.sys
08:10:26.0451 0x0e2c  msdsm - ok
08:10:26.0455 0x0e2c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
08:10:26.0458 0x0e2c  MSDTC - ok
08:10:26.0462 0x0e2c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:10:26.0463 0x0e2c  Msfs - ok
08:10:26.0465 0x0e2c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
08:10:26.0466 0x0e2c  mshidkmdf - ok
08:10:26.0468 0x0e2c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
08:10:26.0469 0x0e2c  msisadrv - ok
08:10:26.0473 0x0e2c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
08:10:26.0476 0x0e2c  MSiSCSI - ok
08:10:26.0478 0x0e2c  msiserver - ok
08:10:26.0479 0x0e2c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:10:26.0480 0x0e2c  MSKSSRV - ok
08:10:26.0512 0x0e2c  [ 47A616802531735DF88CD331739D6E97, 28A28794186CC0B5EC5A3838C7CAE16B9DCE2C0BD5873F59CE59F8F4EDA4268B ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
08:10:26.0536 0x0e2c  msoidsvc - ok
08:10:26.0541 0x0e2c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:10:26.0542 0x0e2c  MSPCLOCK - ok
08:10:26.0544 0x0e2c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:10:26.0545 0x0e2c  MSPQM - ok
08:10:26.0552 0x0e2c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
08:10:26.0557 0x0e2c  MsRPC - ok
08:10:26.0561 0x0e2c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:10:26.0562 0x0e2c  mssmbios - ok
08:10:26.0564 0x0e2c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
08:10:26.0565 0x0e2c  MSTEE - ok
08:10:26.0567 0x0e2c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\WINDOWS\system32\drivers\MTConfig.sys
08:10:26.0568 0x0e2c  MTConfig - ok
08:10:26.0570 0x0e2c  [ 1C1CDF54D4183C7CBF2AEF2E5C066295, 1790D4B94176B26767E6AFA4867A20DBA7FBE44761EC07BC1D4469ADA337136E ] Multi-user Cleanup Service C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
08:10:26.0572 0x0e2c  Multi-user Cleanup Service - ok
08:10:26.0575 0x0e2c  [ AA0C2BA3782E92BD85E2264BE418E67C, 8B0953926E83274DF16670F1EF6F4E302F7EE17418F486975C353A406850298C ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
08:10:26.0577 0x0e2c  Mup - ok
08:10:26.0586 0x0e2c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\WINDOWS\system32\qagentRT.dll
08:10:26.0593 0x0e2c  napagent - ok
08:10:26.0600 0x0e2c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
08:10:26.0605 0x0e2c  NativeWifiP - ok
08:10:26.0621 0x0e2c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
08:10:26.0632 0x0e2c  NDIS - ok
08:10:26.0636 0x0e2c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
08:10:26.0637 0x0e2c  NdisCap - ok
08:10:26.0640 0x0e2c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:10:26.0641 0x0e2c  NdisTapi - ok
08:10:26.0643 0x0e2c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:10:26.0645 0x0e2c  Ndisuio - ok
08:10:26.0649 0x0e2c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:10:26.0652 0x0e2c  NdisWan - ok
08:10:26.0655 0x0e2c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:10:26.0656 0x0e2c  NDProxy - ok
08:10:26.0660 0x0e2c  [ 2C723E42FC8D7B0209492828F921FB50, 2ECF9F4D91F317432FB5A6D01D8271BB7E2A5B8A6CA9EF2F2036890D2B072E52 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:10:26.0661 0x0e2c  Net Driver HPZ12 - ok
08:10:26.0664 0x0e2c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:10:26.0665 0x0e2c  NetBIOS - ok
08:10:26.0671 0x0e2c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:10:26.0675 0x0e2c  NetBT - ok
08:10:26.0678 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:10:26.0679 0x0e2c  Netlogon - ok
08:10:26.0687 0x0e2c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\WINDOWS\System32\netman.dll
08:10:26.0692 0x0e2c  Netman - ok
08:10:26.0699 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:10:26.0702 0x0e2c  NetMsmqActivator - ok
08:10:26.0705 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:10:26.0707 0x0e2c  NetPipeActivator - ok
08:10:26.0717 0x0e2c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\WINDOWS\System32\netprofm.dll
08:10:26.0723 0x0e2c  netprofm - ok
08:10:26.0727 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:10:26.0729 0x0e2c  NetTcpActivator - ok
08:10:26.0733 0x0e2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:10:26.0735 0x0e2c  NetTcpPortSharing - ok
08:10:26.0902 0x0e2c  [ 7A72041342E328E91DE46C41722D6AC3, 22A03FD214A5DE94CFC123605A975E14FDDB05A7B51E7BD02F74B617BC32A72F ] NETwNs64        C:\WINDOWS\system32\DRIVERS\NETwsw00.sys
08:10:27.0034 0x0e2c  NETwNs64 - ok
08:10:27.0050 0x0e2c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
08:10:27.0051 0x0e2c  nfrd960 - ok
08:10:27.0058 0x0e2c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
08:10:27.0062 0x0e2c  NlaSvc - ok
08:10:27.0065 0x0e2c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:10:27.0066 0x0e2c  Npfs - ok
08:10:27.0069 0x0e2c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\WINDOWS\system32\nsisvc.dll
08:10:27.0071 0x0e2c  nsi - ok
08:10:27.0073 0x0e2c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
08:10:27.0074 0x0e2c  nsiproxy - ok
08:10:27.0077 0x0e2c  NSNDIS5 - ok
08:10:27.0103 0x0e2c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:10:27.0124 0x0e2c  Ntfs - ok
08:10:27.0213 0x0e2c  [ DED6C4D3CC16024317576DAE98703CF9, 7691A32086CBDAAFB97F3E081FF5EA0288945FBD182354C1865468853194CE3D ] ntrtscan        C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
08:10:27.0278 0x0e2c  ntrtscan - ok
08:10:27.0287 0x0e2c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:10:27.0288 0x0e2c  Null - ok
08:10:27.0292 0x0e2c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
08:10:27.0295 0x0e2c  nvraid - ok
08:10:27.0299 0x0e2c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
08:10:27.0301 0x0e2c  nvstor - ok
08:10:27.0305 0x0e2c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
08:10:27.0307 0x0e2c  nv_agp - ok
08:10:27.0312 0x0e2c  [ 011252EDC0E4A3BECF81306A08DD99DB, F1758D813E0A9C169F9593114D9BEC554D4731137F677AA62AD0FCA86F1B16D4 ] O2FJ2RDR        C:\WINDOWS\system32\DRIVERS\O2FJ2w7x64.sys
08:10:27.0315 0x0e2c  O2FJ2RDR - ok
08:10:27.0318 0x0e2c  [ 4E37455DB16AEC75862B1D0BC35B589E, F60FCE0C3E6C1559B0A8E0A032AFD30216E1DE2142E8E4C181C43DB6C4B5A443 ] O2FLASH         C:\WINDOWS\system32\DRIVERS\o2flash.exe
08:10:27.0320 0x0e2c  O2FLASH - ok
08:10:27.0323 0x0e2c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\WINDOWS\system32\drivers\ohci1394.sys
08:10:27.0324 0x0e2c  ohci1394 - ok
08:10:27.0330 0x0e2c  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:10:27.0333 0x0e2c  ose - ok
08:10:27.0409 0x0e2c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:10:27.0468 0x0e2c  osppsvc - ok
08:10:27.0482 0x0e2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
08:10:27.0487 0x0e2c  p2pimsvc - ok
08:10:27.0496 0x0e2c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
08:10:27.0502 0x0e2c  p2psvc - ok
08:10:27.0505 0x0e2c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
08:10:27.0507 0x0e2c  Parport - ok
08:10:27.0510 0x0e2c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
08:10:27.0512 0x0e2c  partmgr - ok
08:10:27.0516 0x0e2c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
08:10:27.0520 0x0e2c  PcaSvc - ok
08:10:27.0525 0x0e2c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\WINDOWS\system32\drivers\pci.sys
08:10:27.0527 0x0e2c  pci - ok
08:10:27.0530 0x0e2c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
08:10:27.0531 0x0e2c  pciide - ok
08:10:27.0536 0x0e2c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
08:10:27.0539 0x0e2c  pcmcia - ok
08:10:27.0542 0x0e2c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
08:10:27.0543 0x0e2c  pcw - ok
08:10:27.0548 0x0e2c  [ D159BFEF7EA70B61AB2E331BC94A4D75, 4C397DB16EBAD0E1CC69C4E4CF901AF141E8B3CAC3D0CDF15DA27AB0C2DE83D7 ] PDF24           C:\Program Files (x86)\PDF24\pdf24.exe
08:10:27.0551 0x0e2c  PDF24 - ok
08:10:27.0563 0x0e2c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
08:10:27.0572 0x0e2c  PEAUTH - ok
08:10:27.0593 0x0e2c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
08:10:27.0610 0x0e2c  PeerDistSvc - ok
08:10:27.0626 0x0e2c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
08:10:27.0627 0x0e2c  PerfHost - ok
08:10:27.0653 0x0e2c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\WINDOWS\system32\pla.dll
08:10:27.0670 0x0e2c  pla - ok
08:10:27.0680 0x0e2c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
08:10:27.0686 0x0e2c  PlugPlay - ok
08:10:27.0690 0x0e2c  [ 171E6D91A20AAC8D02172A64E82CE90B, 0D51F00D6C0376CD12893620E0A15E687263048CFE20E953F6BB4B7D6CDC3F50 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:10:27.0692 0x0e2c  Pml Driver HPZ12 - ok
08:10:27.0694 0x0e2c  [ AAB547E4278174BEF5DF44A4811D1673, 9A434E78AB5EE7AC08F8102CD7AC70B1A43F9D7FA23CF8B338015105C8B67B84 ] PNPMEM          C:\WINDOWS\system32\DRIVERS\pnpmem.sys
08:10:27.0695 0x0e2c  PNPMEM - ok
08:10:27.0698 0x0e2c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
08:10:27.0699 0x0e2c  PNRPAutoReg - ok
08:10:27.0707 0x0e2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
08:10:27.0712 0x0e2c  PNRPsvc - ok
08:10:27.0722 0x0e2c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
08:10:27.0728 0x0e2c  PolicyAgent - ok
08:10:27.0734 0x0e2c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\WINDOWS\system32\umpo.dll
08:10:27.0737 0x0e2c  Power - ok
08:10:27.0741 0x0e2c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:10:27.0743 0x0e2c  PptpMiniport - ok
08:10:27.0747 0x0e2c  [ C117970D3AE17FCDBA683D1D318B0440, E7E1A100BC1E98D068E81D9E6B9A9018A0193C5C859E39233BD843C4E83F5C47 ] prepdrvr        C:\WINDOWS\system32\DRIVERS\prepdrv.sys
08:10:27.0748 0x0e2c  prepdrvr - ok
08:10:27.0751 0x0e2c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\WINDOWS\system32\drivers\processr.sys
08:10:27.0752 0x0e2c  Processor - ok
08:10:27.0757 0x0e2c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
08:10:27.0761 0x0e2c  ProfSvc - ok
08:10:27.0764 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:10:27.0765 0x0e2c  ProtectedStorage - ok
08:10:27.0769 0x0e2c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
08:10:27.0771 0x0e2c  Psched - ok
08:10:27.0796 0x0e2c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\WINDOWS\system32\drivers\ql2300.sys
08:10:27.0814 0x0e2c  ql2300 - ok
08:10:27.0819 0x0e2c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\WINDOWS\system32\drivers\ql40xx.sys
08:10:27.0821 0x0e2c  ql40xx - ok
08:10:27.0827 0x0e2c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\WINDOWS\system32\qwave.dll
08:10:27.0831 0x0e2c  QWAVE - ok
08:10:27.0834 0x0e2c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
08:10:27.0835 0x0e2c  QWAVEdrv - ok
08:10:27.0838 0x0e2c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:10:27.0839 0x0e2c  RasAcd - ok
08:10:27.0842 0x0e2c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
08:10:27.0843 0x0e2c  RasAgileVpn - ok
08:10:27.0847 0x0e2c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:10:27.0849 0x0e2c  RasAuto - ok
08:10:27.0853 0x0e2c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:10:27.0855 0x0e2c  Rasl2tp - ok
08:10:27.0863 0x0e2c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:10:27.0868 0x0e2c  RasMan - ok
08:10:27.0872 0x0e2c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:10:27.0874 0x0e2c  RasPppoe - ok
08:10:27.0877 0x0e2c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
08:10:27.0879 0x0e2c  RasSstp - ok
08:10:27.0886 0x0e2c  [ 71B6F78D6444CCE6F77BC42917A4E8F7, 34927A2C1CA349D251A327ED1F30018B065A8E6B886D9B5080A8AE2F6A8C0914 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:10:27.0890 0x0e2c  rdbss - ok
08:10:27.0892 0x0e2c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\WINDOWS\system32\DRIVERS\rdpbus.sys
08:10:27.0893 0x0e2c  rdpbus - ok
08:10:27.0896 0x0e2c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:10:27.0896 0x0e2c  RDPCDD - ok
08:10:27.0902 0x0e2c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
08:10:27.0904 0x0e2c  RDPDR - ok
08:10:27.0906 0x0e2c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\WINDOWS\system32\drivers\rdpencdd.sys
08:10:27.0907 0x0e2c  RDPENCDD - ok
08:10:27.0910 0x0e2c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\WINDOWS\system32\drivers\rdprefmp.sys
08:10:27.0911 0x0e2c  RDPREFMP - ok
08:10:27.0915 0x0e2c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
08:10:27.0916 0x0e2c  RdpVideoMiniport - ok
08:10:27.0921 0x0e2c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:10:27.0924 0x0e2c  RDPWD - ok
08:10:27.0929 0x0e2c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
08:10:27.0932 0x0e2c  rdyboost - ok
08:10:27.0936 0x0e2c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:10:27.0938 0x0e2c  RemoteAccess - ok
08:10:27.0943 0x0e2c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:10:27.0946 0x0e2c  RemoteRegistry - ok
08:10:27.0951 0x0e2c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:10:27.0953 0x0e2c  RFCOMM - ok
08:10:27.0957 0x0e2c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
08:10:27.0959 0x0e2c  RpcEptMapper - ok
08:10:27.0961 0x0e2c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:10:27.0962 0x0e2c  RpcLocator - ok
08:10:27.0972 0x0e2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:10:27.0979 0x0e2c  RpcSs - ok
08:10:27.0983 0x0e2c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
08:10:27.0985 0x0e2c  rspndr - ok
08:10:27.0990 0x0e2c  [ DDF3EFB4AD226C61D0ADA6E779E3D968, 5B14B35321F10D974B9F47D60C9DAA527A2C907029C242A6F4214E6012A046DA ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
08:10:27.0994 0x0e2c  RtkAudioService - ok
08:10:27.0996 0x0e2c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\WINDOWS\system32\drivers\vms3cap.sys
08:10:27.0997 0x0e2c  s3cap - ok
08:10:28.0001 0x0e2c  [ 8607A857198C2862D620EB0BC966204E, 11DB8F12C4EDD3B3015C0AAC1108494FDDD6EDF812FB51CDEE477C534C3E5207 ] SAKFile         C:\WINDOWS\system32\drivers\sakfile.sys
08:10:28.0003 0x0e2c  SAKFile - ok
08:10:28.0005 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\WINDOWS\system32\lsass.exe
08:10:28.0007 0x0e2c  SamSs - ok
08:10:28.0010 0x0e2c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
08:10:28.0012 0x0e2c  sbp2port - ok
08:10:28.0017 0x0e2c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
08:10:28.0021 0x0e2c  SCardSvr - ok
08:10:28.0024 0x0e2c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
08:10:28.0025 0x0e2c  scfilter - ok
08:10:28.0043 0x0e2c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:10:28.0057 0x0e2c  Schedule - ok
08:10:28.0062 0x0e2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
08:10:28.0063 0x0e2c  SCPolicySvc - ok
08:10:28.0068 0x0e2c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
08:10:28.0071 0x0e2c  SDRSVC - ok
08:10:28.0103 0x0e2c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
08:10:28.0132 0x0e2c  SDScannerService - ok
08:10:28.0195 0x0e2c  [ 94653C9CFDC15B30EEECD94BA7219654, 59F54AC9BC79C1BFBEA84992181C58AF434A3DDDF473C9BE942D3462875A8375 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:10:28.0243 0x0e2c  SDUpdateService - ok
08:10:28.0252 0x0e2c  [ A7C46DA2D7C25DAA810E1DE4B14D1478, 4A995EFBBB7B192CC25B24286D4864160692F4D16EA13E7138D17272B495ED6B ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:10:28.0255 0x0e2c  SDWSCService - ok
08:10:28.0257 0x0e2c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
08:10:28.0258 0x0e2c  secdrv - ok
08:10:28.0261 0x0e2c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\WINDOWS\system32\seclogon.dll
08:10:28.0263 0x0e2c  seclogon - ok
08:10:28.0266 0x0e2c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\WINDOWS\System32\sens.dll
08:10:28.0268 0x0e2c  SENS - ok
08:10:28.0271 0x0e2c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
08:10:28.0273 0x0e2c  SensrSvc - ok
08:10:28.0278 0x0e2c  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\WINDOWS\System32\Drivers\Sentinel64.sys
08:10:28.0280 0x0e2c  Sentinel64 - ok
08:10:28.0282 0x0e2c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
08:10:28.0283 0x0e2c  Serenum - ok
08:10:28.0287 0x0e2c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
08:10:28.0289 0x0e2c  Serial - ok
08:10:28.0291 0x0e2c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\WINDOWS\system32\drivers\sermouse.sys
08:10:28.0292 0x0e2c  sermouse - ok
08:10:28.0299 0x0e2c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
08:10:28.0301 0x0e2c  SessionEnv - ok
08:10:28.0304 0x0e2c  [ 18A4EB256E35A6DD233C4D005835879A, 1993C6DC6578862B6DD2F1F85EF1101D40993600FB7E02FD6C289806C0CD71B2 ] SetupARService  C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
08:10:28.0305 0x0e2c  SetupARService - ok
08:10:28.0307 0x0e2c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\WINDOWS\system32\drivers\sffdisk.sys
08:10:28.0308 0x0e2c  sffdisk - ok
08:10:28.0310 0x0e2c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\WINDOWS\system32\drivers\sffp_mmc.sys
08:10:28.0311 0x0e2c  sffp_mmc - ok
08:10:28.0314 0x0e2c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\WINDOWS\system32\drivers\sffp_sd.sys
08:10:28.0315 0x0e2c  sffp_sd - ok
08:10:28.0317 0x0e2c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\WINDOWS\system32\drivers\sfloppy.sys
08:10:28.0318 0x0e2c  sfloppy - ok
08:10:28.0326 0x0e2c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:10:28.0331 0x0e2c  SharedAccess - ok
08:10:28.0339 0x0e2c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:10:28.0345 0x0e2c  ShellHWDetection - ok
08:10:28.0348 0x0e2c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
08:10:28.0349 0x0e2c  SiSRaid2 - ok
08:10:28.0352 0x0e2c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
08:10:28.0354 0x0e2c  SiSRaid4 - ok
08:10:28.0362 0x0e2c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:10:28.0366 0x0e2c  SkypeUpdate - ok
08:10:28.0370 0x0e2c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\WINDOWS\system32\DRIVERS\smb.sys
08:10:28.0372 0x0e2c  Smb - ok
08:10:28.0374 0x0e2c  Smcinst - ok
08:10:28.0379 0x0e2c  smstsmgr - ok
08:10:28.0383 0x0e2c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
08:10:28.0385 0x0e2c  SNMPTRAP - ok
08:10:28.0387 0x0e2c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\WINDOWS\system32\drivers\spldr.sys
08:10:28.0388 0x0e2c  spldr - ok
08:10:28.0399 0x0e2c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
08:10:28.0406 0x0e2c  Spooler - ok
08:10:28.0468 0x0e2c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
08:10:28.0510 0x0e2c  sppsvc - ok
08:10:28.0516 0x0e2c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\WINDOWS\system32\sppuinotify.dll
08:10:28.0518 0x0e2c  sppuinotify - ok
08:10:28.0528 0x0e2c  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:10:28.0533 0x0e2c  srv - ok
08:10:28.0542 0x0e2c  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
08:10:28.0547 0x0e2c  srv2 - ok
08:10:28.0552 0x0e2c  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
08:10:28.0555 0x0e2c  srvnet - ok
08:10:28.0560 0x0e2c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:10:28.0564 0x0e2c  SSDPSRV - ok
08:10:28.0568 0x0e2c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
08:10:28.0570 0x0e2c  SstpSvc - ok
08:10:28.0573 0x0e2c  [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn        C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
08:10:28.0574 0x0e2c  stdcfltn - ok
08:10:28.0597 0x0e2c  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:10:28.0614 0x0e2c  Steam Client Service - ok
08:10:28.0618 0x0e2c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
08:10:28.0619 0x0e2c  stexstor - ok
08:10:28.0622 0x0e2c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
08:10:28.0623 0x0e2c  StillCam - ok
08:10:28.0634 0x0e2c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
08:10:28.0642 0x0e2c  stisvc - ok
08:10:28.0645 0x0e2c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
08:10:28.0647 0x0e2c  storflt - ok
08:10:28.0649 0x0e2c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
08:10:28.0651 0x0e2c  StorSvc - ok
08:10:28.0654 0x0e2c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
08:10:28.0655 0x0e2c  storvsc - ok
08:10:28.0658 0x0e2c  [ 4732444B7A815E8ECD66E9D1FC82DDC8, 6DC333BE9921683AA815CFB7FAC4F94C315F564D3A9D2E7F06E3D232A2450232 ] ST_Accel        C:\WINDOWS\system32\DRIVERS\ST_Accel.sys
08:10:28.0660 0x0e2c  ST_Accel - ok
08:10:28.0663 0x0e2c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:10:28.0664 0x0e2c  swenum - ok
08:10:28.0674 0x0e2c  [ DC4F7B0553A8D2103EBC33FB42AB9A23, 27EC66A568A5CDE8FE2697C191A358FA12FBC9B2F678EF5292E5ACF35C4CA658 ] swg3kmbb05      C:\WINDOWS\system32\DRIVERS\swg3kmbb05.sys
08:10:28.0680 0x0e2c  swg3kmbb05 - ok
08:10:28.0687 0x0e2c  [ A7AF79AFDE4F43D93A8D1501AF649D14, F90076ED5F7AF3676E8F22893B5B83EC584DFC6CDE4F7288318CBB7185FCAAC1 ] swg3knmea05     C:\WINDOWS\system32\DRIVERS\swg3knmea05.sys
08:10:28.0691 0x0e2c  swg3knmea05 - ok
08:10:28.0698 0x0e2c  [ 00D1D5368C44F16DD3D08D6C24B1AA4E, 88000C99281A70DDEA28EB2A572F927468498E720C54F933C7C960BAB325D4D6 ] swg3kser05      C:\WINDOWS\system32\DRIVERS\swg3kser05.sys
08:10:28.0702 0x0e2c  swg3kser05 - ok
08:10:28.0707 0x0e2c  [ 221C719871D1F7261002214D424CDC89, ED95E552B4E5667A6435F72D9947581E0D1A0E1A8CABEADE9F8B51CDB105497A ] swibus05        C:\WINDOWS\system32\DRIVERS\swibus05.sys
08:10:28.0708 0x0e2c  swibus05 - ok
08:10:28.0711 0x0e2c  [ 221C719871D1F7261002214D424CDC89, ED95E552B4E5667A6435F72D9947581E0D1A0E1A8CABEADE9F8B51CDB105497A ] swibusflt05     C:\WINDOWS\system32\DRIVERS\swibusflt05.sys
08:10:28.0713 0x0e2c  swibusflt05 - ok
08:10:28.0723 0x0e2c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\WINDOWS\System32\swprv.dll
08:10:28.0730 0x0e2c  swprv - ok
08:10:28.0759 0x0e2c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\WINDOWS\system32\sysmain.dll
08:10:28.0780 0x0e2c  SysMain - ok
08:10:28.0785 0x0e2c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
08:10:28.0788 0x0e2c  TabletInputService - ok
08:10:28.0795 0x0e2c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:10:28.0800 0x0e2c  TapiSrv - ok
08:10:28.0803 0x0e2c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\WINDOWS\System32\tbssvc.dll
08:10:28.0806 0x0e2c  TBS - ok
08:10:28.0835 0x0e2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
08:10:28.0857 0x0e2c  Tcpip - ok
08:10:28.0889 0x0e2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:10:28.0912 0x0e2c  TCPIP6 - ok
08:10:28.0918 0x0e2c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
08:10:28.0919 0x0e2c  tcpipreg - ok
08:10:28.0922 0x0e2c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\WINDOWS\system32\drivers\tdpipe.sys
08:10:28.0923 0x0e2c  TDPIPE - ok
08:10:28.0926 0x0e2c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\WINDOWS\system32\drivers\tdtcp.sys
08:10:28.0927 0x0e2c  TDTCP - ok
08:10:28.0931 0x0e2c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
08:10:28.0933 0x0e2c  tdx - ok
08:10:29.0015 0x0e2c  [ 49219B921E6FE4D6C002965AADAE5C60, 927B601C743481D74C15E42A6D85C03B62C387FCD68CCDA21FFD05AA23AD5255 ] TeamViewer8     C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe
08:10:29.0075 0x0e2c  TeamViewer8 - ok
08:10:29.0084 0x0e2c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:10:29.0085 0x0e2c  TermDD - ok
08:10:29.0088 0x0e2c  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\WINDOWS\system32\drivers\terminpt.sys
08:10:29.0089 0x0e2c  terminpt - ok
08:10:29.0102 0x0e2c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\WINDOWS\System32\termsrv.dll
08:10:29.0111 0x0e2c  TermService - ok
08:10:29.0114 0x0e2c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\WINDOWS\system32\themeservice.dll
08:10:29.0116 0x0e2c  Themes - ok
08:10:29.0120 0x0e2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
08:10:29.0122 0x0e2c  THREADORDER - ok
08:10:29.0126 0x0e2c  [ E5411738E1E4546A663E2847E10A4E59, 0063B7B6D7D498C9CF861F98D133F0937353F4B942B299D575E1E5F788CA3BA8 ] tmactmon        C:\WINDOWS\system32\DRIVERS\tmactmon.sys
08:10:29.0128 0x0e2c  tmactmon - ok
08:10:29.0139 0x0e2c  [ 8FA0612AE751EBD3E109B5DC9CA8DA0E, 38C98A03C4412CB8B4FC67E6D1C525EA2D855BB48A46B4C511E02D700C68C815 ] TMBMServer      C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
08:10:29.0147 0x0e2c  TMBMServer - ok
08:10:29.0169 0x0e2c  [ A4FB276F30C1A75C3DF4E0AC62191619, A0E69DC0BC25D192733AA6FD15852231BDAD2B911A507913296DF4738C0BE200 ] tmccsf          C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe
08:10:29.0179 0x0e2c  tmccsf - ok
08:10:29.0187 0x0e2c  [ 30947DDD4701940A5FC97C382BCBC752, 5A06D57FF27D5A4375110E855021A067E84C5705A6A4848949B917275E990503 ] tmcomm          C:\WINDOWS\system32\DRIVERS\tmcomm.sys
08:10:29.0191 0x0e2c  tmcomm - ok
08:10:29.0196 0x0e2c  [ C445009328AD59F242B39A39780DC3E1, 8548A55B15562472374BDE78F5306AF0CA31FC5043E2D340D0DBDD2F43D1CEFA ] TMEBC           C:\WINDOWS\system32\DRIVERS\TMEBC64.sys
08:10:29.0197 0x0e2c  TMEBC - ok
08:10:29.0201 0x0e2c  [ F21BD7A3E2002A88AB471BE42141C783, F18A07B06C5F3B3FECB17A93FA6BADAE01B53DE6D9304625765AA047D227FC23 ] tmeevw          C:\WINDOWS\system32\DRIVERS\tmeevw.sys
08:10:29.0203 0x0e2c  tmeevw - ok
08:10:29.0207 0x0e2c  [ C383B6EDAD2343C1582A04EDE56C2A46, 0A0DB20F1652654E1C1546DBBD1E3880D50E421E55669C8234AE194D84B01AC2 ] tmevtmgr        C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
08:10:29.0209 0x0e2c  tmevtmgr - ok
08:10:29.0217 0x0e2c  [ 76E731BC98B7690C2001AD55778CBE71, 336678E974B9EF1FBB4E1693CF2136668CF40C3F8E57D2685DF90006573885C5 ] TmFilter        C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
08:10:29.0222 0x0e2c  TmFilter - ok
08:10:29.0299 0x0e2c  [ E54E276B691AEA5E20C286D581DFBCFF, 4B9858C6F697AE1BE6AB39F9EC5A7070263158AD3AFC81795337F7D4AD2A0938 ] tmlisten        C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
08:10:29.0360 0x0e2c  tmlisten - ok
08:10:29.0370 0x0e2c  [ BB3645E967BF5E751C5F986D77BFF78D, 45253F8AFD5BA5A0E45492CBBCDBD98194E8BAA517C258A41E8296375AA4BA42 ] TmLwf           C:\WINDOWS\system32\DRIVERS\tmlwf.sys
08:10:29.0373 0x0e2c  TmLwf - ok
08:10:29.0382 0x0e2c  [ D8037AD74BD8E5C85514C78841DF72CA, 784AA2483746143B03FC62D3D8CEBA66262405FA607E373ACB6165510D3459B2 ] tmnciesc        C:\WINDOWS\system32\DRIVERS\tmnciesc.sys
08:10:29.0387 0x0e2c  tmnciesc - ok
08:10:29.0399 0x0e2c  [ 4549B784B831823D16AE76FFAB39D7E9, 655C996E5246636A6F8956B4C5A2E8A2705E22622CDD8C12E3363C8625FCDD0D ] TmPfw           C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
08:10:29.0406 0x0e2c  TmPfw - ok
08:10:29.0410 0x0e2c  [ 1A1AAAF1828123E649FEC0AB2661B6B5, 86570929469FA2422A59866218F8EDDD02538B4E1FED88EB94A9CFD495B946F4 ] TmPreFilter     C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
08:10:29.0411 0x0e2c  TmPreFilter - ok
08:10:29.0415 0x0e2c  [ 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB ] tmtdi           C:\WINDOWS\system32\DRIVERS\tmtdi.sys
08:10:29.0417 0x0e2c  tmtdi - ok
08:10:29.0422 0x0e2c  [ 4ECC895837839D986D0FDB03D7FDEF8A, 92E83BA161D7E4A087067973BE464082918EF324FC0F42E4E6C79AB360B2EE7E ] tmumh           C:\WINDOWS\system32\DRIVERS\TMUMH.sys
08:10:29.0424 0x0e2c  tmumh - ok
08:10:29.0428 0x0e2c  [ C1B391A5E25D0FDCA89F5725D7BDC19D, 1E7DA6E09249297B931A8533F815988BCD5BBE32E4C2C2AC28CEBD1FC82FB2D3 ] tmusa           C:\WINDOWS\system32\DRIVERS\tmusa.sys
08:10:29.0430 0x0e2c  tmusa - ok
08:10:29.0437 0x0e2c  [ B0789405BE246B4B2D5FFA64B15B1342, 0798E6196D2CCD8EE14167563FDAFB8471DB73FD34409E46181263CBD0562FAB ] tmWfp           C:\WINDOWS\system32\DRIVERS\tmwfp.sys
08:10:29.0441 0x0e2c  tmWfp - ok
08:10:29.0445 0x0e2c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
08:10:29.0448 0x0e2c  TrkWks - ok
08:10:29.0452 0x0e2c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
08:10:29.0455 0x0e2c  TrustedInstaller - ok
08:10:29.0459 0x0e2c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
08:10:29.0460 0x0e2c  tssecsrv - ok
08:10:29.0463 0x0e2c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
08:10:29.0464 0x0e2c  TsUsbFlt - ok
08:10:29.0467 0x0e2c  [ D34789988234DCC8FA55FA9A485AF0EC, 5C1A77EFA23261F5F9C971A12145CA6AC701723A94B6A8AE9BE95EEDD3C02919 ] TsUsbGD         C:\WINDOWS\system32\drivers\TsUsbGD.sys
08:10:29.0468 0x0e2c  TsUsbGD - ok
08:10:29.0473 0x0e2c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
08:10:29.0475 0x0e2c  tunnel - ok
08:10:29.0479 0x0e2c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
08:10:29.0481 0x0e2c  uagp35 - ok
08:10:29.0488 0x0e2c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
08:10:29.0493 0x0e2c  udfs - ok
08:10:29.0497 0x0e2c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
08:10:29.0499 0x0e2c  UI0Detect - ok
08:10:29.0502 0x0e2c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
08:10:29.0504 0x0e2c  uliagpkx - ok
08:10:29.0507 0x0e2c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\WINDOWS\system32\DRIVERS\umbus.sys
08:10:29.0508 0x0e2c  umbus - ok
08:10:29.0510 0x0e2c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\WINDOWS\system32\drivers\umpass.sys
08:10:29.0511 0x0e2c  UmPass - ok
08:10:29.0516 0x0e2c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
08:10:29.0520 0x0e2c  UmRdpService - ok
08:10:29.0528 0x0e2c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:10:29.0533 0x0e2c  upnphost - ok
08:10:29.0537 0x0e2c  [ C3912689DF0AE9FFD353112BE6EF5BCF, 5F3B94A2CCC7444B1A639E5630B9B8CF1A3932BFF5563311AF4DE9FA61A5556E ] urvpndrv        C:\WINDOWS\system32\DRIVERS\covpnv64.sys
08:10:29.0538 0x0e2c  urvpndrv - ok
08:10:29.0542 0x0e2c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
08:10:29.0544 0x0e2c  usbaudio - ok
08:10:29.0548 0x0e2c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:10:29.0550 0x0e2c  usbccgp - ok
08:10:29.0554 0x0e2c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\WINDOWS\system32\drivers\usbcir.sys
08:10:29.0556 0x0e2c  usbcir - ok
08:10:29.0559 0x0e2c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:10:29.0560 0x0e2c  usbehci - ok
08:10:29.0568 0x0e2c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:10:29.0572 0x0e2c  usbhub - ok
08:10:29.0575 0x0e2c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\WINDOWS\system32\drivers\usbohci.sys
08:10:29.0576 0x0e2c  usbohci - ok
08:10:29.0579 0x0e2c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:10:29.0580 0x0e2c  usbprint - ok
08:10:29.0584 0x0e2c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:10:29.0585 0x0e2c  USBSTOR - ok
08:10:29.0588 0x0e2c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\WINDOWS\system32\drivers\usbuhci.sys
08:10:29.0589 0x0e2c  usbuhci - ok
08:10:29.0595 0x0e2c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
08:10:29.0597 0x0e2c  usbvideo - ok
08:10:29.0600 0x0e2c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:10:29.0601 0x0e2c  usb_rndisx - ok
08:10:29.0604 0x0e2c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\WINDOWS\System32\uxsms.dll
08:10:29.0606 0x0e2c  UxSms - ok
08:10:29.0609 0x0e2c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\WINDOWS\system32\lsass.exe
08:10:29.0611 0x0e2c  VaultSvc - ok
08:10:29.0615 0x0e2c  [ E1915B4B40F5F36E2FC9E8EBD2696B14, 78F938C39455584404A729AE4ECA3B93362A388E12A1AF90D374A47BFE4E19C4 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys
08:10:29.0617 0x0e2c  VBoxNetAdp - ok
08:10:29.0620 0x0e2c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
08:10:29.0621 0x0e2c  vdrvroot - ok
08:10:29.0631 0x0e2c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\WINDOWS\System32\vds.exe
08:10:29.0639 0x0e2c  vds - ok
08:10:29.0642 0x0e2c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\WINDOWS\system32\DRIVERS\vgapnp.sys
08:10:29.0643 0x0e2c  vga - ok
08:10:29.0645 0x0e2c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:10:29.0647 0x0e2c  VgaSave - ok
08:10:29.0652 0x0e2c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\WINDOWS\system32\drivers\vhdmp.sys
08:10:29.0655 0x0e2c  vhdmp - ok
08:10:29.0657 0x0e2c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
08:10:29.0658 0x0e2c  viaide - ok
08:10:29.0663 0x0e2c  [ BD00A8CFB76E6BB0E89DB191E3712528, 870664951D908772454E30042E2CD464722DF7331AFAC016B0884EC375FEA5C3 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
08:10:29.0665 0x0e2c  VMAuthdService - ok
08:10:29.0671 0x0e2c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
08:10:29.0674 0x0e2c  vmbus - ok
08:10:29.0676 0x0e2c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\WINDOWS\system32\drivers\VMBusHID.sys
08:10:29.0677 0x0e2c  VMBusHID - ok
08:10:29.0681 0x0e2c  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\WINDOWS\system32\DRIVERS\vmci.sys
08:10:29.0683 0x0e2c  vmci - ok
08:10:29.0686 0x0e2c  [ C0E61F8A36ADFB7C953BA3AA73B2F13A, 54F8A798DD933C32ADEFD08EF61F64A87F9C81A9E9B6FE95173020FD8F4B839D ] vmkbd           C:\WINDOWS\system32\drivers\VMkbd.sys
08:10:29.0687 0x0e2c  vmkbd - ok
08:10:29.0690 0x0e2c  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
08:10:29.0691 0x0e2c  VMnetAdapter - ok
08:10:29.0694 0x0e2c  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
08:10:29.0695 0x0e2c  VMnetBridge - ok
08:10:29.0714 0x0e2c  [ 338CD01BD29805A93902B9237A39CAC5, AB667D0BD54FFCAA997F97755CE576E47D361EEA21E45B95DEA1E912693B4CE2 ] VMnetDHCP       C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
08:10:29.0719 0x0e2c  VMnetDHCP - ok
08:10:29.0723 0x0e2c  [ 76C4CFAC694A581EA5C8DE89B6AEBD4B, B6D19529223BD20AA2A17D93A8F0D2D32369FDE4E8535F6D1191B065B0755EE4 ] VMnetuserif     C:\WINDOWS\system32\drivers\vmnetuserif.sys
08:10:29.0724 0x0e2c  VMnetuserif - ok
08:10:29.0727 0x0e2c  [ 10E2D1F255E7BC086F643D9A34DA1E5B, 29EC2A16F38C1EB10F6C141DE24B28C91C55ED39FFF66F40F9C13F43D3D15E51 ] VMparport       C:\WINDOWS\system32\drivers\VMparport.sys
08:10:29.0728 0x0e2c  VMparport - ok
08:10:29.0731 0x0e2c  [ 5C33E873349CF67272A8B342AC963A6E, 9CB419F422C88C0055440E1AF94716C537E9D9CD34DF6F2AE81C3D2CDDD1FD31 ] vmusb           C:\WINDOWS\system32\DRIVERS\vmusb.sys
08:10:29.0732 0x0e2c  vmusb - ok
08:10:29.0748 0x0e2c  [ 9D88591D3B97D30234F5B965B8E0ABD6, 42ECDD6D789645242E4640F10C1FB91BF0C2B37CDE3CF864B8175EE3E05DB2DB ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
08:10:29.0759 0x0e2c  VMUSBArbService - ok
08:10:29.0770 0x0e2c  [ 2B2BB1F8BFEBE6B847FDB32F89EA2A3E, 743EBF3EF12067A77454B04559E266EFB306A454AF765A0821193C646A952F2E ] VMware NAT Service C:\WINDOWS\SYSWOW64\VMNAT.EXE
08:10:29.0776 0x0e2c  VMware NAT Service - ok
08:10:29.0780 0x0e2c  [ F6B89D7078138FE6E9C00CF311FFE517, 701A33BB32A0289B2878268A27A5F4D36167C126601D51DC6EEE1C109E990868 ] vmx86           C:\WINDOWS\system32\drivers\vmx86.sys
08:10:29.0782 0x0e2c  vmx86 - ok
08:10:29.0785 0x0e2c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
08:10:29.0787 0x0e2c  volmgr - ok
08:10:29.0795 0x0e2c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
08:10:29.0799 0x0e2c  volmgrx - ok
08:10:29.0806 0x0e2c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
08:10:29.0810 0x0e2c  volsnap - ok
08:10:29.0822 0x0e2c  [ 4D8FC912E146DE0115392381C7114588, 4162DCE8578D460E87D3419EA266111BBA716CB8B40F21B889A0587DF0D58978 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
08:10:29.0829 0x0e2c  vpnagent - ok
08:10:29.0832 0x0e2c  [ A8D4FED106B4BD337DF3DA20BA44E18E, 066F58895F9FF71E72852DB982C3CD2F7E92092411686CE972449B0123A04B1E ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva64.sys
08:10:29.0834 0x0e2c  vpnva - ok
08:10:29.0873 0x0e2c  [ B75FBCA62BF78ACCFE73B29B6BC21717, D8D6F0C702B30D52DF9E37244CCD989A306076EE89C6665F475FD9FAECA1C166 ] VSApiNt         C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
08:10:29.0903 0x0e2c  VSApiNt - ok
08:10:29.0910 0x0e2c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
08:10:29.0913 0x0e2c  vsmraid - ok
08:10:29.0916 0x0e2c  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\WINDOWS\system32\drivers\vsock.sys
08:10:29.0918 0x0e2c  vsock - ok
08:10:29.0944 0x0e2c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\WINDOWS\system32\vssvc.exe
08:10:29.0964 0x0e2c  VSS - ok
08:10:29.0968 0x0e2c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\WINDOWS\system32\DRIVERS\vwifibus.sys
08:10:29.0970 0x0e2c  vwifibus - ok
08:10:29.0974 0x0e2c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
08:10:29.0976 0x0e2c  vwififlt - ok
08:10:29.0980 0x0e2c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
08:10:29.0981 0x0e2c  vwifimp - ok
08:10:29.0989 0x0e2c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\WINDOWS\system32\w32time.dll
08:10:29.0995 0x0e2c  W32Time - ok
08:10:29.0999 0x0e2c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\WINDOWS\system32\drivers\wacompen.sys
08:10:30.0000 0x0e2c  WacomPen - ok
08:10:30.0004 0x0e2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:10:30.0006 0x0e2c  WANARP - ok
08:10:30.0009 0x0e2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:10:30.0011 0x0e2c  Wanarpv6 - ok
08:10:30.0036 0x0e2c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\WINDOWS\system32\wbengine.exe
08:10:30.0055 0x0e2c  wbengine - ok
08:10:30.0062 0x0e2c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
08:10:30.0066 0x0e2c  WbioSrvc - ok
08:10:30.0074 0x0e2c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
08:10:30.0080 0x0e2c  wcncsvc - ok
08:10:30.0084 0x0e2c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
08:10:30.0086 0x0e2c  WcsPlugInService - ok
08:10:30.0088 0x0e2c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\WINDOWS\system32\drivers\wd.sys
08:10:30.0089 0x0e2c  Wd - ok
08:10:30.0103 0x0e2c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
08:10:30.0113 0x0e2c  Wdf01000 - ok
08:10:30.0117 0x0e2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
08:10:30.0120 0x0e2c  WdiServiceHost - ok
08:10:30.0123 0x0e2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
08:10:30.0125 0x0e2c  WdiSystemHost - ok
08:10:30.0132 0x0e2c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:10:30.0136 0x0e2c  WebClient - ok
08:10:30.0143 0x0e2c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
08:10:30.0147 0x0e2c  Wecsvc - ok
08:10:30.0151 0x0e2c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
08:10:30.0153 0x0e2c  wercplsupport - ok
08:10:30.0157 0x0e2c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
08:10:30.0159 0x0e2c  WerSvc - ok
08:10:30.0163 0x0e2c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf

zoror · 02.03.2017, 08:30

TDSSKiller-Teil 2:

Code:

ATTFilter

C:\WINDOWS\system32\DRIVERS\wfplwf.sys
08:10:30.0164 0x0e2c  WfpLwf - ok
08:10:30.0166 0x0e2c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
08:10:30.0167 0x0e2c  WIMMount - ok
08:10:30.0169 0x0e2c  WinDefend - ok
08:10:30.0173 0x0e2c  WinHttpAutoProxySvc - ok
08:10:30.0181 0x0e2c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:10:30.0185 0x0e2c  Winmgmt - ok
08:10:30.0217 0x0e2c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:10:30.0241 0x0e2c  WinRM - ok
08:10:30.0249 0x0e2c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:10:30.0251 0x0e2c  WinUsb - ok
08:10:30.0266 0x0e2c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\WINDOWS\System32\wlansvc.dll
08:10:30.0278 0x0e2c  Wlansvc - ok
08:10:30.0281 0x0e2c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:10:30.0282 0x0e2c  WmiAcpi - ok
08:10:30.0289 0x0e2c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
08:10:30.0292 0x0e2c  wmiApSrv - ok
08:10:30.0294 0x0e2c  WMPNetworkSvc - ok
08:10:30.0297 0x0e2c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
08:10:30.0299 0x0e2c  WPCSvc - ok
08:10:30.0303 0x0e2c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
08:10:30.0306 0x0e2c  WPDBusEnum - ok
08:10:30.0308 0x0e2c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:10:30.0309 0x0e2c  ws2ifsl - ok
08:10:30.0313 0x0e2c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
08:10:30.0316 0x0e2c  wscsvc - ok
08:10:30.0318 0x0e2c  WSearch - ok
08:10:30.0359 0x0e2c  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
08:10:30.0390 0x0e2c  wuauserv - ok
08:10:30.0397 0x0e2c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
08:10:30.0398 0x0e2c  WudfPf - ok
08:10:30.0404 0x0e2c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
08:10:30.0407 0x0e2c  WUDFRd - ok
08:10:30.0411 0x0e2c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
08:10:30.0414 0x0e2c  wudfsvc - ok
08:10:30.0420 0x0e2c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
08:10:30.0424 0x0e2c  WwanSvc - ok
08:10:30.0437 0x0e2c  ================ Scan global ===============================
08:10:30.0440 0x0e2c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\WINDOWS\system32\basesrv.dll
08:10:30.0446 0x0e2c  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\WINDOWS\system32\winsrv.dll
08:10:30.0454 0x0e2c  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\WINDOWS\system32\winsrv.dll
08:10:30.0460 0x0e2c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\WINDOWS\system32\sxssrv.dll
08:10:30.0468 0x0e2c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\WINDOWS\system32\services.exe
08:10:30.0473 0x0e2c  [ Global ] - ok
08:10:30.0473 0x0e2c  ================ Scan MBR ==================================
08:10:30.0474 0x0e2c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:10:30.0524 0x0e2c  \Device\Harddisk0\DR0 - ok
08:10:30.0524 0x0e2c  ================ Scan VBR ==================================
08:10:30.0525 0x0e2c  [ 925B26D038614BDE3247E74F18DD5ED2 ] \Device\Harddisk0\DR0\Partition1
08:10:30.0526 0x0e2c  \Device\Harddisk0\DR0\Partition1 - ok
08:10:30.0527 0x0e2c  [ B367C5CF920D792D0BEC8D4B3B144D10 ] \Device\Harddisk0\DR0\Partition2
08:10:30.0528 0x0e2c  \Device\Harddisk0\DR0\Partition2 - ok
08:10:30.0528 0x0e2c  ================ Scan generic autorun ======================
08:10:30.0532 0x0e2c  [ 45188A07E5DDEAF071D52D75B79679DF, 26337D5C6C99FD45EB1A0E93D4DB680E269B7DB623D385BAAB20C64B06CA5FAC ] C:\WINDOWS\system32\igfxtray.exe
08:10:30.0534 0x0e2c  IgfxTray - ok
08:10:30.0543 0x0e2c  [ D52E4A9D072D48C55E7669AF5407FD5C, B15DC85F608B642C43C56D8D531F8335F5266BC8449B49450C679C8E2FF1F394 ] C:\WINDOWS\system32\hkcmd.exe
08:10:30.0548 0x0e2c  HotKeysCmds - ok
08:10:30.0557 0x0e2c  [ 984AC44377C24665F48CE29149F605AF, 71760C7539C7FE901520F6A9DA4C32192E1F94F698DB5EE1FBC0BDB2D9DF0309 ] C:\WINDOWS\system32\igfxpers.exe
08:10:30.0562 0x0e2c  Persistence - ok
08:10:30.0575 0x0e2c  [ 49250EC8E64916CF40A78AC6CD916F40, C29B6999D6D98A884FD11C354CD89074A037807B17753CDAC4F218AF070DC40F ] C:\Program Files\DellTPad\Apoint.exe
08:10:30.0583 0x0e2c  Apoint - ok
08:10:30.0585 0x0e2c  BTMTrayAgent - ok
08:10:30.0694 0x0e2c  [ 5BAD798CBAB39F3A56A9CD495320F67E, 668FB3F30DD99CBF9EBDDF4C079636DFD2C7693B3506AC8A6DD1B3CA4B5BAF11 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
08:10:30.0773 0x0e2c  RtHDVCpl - ok
08:10:30.0798 0x0e2c  [ C9C552CE10985B889DC476F6C015F85D, 901A7BFC84A7C42DF0B9CBFB49F39A95DDC62BAC9E08777DA53AB2B1550AAA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
08:10:30.0813 0x0e2c  RtHDVBg - ok
08:10:30.0835 0x0e2c  [ C9C552CE10985B889DC476F6C015F85D, 901A7BFC84A7C42DF0B9CBFB49F39A95DDC62BAC9E08777DA53AB2B1550AAA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
08:10:30.0850 0x0e2c  RtHDVBg_PushButton - ok
08:10:30.0893 0x0e2c  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
08:10:30.0924 0x0e2c  Malwarebytes TrayApp - ok
08:10:30.0930 0x0e2c  [ B2C71C77CB6CF0B032665D66E74A7D35, A56B49003EC087652321B9F0142228C1B687D14F06E62A7CC0509154722CF8BF ] C:\Program Files (x86)\Iron Mountain\Connected BackupPC\LaunchAgent.vbs
08:10:30.0932 0x0e2c  AgentUiRunKey - ok
08:10:30.0950 0x0e2c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:10:30.0980 0x0e2c  Sidebar - ok
08:10:30.0984 0x0e2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:10:30.0986 0x0e2c  mctadmin - ok
08:10:31.0005 0x0e2c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:10:31.0018 0x0e2c  Sidebar - ok
08:10:31.0022 0x0e2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:10:31.0024 0x0e2c  mctadmin - ok
08:10:31.0027 0x0e2c  Waiting for KSN requests completion. In queue: 188
08:10:32.0047 0x0e2c  AV detected via SS2: Trend Micro OfficeScan Antivirus, C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe ( 12.0.0.6085 ), 0x41000 ( enabled : updated )
08:10:32.0049 0x0e2c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
08:10:32.0049 0x0e2c  FW detected via SS2: Trend Micro Personal Firewall,  (  ), 0x41010 ( enabled )
08:10:32.0217 0x0e2c  ============================================================
08:10:32.0217 0x0e2c  Scan finished
08:10:32.0217 0x0e2c  ============================================================
08:10:32.0222 0x2054  Detected object count: 0
08:10:32.0222 0x2054  Actual detected object count: 0
08:10:51.0064 0x078c  ============================================================
08:10:51.0064 0x078c  Scan started
08:10:51.0064 0x078c  Mode: Manual; SigCheck; TDLFS; 
08:10:51.0064 0x078c  ============================================================
08:10:51.0064 0x078c  KSN ping started
08:10:51.0211 0x078c  KSN ping finished: true
08:10:51.0493 0x078c  ================ Scan system memory ========================
08:10:51.0493 0x078c  System memory - ok
08:10:51.0493 0x078c  ================ Scan services =============================
08:10:51.0520 0x078c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\WINDOWS\system32\drivers\1394ohci.sys
08:10:51.0622 0x078c  1394ohci - ok
08:10:51.0632 0x078c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
08:10:51.0652 0x078c  ACPI - ok
08:10:51.0655 0x078c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\WINDOWS\system32\drivers\acpipmi.sys
08:10:51.0675 0x078c  AcpiPmi - ok
08:10:51.0679 0x078c  [ 5AE65DCD983077278A6173C2872BCA99, 81C4DE30A3C20338761D04121773C7B4BB88F8A0AF82F55B8EBF3C84194AD9B6 ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
08:10:51.0700 0x078c  acsock - ok
08:10:51.0704 0x078c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:10:51.0719 0x078c  AdobeARMservice - ok
08:10:51.0735 0x078c  [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:10:51.0757 0x078c  AdobeFlashPlayerUpdateSvc - ok
08:10:51.0767 0x078c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
08:10:51.0789 0x078c  adp94xx - ok
08:10:51.0797 0x078c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
08:10:51.0818 0x078c  adpahci - ok
08:10:51.0823 0x078c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
08:10:51.0841 0x078c  adpu320 - ok
08:10:51.0845 0x078c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
08:10:51.0877 0x078c  AeLookupSvc - ok
08:10:51.0887 0x078c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
08:10:51.0912 0x078c  AFD - ok
08:10:52.0019 0x078c  [ 8CBF62DB3F78A97567F12A43ADA9C8B4, 21386C9641538ACBDFE7A7D2AC4C58F9B9B98E28DC3A5EDB6870E7B3B4373351 ] AgentService    C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
08:10:52.0135 0x078c  AgentService - ok
08:10:52.0148 0x078c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
08:10:52.0166 0x078c  agp440 - ok
08:10:52.0170 0x078c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\WINDOWS\System32\alg.exe
08:10:52.0192 0x078c  ALG - ok
08:10:52.0194 0x078c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\WINDOWS\system32\drivers\aliide.sys
08:10:52.0211 0x078c  aliide - ok
08:10:52.0217 0x078c  [ 652F9EBA0766207CB0B9477E25B5B08F, ABCA8DCD3CF4D3068CAA680C0AAC107848AA81805E42C90A39279E319E562F5E ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
08:10:52.0240 0x078c  AMD External Events Utility - ok
08:10:52.0243 0x078c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\WINDOWS\system32\drivers\amdide.sys
08:10:52.0258 0x078c  amdide - ok
08:10:52.0262 0x078c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\WINDOWS\system32\drivers\amdk8.sys
08:10:52.0281 0x078c  AmdK8 - ok
08:10:52.0446 0x078c  [ 285118981EA17669264A5E4B0190AA9A, A077B4FF5BED35BF5045239188BD26288116FD750C6781BE59A1736822FC8AC4 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
08:10:52.0631 0x078c  amdkmdag - ok
08:10:52.0656 0x078c  [ D6A60E1F6B4B02F2E6107B5A169D9F54, A20A2F539F11B794A2025244A9B9B9428C2489E3C0F910503478A530D4F4E309 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
08:10:52.0684 0x078c  amdkmdap - ok
08:10:52.0688 0x078c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\WINDOWS\system32\drivers\amdppm.sys
08:10:52.0708 0x078c  AmdPPM - ok
08:10:52.0712 0x078c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
08:10:52.0729 0x078c  amdsata - ok
08:10:52.0735 0x078c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
08:10:52.0753 0x078c  amdsbs - ok
08:10:52.0756 0x078c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
08:10:52.0772 0x078c  amdxata - ok
08:10:52.0782 0x078c  [ 8F67421782B5D818247AA559718D664B, 1394FC821EDF9AB9A9738678A156B0C31E0B383BE2043EF677B7B1F0C99CC167 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:10:52.0805 0x078c  ApfiltrService - ok
08:10:52.0809 0x078c  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
08:10:52.0830 0x078c  AppID - ok
08:10:52.0833 0x078c  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
08:10:52.0853 0x078c  AppIDSvc - ok
08:10:52.0857 0x078c  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\WINDOWS\System32\appinfo.dll
08:10:52.0877 0x078c  Appinfo - ok
08:10:52.0883 0x078c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:10:52.0904 0x078c  AppMgmt - ok
08:10:52.0908 0x078c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\WINDOWS\system32\drivers\arc.sys
08:10:52.0924 0x078c  arc - ok
08:10:52.0928 0x078c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
08:10:52.0945 0x078c  arcsas - ok
08:10:52.0953 0x078c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:10:52.0970 0x078c  aspnet_state - ok
08:10:52.0972 0x078c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:10:53.0004 0x078c  AsyncMac - ok
08:10:53.0006 0x078c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
08:10:53.0022 0x078c  atapi - ok
08:10:53.0035 0x078c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\WINDOWS\System32\Audiosrv.dll
08:10:53.0064 0x078c  AudioEndpointBuilder - ok
08:10:53.0076 0x078c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\WINDOWS\System32\Audiosrv.dll
08:10:53.0104 0x078c  AudioSrv - ok
08:10:53.0108 0x078c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
08:10:53.0129 0x078c  AxInstSV - ok
08:10:53.0139 0x078c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
08:10:53.0162 0x078c  b06bdrv - ok
08:10:53.0169 0x078c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\WINDOWS\system32\DRIVERS\b57nd60a.sys
08:10:53.0190 0x078c  b57nd60a - ok
08:10:53.0195 0x078c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
08:10:53.0213 0x078c  BDESVC - ok
08:10:53.0215 0x078c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:10:53.0245 0x078c  Beep - ok
08:10:53.0257 0x078c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\WINDOWS\System32\bfe.dll
08:10:53.0284 0x078c  BFE - ok
08:10:53.0300 0x078c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\WINDOWS\System32\qmgr.dll
08:10:53.0344 0x078c  BITS - ok
08:10:53.0347 0x078c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\WINDOWS\system32\DRIVERS\blbdrive.sys
08:10:53.0366 0x078c  blbdrive - ok
08:10:53.0386 0x078c  [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
08:10:53.0417 0x078c  Bluetooth Device Monitor - ok
08:10:53.0445 0x078c  [ F6234C4C494D411DEE452483C866EFC8, 9F12A93D9DDF2D436900447B64855549866B8E895128B1A9BE9717ED77F722F7 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
08:10:53.0485 0x078c  Bluetooth Media Service - ok
08:10:53.0511 0x078c  [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
08:10:53.0542 0x078c  Bluetooth OBEX Service - ok
08:10:53.0547 0x078c  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
08:10:53.0568 0x078c  bowser - ok
08:10:53.0571 0x078c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\WINDOWS\system32\drivers\BrFiltLo.sys
08:10:53.0592 0x078c  BrFiltLo - ok
08:10:53.0595 0x078c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\WINDOWS\system32\drivers\BrFiltUp.sys
08:10:53.0615 0x078c  BrFiltUp - ok
08:10:53.0619 0x078c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\WINDOWS\System32\browser.dll
08:10:53.0640 0x078c  Browser - ok
08:10:53.0646 0x078c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\WINDOWS\System32\Drivers\Brserid.sys
08:10:53.0670 0x078c  Brserid - ok
08:10:53.0673 0x078c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\WINDOWS\System32\Drivers\BrSerWdm.sys
08:10:53.0695 0x078c  BrSerWdm - ok
08:10:53.0698 0x078c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
08:10:53.0719 0x078c  BrUsbMdm - ok
08:10:53.0721 0x078c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\WINDOWS\System32\Drivers\BrUsbSer.sys
08:10:53.0740 0x078c  BrUsbSer - ok
08:10:53.0744 0x078c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:10:53.0763 0x078c  BthEnum - ok
08:10:53.0767 0x078c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:10:53.0788 0x078c  BTHMODEM - ok
08:10:53.0792 0x078c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:10:53.0815 0x078c  BthPan - ok
08:10:53.0825 0x078c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
08:10:53.0852 0x078c  BTHPORT - ok
08:10:53.0856 0x078c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\WINDOWS\system32\bthserv.dll
08:10:53.0889 0x078c  bthserv - ok
08:10:53.0892 0x078c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:10:53.0911 0x078c  BTHUSB - ok
08:10:53.0915 0x078c  [ 0D377E7AA849056D54638F380490A523, 9371AC68139A27DCD53AAFED243673C946AAA72C0BAE0C9AFFAD1D9CEF7A2D05 ] btmaudio        C:\WINDOWS\system32\drivers\btmaud.sys
08:10:53.0931 0x078c  btmaudio - ok
08:10:53.0935 0x078c  [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
08:10:53.0952 0x078c  btmaux - ok
08:10:53.0975 0x078c  [ C446E06887B7064B204E7778C4A4D192, DB3F26C76D0380FAB4F324D9E0E3DF790B294A1FB9B271004130E50E8F7E69F1 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
08:10:54.0010 0x078c  btmhsf - ok
08:10:54.0045 0x078c  [ 1B55CCCCDCE6D25FA03369C788AF3EC9, D04D5A425894D3E8C589DA00385F416F9E3A9C6ED3F247420E8E1936D96F3379 ] CcmExec         C:\WINDOWS\CCM\CcmExec.exe
08:10:54.0087 0x078c  CcmExec - ok
08:10:54.0094 0x078c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
08:10:54.0128 0x078c  cdfs - ok
08:10:54.0132 0x078c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:10:54.0153 0x078c  cdrom - ok
08:10:54.0156 0x078c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
08:10:54.0188 0x078c  CertPropSvc - ok
08:10:54.0192 0x078c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\WINDOWS\system32\drivers\circlass.sys
08:10:54.0213 0x078c  circlass - ok
08:10:54.0221 0x078c  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\WINDOWS\system32\CLFS.sys
08:10:54.0241 0x078c  CLFS - ok
08:10:54.0305 0x078c  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
08:10:54.0373 0x078c  ClickToRunSvc - ok
08:10:54.0381 0x078c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:10:54.0397 0x078c  clr_optimization_v2.0.50727_32 - ok
08:10:54.0402 0x078c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:10:54.0418 0x078c  clr_optimization_v2.0.50727_64 - ok
08:10:54.0424 0x078c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:10:54.0442 0x078c  clr_optimization_v4.0.30319_32 - ok
08:10:54.0445 0x078c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:10:54.0463 0x078c  clr_optimization_v4.0.30319_64 - ok
08:10:54.0466 0x078c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:10:54.0485 0x078c  CmBatt - ok
08:10:54.0487 0x078c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\WINDOWS\system32\drivers\cmdide.sys
08:10:54.0503 0x078c  cmdide - ok
08:10:54.0514 0x078c  [ 231F29AAFD9D67630A4EF137BD2B9580, A8A479D49CD830BD5E3FD4A7963EF715BC226D45E5C60423D3863085ABCA4BC4 ] CmRcService     C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
08:10:54.0538 0x078c  CmRcService - ok
08:10:54.0548 0x078c  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
08:10:54.0572 0x078c  CNG - ok
08:10:54.0576 0x078c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\WINDOWS\system32\drivers\compbatt.sys
08:10:54.0592 0x078c  Compbatt - ok
08:10:54.0594 0x078c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\WINDOWS\system32\DRIVERS\CompositeBus.sys
08:10:54.0615 0x078c  CompositeBus - ok
08:10:54.0617 0x078c  COMSysApp - ok
08:10:54.0633 0x078c  [ D9A15B9C213E7581AA434F11BA69DCEA, D4A5F601A619C424ADE66110DE87565970EC537A9E55472ED20D94AFC4E5BB0B ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
08:10:54.0652 0x078c  cphs - ok
08:10:54.0656 0x078c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\WINDOWS\system32\drivers\crcdisk.sys
08:10:54.0671 0x078c  crcdisk - ok
08:10:54.0677 0x078c  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
08:10:54.0700 0x078c  CryptSvc - ok
08:10:54.0710 0x078c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\WINDOWS\system32\drivers\csc.sys
08:10:54.0736 0x078c  CSC - ok
08:10:54.0749 0x078c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\WINDOWS\System32\cscsvc.dll
08:10:54.0777 0x078c  CscService - ok
08:10:54.0783 0x078c  [ 6C9CF7CB91048B306341346924CC2E08, C8D681EF93E89710FFEFD230D7710A874AED38DB8C578F56EA0D412878578FDC ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
08:10:54.0801 0x078c  ctxusbm - ok
08:10:54.0805 0x078c  [ D4D81C4A43F8FF9BCA56D594C3B145EE, 66584A367E721CC0E726629BB85AFFAC2149301315B582E226CF2F9E35A7DDF2 ] cvusbdrv        C:\WINDOWS\system32\Drivers\cvusbdrv.sys
08:10:54.0821 0x078c  cvusbdrv - ok
08:10:54.0826 0x078c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
08:10:54.0844 0x078c  dbupdate - ok
08:10:54.0848 0x078c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
08:10:54.0865 0x078c  dbupdatem - ok
08:10:54.0867 0x078c  dbx - ok
08:10:54.0870 0x078c  [ 5B7A202DECF962A6C9A2E759551BF05E, 6BA11F7728C0A13EA4B6EF478584AE0117BA5909346FF6FE20308674F34701D7 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
08:10:54.0887 0x078c  DbxSvc - ok
08:10:54.0897 0x078c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:10:54.0935 0x078c  DcomLaunch - ok
08:10:54.0942 0x078c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
08:10:54.0976 0x078c  defragsvc - ok
08:10:54.0980 0x078c  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\WINDOWS\system32\Drivers\dfsc.sys
08:10:55.0000 0x078c  DfsC - ok
08:10:55.0007 0x078c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
08:10:55.0030 0x078c  Dhcp - ok
08:10:55.0053 0x078c  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
08:10:55.0091 0x078c  DiagTrack - ok
08:10:55.0096 0x078c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\WINDOWS\system32\drivers\discache.sys
08:10:55.0128 0x078c  discache - ok
08:10:55.0131 0x078c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\WINDOWS\system32\drivers\disk.sys
08:10:55.0148 0x078c  Disk - ok
08:10:55.0152 0x078c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\WINDOWS\system32\drivers\dmvsc.sys
08:10:55.0172 0x078c  dmvsc - ok
08:10:55.0177 0x078c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:10:55.0198 0x078c  Dnscache - ok
08:10:55.0204 0x078c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:10:55.0237 0x078c  dot3svc - ok
08:10:55.0241 0x078c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\WINDOWS\system32\dps.dll
08:10:55.0273 0x078c  DPS - ok
08:10:55.0276 0x078c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:10:55.0293 0x078c  drmkaud - ok
08:10:55.0415 0x078c  [ 716B5149F7866AE6D421718ACFE3ED3E, 6A3DD1E02ABCDBA188115A2864241EB76F90048618BB010465FE2AEF49027878 ] DSASvc          C:\WINDOWS\system32\dgagent\DSAGENT.exe
08:10:55.0554 0x078c  DSASvc - ok
08:10:55.0580 0x078c  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
08:10:55.0609 0x078c  DXGKrnl - ok
08:10:55.0620 0x078c  [ C47C212490AE1C2AB4A34A40C39485B4, 1B739D8F5BA344F14C78B547ABE281EEE13916D976A7E97B39A9E779D198B9E3 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d62x64.sys
08:10:55.0642 0x078c  e1dexpress - ok
08:10:55.0648 0x078c  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\WINDOWS\system32\DRIVERS\E1G6032E.sys
08:10:55.0669 0x078c  E1G60 - ok
08:10:55.0673 0x078c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:10:55.0707 0x078c  EapHost - ok
08:10:55.0755 0x078c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
08:10:55.0820 0x078c  ebdrv - ok
08:10:55.0827 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\WINDOWS\System32\lsass.exe
08:10:55.0848 0x078c  EFS - ok
08:10:55.0859 0x078c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\WINDOWS\system32\drivers\elxstor.sys
08:10:55.0883 0x078c  elxstor - ok
08:10:55.0886 0x078c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\WINDOWS\system32\drivers\errdev.sys
08:10:55.0906 0x078c  ErrDev - ok
08:10:55.0910 0x078c  [ BE8117569CAA36E03683CC1BACEA1347, F4C55264838166EFC8A05ED1BA36F13B9BAD500CC17204D4C814050B8C18E107 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
08:10:55.0929 0x078c  ESProtectionDriver - ok
08:10:55.0939 0x078c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\WINDOWS\system32\es.dll
08:10:55.0976 0x078c  EventSystem - ok
08:10:55.0982 0x078c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
08:10:56.0015 0x078c  exfat - ok
08:10:56.0024 0x078c  [ E71180813FB5B34DBC2E367E991FB150, F06B0EF56328EF338604347642002951AC34CD0BDF2C9BA75A0C0880F3BE359E ] F5 Networks Component Installer C:\WINDOWS\SysWOW64\F5InstallerService.exe
08:10:56.0046 0x078c  F5 Networks Component Installer - ok
08:10:56.0050 0x078c  [ 424B57205692F603116370EB17CBFC98, 5A24A3701870022FECA1EAC0A845925830AA188862F0CC238B2D5C9515F57E98 ] f5ipfw          C:\WINDOWS\system32\drivers\urfltv64.sys
08:10:56.0066 0x078c  f5ipfw - ok
08:10:56.0072 0x078c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
08:10:56.0107 0x078c  fastfat - ok
08:10:56.0120 0x078c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:10:56.0149 0x078c  Fax - ok
08:10:56.0152 0x078c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\WINDOWS\system32\drivers\fdc.sys
08:10:56.0172 0x078c  fdc - ok
08:10:56.0175 0x078c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
08:10:56.0206 0x078c  fdPHost - ok
08:10:56.0208 0x078c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
08:10:56.0240 0x078c  FDResPub - ok
08:10:56.0243 0x078c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
08:10:56.0258 0x078c  FileInfo - ok
08:10:56.0261 0x078c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
08:10:56.0292 0x078c  Filetrace - ok
08:10:56.0295 0x078c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\WINDOWS\system32\drivers\flpydisk.sys
08:10:56.0314 0x078c  flpydisk - ok
08:10:56.0320 0x078c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:10:56.0339 0x078c  FltMgr - ok
08:10:56.0360 0x078c  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\WINDOWS\system32\FntCache.dll
08:10:56.0395 0x078c  FontCache - ok
08:10:56.0400 0x078c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:10:56.0414 0x078c  FontCache3.0.0.0 - ok
08:10:56.0417 0x078c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
08:10:56.0433 0x078c  FsDepends - ok
08:10:56.0435 0x078c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:10:56.0450 0x078c  Fs_Rec - ok
08:10:56.0456 0x078c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
08:10:56.0476 0x078c  fvevol - ok
08:10:56.0479 0x078c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
08:10:56.0495 0x078c  gagp30kx - ok
08:10:56.0510 0x078c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
08:10:56.0539 0x078c  gpsvc - ok
08:10:56.0544 0x078c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:10:56.0560 0x078c  gupdate - ok
08:10:56.0563 0x078c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:10:56.0579 0x078c  gupdatem - ok
08:10:56.0583 0x078c  [ 9932E254656DF50C514B8AE61EF12CCC, 502C06A9FE869CF65508155ABCD29640D5A0097FBF199DF0D61D9193D98C978B ] hcmon           C:\WINDOWS\system32\drivers\hcmon.sys
08:10:56.0598 0x078c  hcmon - ok
08:10:56.0601 0x078c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\WINDOWS\system32\drivers\hcw85cir.sys
08:10:56.0619 0x078c  hcw85cir - ok
08:10:56.0627 0x078c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
08:10:56.0652 0x078c  HdAudAddService - ok
08:10:56.0656 0x078c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:10:56.0678 0x078c  HDAudBus - ok
08:10:56.0681 0x078c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\WINDOWS\system32\drivers\HidBatt.sys
08:10:56.0699 0x078c  HidBatt - ok
08:10:56.0703 0x078c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\WINDOWS\system32\drivers\hidbth.sys
08:10:56.0724 0x078c  HidBth - ok
08:10:56.0727 0x078c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\WINDOWS\system32\drivers\hidir.sys
08:10:56.0748 0x078c  HidIr - ok
08:10:56.0751 0x078c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\WINDOWS\system32\hidserv.dll
08:10:56.0783 0x078c  hidserv - ok
08:10:56.0786 0x078c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:10:56.0805 0x078c  HidUsb - ok
08:10:56.0808 0x078c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
08:10:56.0842 0x078c  hkmsvc - ok
08:10:56.0847 0x078c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
08:10:56.0868 0x078c  HomeGroupListener - ok
08:10:56.0873 0x078c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
08:10:56.0893 0x078c  HomeGroupProvider - ok
08:10:56.0896 0x078c  [ 86724A200BF1F08A03FB563660FCD928, E2BDD30D7AFECB0F517BB02C788C93D506FB2B180DCA239BC4A1FEDB1E986EAD ] HP DS Service   C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
08:10:56.0902 0x078c  HP DS Service - detected UnsignedFile.Multi.Generic ( 1 )
08:10:56.0902 0x078c  Detect skipped due to KSN trusted
08:10:56.0902 0x078c  HP DS Service - ok
08:10:56.0907 0x078c  [ 9C42E435F629CD8512BECFA082762425, BC817D05E5B8BE05CAB05F075A2C0B3CCF39E6BBD924BD0040C698F4D4580677 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
08:10:56.0915 0x078c  HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )
08:10:56.0915 0x078c  Detect skipped due to KSN trusted
08:10:56.0915 0x078c  HP LaserJet Service - ok
08:10:56.0919 0x078c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
08:10:56.0934 0x078c  HpSAMD - ok
08:10:56.0947 0x078c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
08:10:56.0975 0x078c  HTTP - ok
08:10:56.0978 0x078c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
08:10:56.0993 0x078c  hwpolicy - ok
08:10:56.0996 0x078c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:10:57.0014 0x078c  i8042prt - ok
08:10:57.0026 0x078c  [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA         C:\WINDOWS\system32\DRIVERS\iaStorA.sys
08:10:57.0051 0x078c  iaStorA - ok
08:10:57.0054 0x078c  [ B9D5AE799CB622C144AE5399C55EF29B, 5C2858590436EEDDE029C5448AEC3ACBB1C0FCED23F305302BAF831C6EC1654A ] iaStorF         C:\WINDOWS\system32\DRIVERS\iaStorF.sys
08:10:57.0068 0x078c  iaStorF - ok
08:10:57.0076 0x078c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
08:10:57.0097 0x078c  iaStorV - ok
08:10:57.0102 0x078c  [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] ibtfltcoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
08:10:57.0120 0x078c  ibtfltcoex - ok
08:10:57.0124 0x078c  [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva         C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
08:10:57.0141 0x078c  iBtSiva - ok
08:10:57.0145 0x078c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:10:57.0153 0x078c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
08:10:57.0153 0x078c  Detect skipped due to KSN trusted
08:10:57.0153 0x078c  IDriverT - ok
08:10:57.0168 0x078c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:10:57.0194 0x078c  idsvc - ok
08:10:57.0197 0x078c  IEEtwCollectorService - ok
08:10:57.0261 0x078c  [ 13AD8E01E974926E09D053DB370F2E41, 2D2EC184D02742001B65B92B2A4E044AAAC64794D5C230257FD3C2BAD3AD4E87 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
08:10:57.0348 0x078c  igfx - ok
08:10:57.0356 0x078c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
08:10:57.0373 0x078c  iirsp - ok
08:10:57.0389 0x078c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
08:10:57.0421 0x078c  IKEEXT - ok
08:10:57.0490 0x078c  [ CCB47A176CC6D8B6A092695A0D929A95, F32BF742F9B385EE3175EEEAD057FFC49A41E9D994BB9EED192C36511D52F36D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTDVHD64.sys
08:10:57.0537 0x078c  IntcAzAudAddService - ok
08:10:57.0553 0x078c  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
08:10:57.0577 0x078c  IntcDAud - ok
08:10:57.0591 0x078c  [ 7C57484163A14A6635C00BAC8E860B73, 516A55BA7A16760375CA6A6CB1F79ABC66CA543924D7ADCA668CCD5319BA6E9E ] Intel(R) PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
08:10:57.0611 0x078c  Intel(R) PROSet Monitoring Service - ok
08:10:57.0613 0x078c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
08:10:57.0629 0x078c  intelide - ok
08:10:57.0632 0x078c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:10:57.0652 0x078c  intelppm - ok
08:10:57.0656 0x078c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\WINDOWS\system32\ipbusenum.dll
08:10:57.0689 0x078c  IPBusEnum - ok
08:10:57.0692 0x078c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:10:57.0725 0x078c  IpFilterDriver - ok
08:10:57.0735 0x078c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
08:10:57.0762 0x078c  iphlpsvc - ok
08:10:57.0766 0x078c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\WINDOWS\system32\drivers\IPMIDrv.sys
08:10:57.0786 0x078c  IPMIDRV - ok
08:10:57.0790 0x078c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
08:10:57.0823 0x078c  IPNAT - ok
08:10:57.0828 0x078c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
08:10:57.0849 0x078c  IRENUM - ok
08:10:57.0852 0x078c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
08:10:57.0868 0x078c  isapnp - ok
08:10:57.0874 0x078c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\WINDOWS\system32\drivers\msiscsi.sys
08:10:57.0894 0x078c  iScsiPrt - ok
08:10:57.0897 0x078c  [ A26955DC2350415849C05496D5563E5A, A9204F86EFDC9283252154229ECD7025FACA954980346C2205D4821EB7F3786D ] iusb3hcs        C:\WINDOWS\system32\DRIVERS\iusb3hcs.sys
08:10:57.0912 0x078c  iusb3hcs - ok
08:10:57.0919 0x078c  [ 67DE0E5CA733D0086326D242F74C72C0, 0356788C8F0AAE6E573419BF3906B003F8744E740E2D16DC587440B9F672D6EA ] iusb3hub        C:\WINDOWS\system32\DRIVERS\iusb3hub.sys
08:10:57.0938 0x078c  iusb3hub - ok
08:10:57.0953 0x078c  [ 91B6B48710A35E9F308BC97F29716427, C662FD78B02A8B5A312A95E25123CEA6BC7295E1A756ED828566A02BC7E80588 ] iusb3xhc        C:\WINDOWS\system32\DRIVERS\iusb3xhc.sys
08:10:57.0977 0x078c  iusb3xhc - ok
08:10:57.0981 0x078c  [ 8BAECD09CF6DABB25C0C1BD262E0F7F7, B16A0BB2882B65FA8339BADB847EBF4800DD0166FEBEB21A8BC79DA8F9058157 ] JabraDFU        C:\WINDOWS\system32\Drivers\JabraMobileCsrDfuX64.sys
08:10:57.0995 0x078c  JabraDFU - ok
08:10:57.0998 0x078c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:10:58.0014 0x078c  kbdclass - ok
08:10:58.0017 0x078c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:10:58.0036 0x078c  kbdhid - ok
08:10:58.0039 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\WINDOWS\system32\lsass.exe
08:10:58.0057 0x078c  KeyIso - ok
08:10:58.0061 0x078c  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
08:10:58.0078 0x078c  KSecDD - ok
08:10:58.0082 0x078c  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
08:10:58.0100 0x078c  KSecPkg - ok
08:10:58.0104 0x078c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
08:10:58.0134 0x078c  ksthunk - ok
08:10:58.0141 0x078c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
08:10:58.0177 0x078c  KtmRm - ok
08:10:58.0184 0x078c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
08:10:58.0219 0x078c  LanmanServer - ok
08:10:58.0223 0x078c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
08:10:58.0257 0x078c  LanmanWorkstation - ok
08:10:58.0261 0x078c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
08:10:58.0293 0x078c  lltdio - ok
08:10:58.0300 0x078c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
08:10:58.0337 0x078c  lltdsvc - ok
08:10:58.0339 0x078c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
08:10:58.0372 0x078c  lmhosts - ok
08:10:58.0379 0x078c  [ A4674B806C3CB217347470D5568EB21A, 5E8B032D26C2F35FB5F0F2DABC91D7B9671E2C8E73464E4DCB17A5F0731457F0 ] LNSUSvc         C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
08:10:58.0395 0x078c  LNSUSvc - ok
08:10:58.0459 0x078c  [ 032A8CA261133860761932695EF72031, 664ADB3CE59CCD3748E773B2EAD324FBD25D734629CFEDC018054D4A796CB3E2 ] Lotus Notes Diagnostics C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
08:10:58.0536 0x078c  Lotus Notes Diagnostics - ok
08:10:58.0546 0x078c  [ 551FC1CE339A6A7C655B6C99C07C1ABB, 26F86BB321FDEE7834B2BBF26D270BE9545E9424D450F6751D4231418FA1D813 ] lpasvc          C:\Program Files\Microsoft Policy Platform\policyHost.exe
08:10:58.0563 0x078c  lpasvc - ok
08:10:58.0565 0x078c  [ 551FC1CE339A6A7C655B6C99C07C1ABB, 26F86BB321FDEE7834B2BBF26D270BE9545E9424D450F6751D4231418FA1D813 ] lppsvc          C:\Program Files\Microsoft Policy Platform\policyHost.exe
08:10:58.0584 0x078c  lppsvc - ok
08:10:58.0589 0x078c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\WINDOWS\system32\drivers\lsi_fc.sys
08:10:58.0606 0x078c  LSI_FC - ok
08:10:58.0610 0x078c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
08:10:58.0627 0x078c  LSI_SAS - ok
08:10:58.0630 0x078c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
08:10:58.0646 0x078c  LSI_SAS2 - ok
08:10:58.0650 0x078c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
08:10:58.0667 0x078c  LSI_SCSI - ok
08:10:58.0671 0x078c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
08:10:58.0704 0x078c  luafv - ok
08:10:58.0707 0x078c  [ 1D12D4D0ABC5BB00A5E8FEB9A9601731, CD860BFBD86FD141C02537687F2B1E060B5754E2FFBA613BFCF332FFBB70CE28 ] LV_Tracker      C:\WINDOWS\system32\DRIVERS\LV_Tracker64.sys
08:10:58.0723 0x078c  LV_Tracker - ok
08:10:58.0728 0x078c  [ 0E4AD4D8C0A8048C00CAD9CFA082A26E, 77DE05486CA6A3DFAF7DDF249C27BE0CED7B678623D19419FE2B414BBA1E6F8E ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
08:10:58.0748 0x078c  MBAMChameleon - ok
08:10:58.0753 0x078c  [ E8922903632E78D9E60375E117089088, DE4E17E923AF1DAE0F42990BFBBD35CE9E0FD0483059FEDAA7B5F98034ED23AF ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
08:10:58.0771 0x078c  MBAMFarflt - ok
08:10:58.0774 0x078c  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
08:10:58.0792 0x078c  MBAMProtection - ok
08:10:58.0856 0x078c  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
08:10:58.0936 0x078c  MBAMService - ok
08:10:58.0946 0x078c  [ BDE2FC7213C0897524C1357BAAE30239, 1E1AB68145107429217E07A662477C86406E0188BE9F01CAC416AC13054D1A5E ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
08:10:58.0967 0x078c  MBAMSwissArmy - ok
08:10:58.0970 0x078c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
08:10:58.0987 0x078c  megasas - ok
08:10:58.0993 0x078c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
08:10:59.0012 0x078c  MegaSR - ok
08:10:59.0016 0x078c  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\WINDOWS\system32\DRIVERS\HECIx64.sys
08:10:59.0032 0x078c  MEIx64 - ok
08:10:59.0036 0x078c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\WINDOWS\system32\mmcss.dll
08:10:59.0070 0x078c  MMCSS - ok
08:10:59.0072 0x078c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
08:10:59.0105 0x078c  Modem - ok
08:10:59.0108 0x078c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\WINDOWS\system32\DRIVERS\monitor.sys
08:10:59.0129 0x078c  monitor - ok
08:10:59.0132 0x078c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:10:59.0149 0x078c  mouclass - ok
08:10:59.0151 0x078c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:10:59.0170 0x078c  mouhid - ok
08:10:59.0174 0x078c  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
08:10:59.0190 0x078c  mountmgr - ok
08:10:59.0194 0x078c  [ 52A59A679B3F9AE6921D3D4F74C5C9E5, D8046D6E858EFEAEAFB8F64ED24BB47E9254CCC7188007E37150EE4E8A2F83F8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:10:59.0212 0x078c  MozillaMaintenance - ok
08:10:59.0217 0x078c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\WINDOWS\system32\drivers\mpio.sys
08:10:59.0234 0x078c  mpio - ok
08:10:59.0237 0x078c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
08:10:59.0269 0x078c  mpsdrv - ok
08:10:59.0284 0x078c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
08:10:59.0326 0x078c  MpsSvc - ok
08:10:59.0331 0x078c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
08:10:59.0352 0x078c  MRxDAV - ok
08:10:59.0357 0x078c  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:10:59.0379 0x078c  mrxsmb - ok
08:10:59.0386 0x078c  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
08:10:59.0409 0x078c  mrxsmb10 - ok
08:10:59.0413 0x078c  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
08:10:59.0435 0x078c  mrxsmb20 - ok
08:10:59.0438 0x078c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\WINDOWS\system32\drivers\msahci.sys
08:10:59.0454 0x078c  msahci - ok
08:10:59.0459 0x078c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\WINDOWS\system32\drivers\msdsm.sys
08:10:59.0477 0x078c  msdsm - ok
08:10:59.0481 0x078c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
08:10:59.0504 0x078c  MSDTC - ok
08:10:59.0509 0x078c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:10:59.0541 0x078c  Msfs - ok
08:10:59.0544 0x078c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
08:10:59.0577 0x078c  mshidkmdf - ok
08:10:59.0579 0x078c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
08:10:59.0597 0x078c  msisadrv - ok
08:10:59.0603 0x078c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
08:10:59.0637 0x078c  MSiSCSI - ok
08:10:59.0640 0x078c  msiserver - ok
08:10:59.0642 0x078c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:10:59.0674 0x078c  MSKSSRV - ok
08:10:59.0706 0x078c  [ 47A616802531735DF88CD331739D6E97, 28A28794186CC0B5EC5A3838C7CAE16B9DCE2C0BD5873F59CE59F8F4EDA4268B ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
08:10:59.0752 0x078c  msoidsvc - ok
08:10:59.0756 0x078c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:10:59.0791 0x078c  MSPCLOCK - ok
08:10:59.0793 0x078c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:10:59.0826 0x078c  MSPQM - ok
08:10:59.0834 0x078c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
08:10:59.0855 0x078c  MsRPC - ok
08:10:59.0859 0x078c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:10:59.0875 0x078c  mssmbios - ok
08:10:59.0878 0x078c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
08:10:59.0910 0x078c  MSTEE - ok
08:10:59.0913 0x078c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\WINDOWS\system32\drivers\MTConfig.sys
08:10:59.0931 0x078c  MTConfig - ok
08:10:59.0934 0x078c  [ 1C1CDF54D4183C7CBF2AEF2E5C066295, 1790D4B94176B26767E6AFA4867A20DBA7FBE44761EC07BC1D4469ADA337136E ] Multi-user Cleanup Service C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
08:10:59.0949 0x078c  Multi-user Cleanup Service - ok
08:10:59.0953 0x078c  [ AA0C2BA3782E92BD85E2264BE418E67C, 8B0953926E83274DF16670F1EF6F4E302F7EE17418F486975C353A406850298C ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
08:10:59.0970 0x078c  Mup - ok
08:10:59.0979 0x078c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\WINDOWS\system32\qagentRT.dll
08:11:00.0017 0x078c  napagent - ok
08:11:00.0026 0x078c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
08:11:00.0051 0x078c  NativeWifiP - ok
08:11:00.0114 0x078c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
08:11:00.0148 0x078c  NDIS - ok
08:11:00.0152 0x078c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
08:11:00.0187 0x078c  NdisCap - ok
08:11:00.0190 0x078c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:11:00.0222 0x078c  NdisTapi - ok
08:11:00.0225 0x078c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:11:00.0258 0x078c  Ndisuio - ok
08:11:00.0263 0x078c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:11:00.0296 0x078c  NdisWan - ok
08:11:00.0300 0x078c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:11:00.0332 0x078c  NDProxy - ok
08:11:00.0335 0x078c  [ 2C723E42FC8D7B0209492828F921FB50, 2ECF9F4D91F317432FB5A6D01D8271BB7E2A5B8A6CA9EF2F2036890D2B072E52 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:11:00.0344 0x078c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
08:11:00.0344 0x078c  Detect skipped due to KSN trusted
08:11:00.0344 0x078c  Net Driver HPZ12 - ok
08:11:00.0347 0x078c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:11:00.0379 0x078c  NetBIOS - ok
08:11:00.0385 0x078c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:11:00.0408 0x078c  NetBT - ok
08:11:00.0410 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:11:00.0429 0x078c  Netlogon - ok
08:11:00.0436 0x078c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\WINDOWS\System32\netman.dll
08:11:00.0475 0x078c  Netman - ok
08:11:00.0482 0x078c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:00.0500 0x078c  NetMsmqActivator - ok
08:11:00.0504 0x078c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:00.0523 0x078c  NetPipeActivator - ok
08:11:00.0533 0x078c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\WINDOWS\System32\netprofm.dll
08:11:00.0587 0x078c  netprofm - ok
08:11:00.0592 0x078c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:00.0611 0x078c  NetTcpActivator - ok
08:11:00.0615 0x078c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:11:00.0633 0x078c  NetTcpPortSharing - ok
08:11:00.0796 0x078c  [ 7A72041342E328E91DE46C41722D6AC3, 22A03FD214A5DE94CFC123605A975E14FDDB05A7B51E7BD02F74B617BC32A72F ] NETwNs64        C:\WINDOWS\system32\DRIVERS\NETwsw00.sys
08:11:00.0972 0x078c  NETwNs64 - ok
08:11:00.0987 0x078c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
08:11:01.0005 0x078c  nfrd960 - ok
08:11:01.0011 0x078c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
08:11:01.0036 0x078c  NlaSvc - ok
08:11:01.0039 0x078c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:11:01.0084 0x078c  Npfs - ok
08:11:01.0087 0x078c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\WINDOWS\system32\nsisvc.dll
08:11:01.0126 0x078c  nsi - ok
08:11:01.0130 0x078c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
08:11:01.0173 0x078c  nsiproxy - ok
08:11:01.0175 0x078c  NSNDIS5 - ok
08:11:01.0206 0x078c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:11:01.0255 0x078c  Ntfs - ok
08:11:01.0355 0x078c  [ DED6C4D3CC16024317576DAE98703CF9, 7691A32086CBDAAFB97F3E081FF5EA0288945FBD182354C1865468853194CE3D ] ntrtscan        C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
08:11:01.0475 0x078c  ntrtscan - ok
08:11:01.0490 0x078c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:11:01.0532 0x078c  Null - ok
08:11:01.0538 0x078c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
08:11:01.0559 0x078c  nvraid - ok
08:11:01.0566 0x078c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
08:11:01.0589 0x078c  nvstor - ok
08:11:01.0593 0x078c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
08:11:01.0619 0x078c  nv_agp - ok
08:11:01.0623 0x078c  [ 011252EDC0E4A3BECF81306A08DD99DB, F1758D813E0A9C169F9593114D9BEC554D4731137F677AA62AD0FCA86F1B16D4 ] O2FJ2RDR        C:\WINDOWS\system32\DRIVERS\O2FJ2w7x64.sys
08:11:01.0650 0x078c  O2FJ2RDR - ok
08:11:01.0653 0x078c  [ 4E37455DB16AEC75862B1D0BC35B589E, F60FCE0C3E6C1559B0A8E0A032AFD30216E1DE2142E8E4C181C43DB6C4B5A443 ] O2FLASH         C:\WINDOWS\system32\DRIVERS\o2flash.exe
08:11:01.0672 0x078c  O2FLASH - ok
08:11:01.0675 0x078c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\WINDOWS\system32\drivers\ohci1394.sys
08:11:01.0702 0x078c  ohci1394 - ok
08:11:01.0707 0x078c  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:11:01.0734 0x078c  ose - ok
08:11:01.0813 0x078c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:11:01.0917 0x078c  osppsvc - ok
08:11:01.0933 0x078c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
08:11:01.0963 0x078c  p2pimsvc - ok
08:11:01.0975 0x078c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
08:11:02.0005 0x078c  p2psvc - ok
08:11:02.0010 0x078c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
08:11:02.0035 0x078c  Parport - ok
08:11:02.0039 0x078c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
08:11:02.0055 0x078c  partmgr - ok
08:11:02.0060 0x078c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
08:11:02.0081 0x078c  PcaSvc - ok
08:11:02.0086 0x078c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\WINDOWS\system32\drivers\pci.sys
08:11:02.0103 0x078c  pci - ok
08:11:02.0105 0x078c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
08:11:02.0120 0x078c  pciide - ok
08:11:02.0126 0x078c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
08:11:02.0143 0x078c  pcmcia - ok
08:11:02.0146 0x078c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
08:11:02.0162 0x078c  pcw - ok
08:11:02.0167 0x078c  [ D159BFEF7EA70B61AB2E331BC94A4D75, 4C397DB16EBAD0E1CC69C4E4CF901AF141E8B3CAC3D0CDF15DA27AB0C2DE83D7 ] PDF24           C:\Program Files (x86)\PDF24\pdf24.exe
08:11:02.0186 0x078c  PDF24 - ok
08:11:02.0199 0x078c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
08:11:02.0227 0x078c  PEAUTH - ok
08:11:02.0249 0x078c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
08:11:02.0286 0x078c  PeerDistSvc - ok
08:11:02.0302 0x078c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
08:11:02.0321 0x078c  PerfHost - ok
08:11:02.0347 0x078c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\WINDOWS\system32\pla.dll
08:11:02.0398 0x078c  pla - ok
08:11:02.0408 0x078c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
08:11:02.0433 0x078c  PlugPlay - ok
08:11:02.0436 0x078c  [ 171E6D91A20AAC8D02172A64E82CE90B, 0D51F00D6C0376CD12893620E0A15E687263048CFE20E953F6BB4B7D6CDC3F50 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:11:02.0447 0x078c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
08:11:02.0447 0x078c  Detect skipped due to KSN trusted
08:11:02.0447 0x078c  Pml Driver HPZ12 - ok
08:11:02.0450 0x078c  [ AAB547E4278174BEF5DF44A4811D1673, 9A434E78AB5EE7AC08F8102CD7AC70B1A43F9D7FA23CF8B338015105C8B67B84 ] PNPMEM          C:\WINDOWS\system32\DRIVERS\pnpmem.sys
08:11:02.0470 0x078c  PNPMEM - ok
08:11:02.0472 0x078c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
08:11:02.0491 0x078c  PNRPAutoReg - ok
08:11:02.0497 0x078c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
08:11:02.0521 0x078c  PNRPsvc - ok
08:11:02.0530 0x078c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
08:11:02.0556 0x078c  PolicyAgent - ok
08:11:02.0562 0x078c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\WINDOWS\system32\umpo.dll
08:11:02.0597 0x078c  Power - ok
08:11:02.0600 0x078c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:11:02.0633 0x078c  PptpMiniport - ok
08:11:02.0635 0x078c  [ C117970D3AE17FCDBA683D1D318B0440, E7E1A100BC1E98D068E81D9E6B9A9018A0193C5C859E39233BD843C4E83F5C47 ] prepdrvr        C:\WINDOWS\system32\DRIVERS\prepdrv.sys
08:11:02.0650 0x078c  prepdrvr - ok
08:11:02.0653 0x078c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\WINDOWS\system32\drivers\processr.sys
08:11:02.0672 0x078c  Processor - ok
08:11:02.0677 0x078c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
08:11:02.0698 0x078c  ProfSvc - ok
08:11:02.0701 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:11:02.0718 0x078c  ProtectedStorage - ok
08:11:02.0722 0x078c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
08:11:02.0754 0x078c  Psched - ok
08:11:02.0779 0x078c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\WINDOWS\system32\drivers\ql2300.sys
08:11:02.0816 0x078c  ql2300 - ok
08:11:02.0821 0x078c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\WINDOWS\system32\drivers\ql40xx.sys
08:11:02.0839 0x078c  ql40xx - ok
08:11:02.0845 0x078c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\WINDOWS\system32\qwave.dll
08:11:02.0869 0x078c  QWAVE - ok
08:11:02.0873 0x078c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
08:11:02.0893 0x078c  QWAVEdrv - ok
08:11:02.0895 0x078c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:11:02.0925 0x078c  RasAcd - ok
08:11:02.0928 0x078c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
08:11:02.0959 0x078c  RasAgileVpn - ok
08:11:02.0963 0x078c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:11:02.0997 0x078c  RasAuto - ok
08:11:03.0001 0x078c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:11:03.0034 0x078c  Rasl2tp - ok
08:11:03.0041 0x078c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:11:03.0079 0x078c  RasMan - ok
08:11:03.0082 0x078c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:11:03.0116 0x078c  RasPppoe - ok
08:11:03.0119 0x078c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
08:11:03.0154 0x078c  RasSstp - ok
08:11:03.0161 0x078c  [ 71B6F78D6444CCE6F77BC42917A4E8F7, 34927A2C1CA349D251A327ED1F30018B065A8E6B886D9B5080A8AE2F6A8C0914 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:11:03.0183 0x078c  rdbss - ok
08:11:03.0186 0x078c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\WINDOWS\system32\DRIVERS\rdpbus.sys
08:11:03.0207 0x078c  rdpbus - ok
08:11:03.0209 0x078c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:11:03.0239 0x078c  RDPCDD - ok
08:11:03.0245 0x078c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
08:11:03.0265 0x078c  RDPDR - ok
08:11:03.0267 0x078c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\WINDOWS\system32\drivers\rdpencdd.sys
08:11:03.0298 0x078c  RDPENCDD - ok
08:11:03.0302 0x078c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\WINDOWS\system32\drivers\rdprefmp.sys
08:11:03.0333 0x078c  RDPREFMP - ok
08:11:03.0336 0x078c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
08:11:03.0355 0x078c  RdpVideoMiniport - ok
08:11:03.0361 0x078c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:11:03.0382 0x078c  RDPWD - ok
08:11:03.0387 0x078c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
08:11:03.0405 0x078c  rdyboost - ok
08:11:03.0409 0x078c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:11:03.0442 0x078c  RemoteAccess - ok
08:11:03.0447 0x078c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:11:03.0482 0x078c  RemoteRegistry - ok
08:11:03.0486 0x078c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:11:03.0509 0x078c  RFCOMM - ok
08:11:03.0512 0x078c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
08:11:03.0544 0x078c  RpcEptMapper - ok
08:11:03.0547 0x078c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:11:03.0565 0x078c  RpcLocator - ok
08:11:03.0575 0x078c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:11:03.0612 0x078c  RpcSs - ok
08:11:03.0617 0x078c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
08:11:03.0649 0x078c  rspndr - ok
08:11:03.0655 0x078c  [ DDF3EFB4AD226C61D0ADA6E779E3D968, 5B14B35321F10D974B9F47D60C9DAA527A2C907029C242A6F4214E6012A046DA ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
08:11:03.0672 0x078c  RtkAudioService - ok
08:11:03.0674 0x078c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\WINDOWS\system32\drivers\vms3cap.sys
08:11:03.0691 0x078c  s3cap - ok
08:11:03.0695 0x078c  [ 8607A857198C2862D620EB0BC966204E, 11DB8F12C4EDD3B3015C0AAC1108494FDDD6EDF812FB51CDEE477C534C3E5207 ] SAKFile         C:\WINDOWS\system32\drivers\sakfile.sys
08:11:03.0713 0x078c  SAKFile - ok
08:11:03.0716 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\WINDOWS\system32\lsass.exe
08:11:03.0734 0x078c  SamSs - ok
08:11:03.0738 0x078c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
08:11:03.0755 0x078c  sbp2port - ok
08:11:03.0760 0x078c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
08:11:03.0795 0x078c  SCardSvr - ok
08:11:03.0798 0x078c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
08:11:03.0830 0x078c  scfilter - ok
08:11:03.0848 0x078c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:11:03.0882 0x078c  Schedule - ok
08:11:03.0887 0x078c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
08:11:03.0918 0x078c  SCPolicySvc - ok
08:11:03.0923 0x078c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
08:11:03.0944 0x078c  SDRSVC - ok
08:11:03.0973 0x078c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
08:11:04.0012 0x078c  SDScannerService - ok
08:11:04.0073 0x078c  [ 94653C9CFDC15B30EEECD94BA7219654, 59F54AC9BC79C1BFBEA84992181C58AF434A3DDDF473C9BE942D3462875A8375 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:11:04.0158 0x078c  SDUpdateService - ok
08:11:04.0169 0x078c  [ A7C46DA2D7C25DAA810E1DE4B14D1478, 4A995EFBBB7B192CC25B24286D4864160692F4D16EA13E7138D17272B495ED6B ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:11:04.0192 0x078c  SDWSCService - ok
08:11:04.0195 0x078c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
08:11:04.0213 0x078c  secdrv - ok
08:11:04.0216 0x078c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\WINDOWS\system32\seclogon.dll
08:11:04.0237 0x078c  seclogon - ok
08:11:04.0240 0x078c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\WINDOWS\System32\sens.dll
08:11:04.0273 0x078c  SENS - ok
08:11:04.0276 0x078c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
08:11:04.0295 0x078c  SensrSvc - ok
08:11:04.0299 0x078c  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\WINDOWS\System32\Drivers\Sentinel64.sys
08:11:04.0316 0x078c  Sentinel64 - ok
08:11:04.0319 0x078c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
08:11:04.0338 0x078c  Serenum - ok
08:11:04.0341 0x078c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
08:11:04.0362 0x078c  Serial - ok
08:11:04.0364 0x078c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\WINDOWS\system32\drivers\sermouse.sys
08:11:04.0382 0x078c  sermouse - ok
08:11:04.0389 0x078c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
08:11:04.0423 0x078c  SessionEnv - ok
08:11:04.0425 0x078c  [ 18A4EB256E35A6DD233C4D005835879A, 1993C6DC6578862B6DD2F1F85EF1101D40993600FB7E02FD6C289806C0CD71B2 ] SetupARService  C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
08:11:04.0432 0x078c  SetupARService - detected UnsignedFile.Multi.Generic ( 1 )
08:11:04.0433 0x078c  Detect skipped due to KSN trusted
08:11:04.0433 0x078c  SetupARService - ok
08:11:04.0435 0x078c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\WINDOWS\system32\drivers\sffdisk.sys
08:11:04.0455 0x078c  sffdisk - ok
08:11:04.0458 0x078c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\WINDOWS\system32\drivers\sffp_mmc.sys
08:11:04.0477 0x078c  sffp_mmc - ok
08:11:04.0480 0x078c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\WINDOWS\system32\drivers\sffp_sd.sys
08:11:04.0500 0x078c  sffp_sd - ok
08:11:04.0502 0x078c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\WINDOWS\system32\drivers\sfloppy.sys
08:11:04.0520 0x078c  sfloppy - ok
08:11:04.0527 0x078c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:11:04.0564 0x078c  SharedAccess - ok
08:11:04.0572 0x078c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:11:04.0608 0x078c  ShellHWDetection - ok
08:11:04.0611 0x078c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
08:11:04.0627 0x078c  SiSRaid2 - ok
08:11:04.0630 0x078c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
08:11:04.0646 0x078c  SiSRaid4 - ok
08:11:04.0652 0x078c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:11:04.0673 0x078c  SkypeUpdate - ok
08:11:04.0676 0x078c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\WINDOWS\system32\DRIVERS\smb.sys
08:11:04.0709 0x078c  Smb - ok
08:11:04.0710 0x078c  Smcinst - ok
08:11:04.0716 0x078c  smstsmgr - ok
08:11:04.0719 0x078c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
08:11:04.0739 0x078c  SNMPTRAP - ok
08:11:04.0742 0x078c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\WINDOWS\system32\drivers\spldr.sys
08:11:04.0758 0x078c  spldr - ok
08:11:04.0768 0x078c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
08:11:04.0795 0x078c  Spooler - ok
08:11:04.0847 0x078c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
08:11:04.0930 0x078c  sppsvc - ok
08:11:04.0938 0x078c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\WINDOWS\system32\sppuinotify.dll
08:11:04.0971 0x078c  sppuinotify - ok
08:11:04.0981 0x078c  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:11:05.0004 0x078c  srv - ok
08:11:05.0014 0x078c  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
08:11:05.0037 0x078c  srv2 - ok
08:11:05.0042 0x078c  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
08:11:05.0061 0x078c  srvnet - ok
08:11:05.0067 0x078c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:11:05.0102 0x078c  SSDPSRV - ok
08:11:05.0105 0x078c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
08:11:05.0138 0x078c  SstpSvc - ok
08:11:05.0141 0x078c  [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn        C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
08:11:05.0156 0x078c  stdcfltn - ok
08:11:05.0255 0x078c  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:11:05.0292 0x078c  Steam Client Service - ok
08:11:05.0296 0x078c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
08:11:05.0311 0x078c  stexstor - ok
08:11:05.0314 0x078c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
08:11:05.0332 0x078c  StillCam - ok
08:11:05.0343 0x078c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
08:11:05.0373 0x078c  stisvc - ok
08:11:05.0377 0x078c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
08:11:05.0393 0x078c  storflt - ok
08:11:05.0395 0x078c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
08:11:05.0415 0x078c  StorSvc - ok
08:11:05.0417 0x078c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
08:11:05.0434 0x078c  storvsc - ok
08:11:05.0437 0x078c  [ 4732444B7A815E8ECD66E9D1FC82DDC8, 6DC333BE9921683AA815CFB7FAC4F94C315F564D3A9D2E7F06E3D232A2450232 ] ST_Accel        C:\WINDOWS\system32\DRIVERS\ST_Accel.sys
08:11:05.0453 0x078c  ST_Accel - ok
08:11:05.0455 0x078c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:11:05.0471 0x078c  swenum - ok
08:11:05.0480 0x078c  [ DC4F7B0553A8D2103EBC33FB42AB9A23, 27EC66A568A5CDE8FE2697C191A358FA12FBC9B2F678EF5292E5ACF35C4CA658 ] swg3kmbb05      C:\WINDOWS\system32\DRIVERS\swg3kmbb05.sys
08:11:05.0501 0x078c  swg3kmbb05 - ok
08:11:05.0509 0x078c  [ A7AF79AFDE4F43D93A8D1501AF649D14, F90076ED5F7AF3676E8F22893B5B83EC584DFC6CDE4F7288318CBB7185FCAAC1 ] swg3knmea05     C:\WINDOWS\system32\DRIVERS\swg3knmea05.sys
08:11:05.0527 0x078c  swg3knmea05 - ok
08:11:05.0534 0x078c  [ 00D1D5368C44F16DD3D08D6C24B1AA4E, 88000C99281A70DDEA28EB2A572F927468498E720C54F933C7C960BAB325D4D6 ] swg3kser05      C:\WINDOWS\system32\DRIVERS\swg3kser05.sys
08:11:05.0551 0x078c  swg3kser05 - ok
08:11:05.0555 0x078c  [ 221C719871D1F7261002214D424CDC89, ED95E552B4E5667A6435F72D9947581E0D1A0E1A8CABEADE9F8B51CDB105497A ] swibus05        C:\WINDOWS\system32\DRIVERS\swibus05.sys
08:11:05.0570 0x078c  swibus05 - ok
08:11:05.0573 0x078c  [ 221C719871D1F7261002214D424CDC89, ED95E552B4E5667A6435F72D9947581E0D1A0E1A8CABEADE9F8B51CDB105497A ] swibusflt05     C:\WINDOWS\system32\DRIVERS\swibusflt05.sys
08:11:05.0589 0x078c  swibusflt05 - ok
08:11:05.0599 0x078c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\WINDOWS\System32\swprv.dll
08:11:05.0637 0x078c  swprv - ok
08:11:05.0666 0x078c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\WINDOWS\system32\sysmain.dll
08:11:05.0708 0x078c  SysMain - ok
08:11:05.0713 0x078c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
08:11:05.0735 0x078c  TabletInputService - ok
08:11:05.0742 0x078c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:11:05.0776 0x078c  TapiSrv - ok
08:11:05.0779 0x078c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\WINDOWS\System32\tbssvc.dll
08:11:05.0811 0x078c  TBS - ok
08:11:05.0840 0x078c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
08:11:05.0882 0x078c  Tcpip - ok
08:11:05.0913 0x078c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:11:05.0954 0x078c  TCPIP6 - ok
08:11:05.0960 0x078c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
08:11:05.0977 0x078c  tcpipreg - ok
08:11:05.0981 0x078c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\WINDOWS\system32\drivers\tdpipe.sys
08:11:05.0998 0x078c  TDPIPE - ok
08:11:06.0000 0x078c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\WINDOWS\system32\drivers\tdtcp.sys
08:11:06.0017 0x078c  TDTCP - ok
08:11:06.0021 0x078c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
08:11:06.0039 0x078c  tdx - ok
08:11:06.0120 0x078c  [ 49219B921E6FE4D6C002965AADAE5C60, 927B601C743481D74C15E42A6D85C03B62C387FCD68CCDA21FFD05AA23AD5255 ] TeamViewer8     C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe
08:11:06.0207 0x078c  TeamViewer8 - ok
08:11:06.0215 0x078c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:11:06.0231 0x078c  TermDD - ok
08:11:06.0233 0x078c  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\WINDOWS\system32\drivers\terminpt.sys
08:11:06.0251 0x078c  terminpt - ok
08:11:06.0264 0x078c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\WINDOWS\System32\termsrv.dll
08:11:06.0293 0x078c  TermService - ok
08:11:06.0296 0x078c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\WINDOWS\system32\themeservice.dll
08:11:06.0318 0x078c  Themes - ok
08:11:06.0322 0x078c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
08:11:06.0354 0x078c  THREADORDER - ok
08:11:06.0358 0x078c  [ E5411738E1E4546A663E2847E10A4E59, 0063B7B6D7D498C9CF861F98D133F0937353F4B942B299D575E1E5F788CA3BA8 ] tmactmon        C:\WINDOWS\system32\DRIVERS\tmactmon.sys
08:11:06.0376 0x078c  tmactmon - ok
08:11:06.0387 0x078c  [ 8FA0612AE751EBD3E109B5DC9CA8DA0E, 38C98A03C4412CB8B4FC67E6D1C525EA2D855BB48A46B4C511E02D700C68C815 ] TMBMServer      C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
08:11:06.0410 0x078c  TMBMServer - ok
08:11:06.0431 0x078c  [ A4FB276F30C1A75C3DF4E0AC62191619, A0E69DC0BC25D192733AA6FD15852231BDAD2B911A507913296DF4738C0BE200 ] tmccsf          C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe
08:11:06.0459 0x078c  tmccsf - ok
08:11:06.0467 0x078c  [ 30947DDD4701940A5FC97C382BCBC752, 5A06D57FF27D5A4375110E855021A067E84C5705A6A4848949B917275E990503 ] tmcomm          C:\WINDOWS\system32\DRIVERS\tmcomm.sys
08:11:06.0487 0x078c  tmcomm - ok
08:11:06.0490 0x078c  [ C445009328AD59F242B39A39780DC3E1, 8548A55B15562472374BDE78F5306AF0CA31FC5043E2D340D0DBDD2F43D1CEFA ] TMEBC           C:\WINDOWS\system32\DRIVERS\TMEBC64.sys
08:11:06.0507 0x078c  TMEBC - ok
08:11:06.0512 0x078c  [ F21BD7A3E2002A88AB471BE42141C783, F18A07B06C5F3B3FECB17A93FA6BADAE01B53DE6D9304625765AA047D227FC23 ] tmeevw          C:\WINDOWS\system32\DRIVERS\tmeevw.sys
08:11:06.0529 0x078c  tmeevw - ok
08:11:06.0532 0x078c  [ C383B6EDAD2343C1582A04EDE56C2A46, 0A0DB20F1652654E1C1546DBBD1E3880D50E421E55669C8234AE194D84B01AC2 ] tmevtmgr        C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
08:11:06.0549 0x078c  tmevtmgr - ok
08:11:06.0557 0x078c  [ 76E731BC98B7690C2001AD55778CBE71, 336678E974B9EF1FBB4E1693CF2136668CF40C3F8E57D2685DF90006573885C5 ] TmFilter        C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
08:11:06.0578 0x078c  TmFilter - ok
08:11:06.0654 0x078c  [ E54E276B691AEA5E20C286D581DFBCFF, 4B9858C6F697AE1BE6AB39F9EC5A7070263158AD3AFC81795337F7D4AD2A0938 ] tmlisten        C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
08:11:06.0752 0x078c  tmlisten - ok
08:11:06.0763 0x078c  [ BB3645E967BF5E751C5F986D77BFF78D, 45253F8AFD5BA5A0E45492CBBCDBD98194E8BAA517C258A41E8296375AA4BA42 ] TmLwf           C:\WINDOWS\system32\DRIVERS\tmlwf.sys
08:11:06.0781 0x078c  TmLwf - ok
08:11:06.0789 0x078c  [ D8037AD74BD8E5C85514C78841DF72CA, 784AA2483746143B03FC62D3D8CEBA66262405FA607E373ACB6165510D3459B2 ] tmnciesc        C:\WINDOWS\system32\DRIVERS\tmnciesc.sys
08:11:06.0811 0x078c  tmnciesc - ok
08:11:06.0822 0x078c  [ 4549B784B831823D16AE76FFAB39D7E9, 655C996E5246636A6F8956B4C5A2E8A2705E22622CDD8C12E3363C8625FCDD0D ] TmPfw           C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
08:11:06.0845 0x078c  TmPfw - ok
08:11:06.0848 0x078c  [ 1A1AAAF1828123E649FEC0AB2661B6B5, 86570929469FA2422A59866218F8EDDD02538B4E1FED88EB94A9CFD495B946F4 ] TmPreFilter     C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
08:11:06.0864 0x078c  TmPreFilter - ok
08:11:06.0868 0x078c  [ 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB ] tmtdi           C:\WINDOWS\system32\DRIVERS\tmtdi.sys
08:11:06.0884 0x078c  tmtdi - ok
08:11:06.0888 0x078c  [ 4ECC895837839D986D0FDB03D7FDEF8A, 92E83BA161D7E4A087067973BE464082918EF324FC0F42E4E6C79AB360B2EE7E ] tmumh           C:\WINDOWS\system32\DRIVERS\TMUMH.sys
08:11:06.0906 0x078c  tmumh - ok
08:11:06.0910 0x078c  [ C1B391A5E25D0FDCA89F5725D7BDC19D, 1E7DA6E09249297B931A8533F815988BCD5BBE32E4C2C2AC28CEBD1FC82FB2D3 ] tmusa           C:\WINDOWS\system32\DRIVERS\tmusa.sys
08:11:06.0927 0x078c  tmusa - ok
08:11:06.0933 0x078c  [ B0789405BE246B4B2D5FFA64B15B1342, 0798E6196D2CCD8EE14167563FDAFB8471DB73FD34409E46181263CBD0562FAB ] tmWfp           C:\WINDOWS\system32\DRIVERS\tmwfp.sys
08:11:06.0953 0x078c  tmWfp - ok
08:11:06.0957 0x078c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
08:11:06.0991 0x078c  TrkWks - ok
08:11:06.0996 0x078c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
08:11:07.0030 0x078c  TrustedInstaller - ok
08:11:07.0034 0x078c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
08:11:07.0054 0x078c  tssecsrv - ok
08:11:07.0057 0x078c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
08:11:07.0076 0x078c  TsUsbFlt - ok
08:11:07.0079 0x078c  [ D34789988234DCC8FA55FA9A485AF0EC, 5C1A77EFA23261F5F9C971A12145CA6AC701723A94B6A8AE9BE95EEDD3C02919 ] TsUsbGD         C:\WINDOWS\system32\drivers\TsUsbGD.sys
08:11:07.0098 0x078c  TsUsbGD - ok
08:11:07.0102 0x078c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
08:11:07.0136 0x078c  tunnel - ok
08:11:07.0139 0x078c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
08:11:07.0156 0x078c  uagp35 - ok
08:11:07.0164 0x078c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
08:11:07.0200 0x078c  udfs - ok
08:11:07.0205 0x078c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
08:11:07.0225 0x078c  UI0Detect - ok
08:11:07.0228 0x078c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
08:11:07.0244 0x078c  uliagpkx - ok
08:11:07.0247 0x078c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\WINDOWS\system32\DRIVERS\umbus.sys
08:11:07.0265 0x078c  umbus - ok
08:11:07.0267 0x078c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\WINDOWS\system32\drivers\umpass.sys
08:11:07.0288 0x078c  UmPass - ok
08:11:07.0294 0x078c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
08:11:07.0315 0x078c  UmRdpService - ok
08:11:07.0322 0x078c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:11:07.0359 0x078c  upnphost - ok
08:11:07.0362 0x078c  [ C3912689DF0AE9FFD353112BE6EF5BCF, 5F3B94A2CCC7444B1A639E5630B9B8CF1A3932BFF5563311AF4DE9FA61A5556E ] urvpndrv        C:\WINDOWS\system32\DRIVERS\covpnv64.sys
08:11:07.0377 0x078c  urvpndrv - ok
08:11:07.0380 0x078c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
08:11:07.0399 0x078c  usbaudio - ok
08:11:07.0403 0x078c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:11:07.0421 0x078c  usbccgp - ok
08:11:07.0425 0x078c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\WINDOWS\system32\drivers\usbcir.sys
08:11:07.0444 0x078c  usbcir - ok
08:11:07.0447 0x078c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:11:07.0465 0x078c  usbehci - ok
08:11:07.0472 0x078c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:11:07.0494 0x078c  usbhub - ok
08:11:07.0497 0x078c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\WINDOWS\system32\drivers\usbohci.sys
08:11:07.0515 0x078c  usbohci - ok
08:11:07.0517 0x078c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:11:07.0537 0x078c  usbprint - ok
08:11:07.0541 0x078c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:11:07.0559 0x078c  USBSTOR - ok
08:11:07.0562 0x078c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\WINDOWS\system32\drivers\usbuhci.sys
08:11:07.0580 0x078c  usbuhci - ok
08:11:07.0585 0x078c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
08:11:07.0605 0x078c  usbvideo - ok
08:11:07.0607 0x078c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:11:07.0625 0x078c  usb_rndisx - ok
08:11:07.0628 0x078c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\WINDOWS\System32\uxsms.dll
08:11:07.0660 0x078c  UxSms - ok
08:11:07.0662 0x078c  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\WINDOWS\system32\lsass.exe
08:11:07.0681 0x078c  VaultSvc - ok
08:11:07.0685 0x078c  [ E1915B4B40F5F36E2FC9E8EBD2696B14, 78F938C39455584404A729AE4ECA3B93362A388E12A1AF90D374A47BFE4E19C4 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys
08:11:07.0701 0x078c  VBoxNetAdp - ok
08:11:07.0704 0x078c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
08:11:07.0719 0x078c  vdrvroot - ok
08:11:07.0728 0x078c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\WINDOWS\System32\vds.exe
08:11:07.0766 0x078c  vds - ok
08:11:07.0771 0x078c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\WINDOWS\system32\DRIVERS\vgapnp.sys
08:11:07.0790 0x078c  vga - ok
08:11:07.0793 0x078c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:11:07.0824 0x078c  VgaSave - ok
08:11:07.0829 0x078c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\WINDOWS\system32\drivers\vhdmp.sys
08:11:07.0847 0x078c  vhdmp - ok
08:11:07.0849 0x078c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
08:11:07.0864 0x078c  viaide - ok
08:11:07.0869 0x078c  [ BD00A8CFB76E6BB0E89DB191E3712528, 870664951D908772454E30042E2CD464722DF7331AFAC016B0884EC375FEA5C3 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
08:11:07.0896 0x078c  VMAuthdService - ok
08:11:07.0901 0x078c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
08:11:07.0919 0x078c  vmbus - ok
08:11:07.0922 0x078c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\WINDOWS\system32\drivers\VMBusHID.sys
08:11:07.0939 0x078c  VMBusHID - ok
08:11:07.0942 0x078c  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\WINDOWS\system32\DRIVERS\vmci.sys
08:11:07.0958 0x078c  vmci - ok
08:11:07.0960 0x078c  [ C0E61F8A36ADFB7C953BA3AA73B2F13A, 54F8A798DD933C32ADEFD08EF61F64A87F9C81A9E9B6FE95173020FD8F4B839D ] vmkbd           C:\WINDOWS\system32\drivers\VMkbd.sys
08:11:07.0977 0x078c  vmkbd - ok
08:11:07.0979 0x078c  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
08:11:07.0995 0x078c  VMnetAdapter - ok
08:11:07.0998 0x078c  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
08:11:08.0014 0x078c  VMnetBridge - ok
08:11:08.0031 0x078c  [ 338CD01BD29805A93902B9237A39CAC5, AB667D0BD54FFCAA997F97755CE576E47D361EEA21E45B95DEA1E912693B4CE2 ] VMnetDHCP       C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
08:11:08.0051 0x078c  VMnetDHCP - ok
08:11:08.0054 0x078c  [ 76C4CFAC694A581EA5C8DE89B6AEBD4B, B6D19529223BD20AA2A17D93A8F0D2D32369FDE4E8535F6D1191B065B0755EE4 ] VMnetuserif     C:\WINDOWS\system32\drivers\vmnetuserif.sys
08:11:08.0070 0x078c  VMnetuserif - ok
08:11:08.0073 0x078c  [ 10E2D1F255E7BC086F643D9A34DA1E5B, 29EC2A16F38C1EB10F6C141DE24B28C91C55ED39FFF66F40F9C13F43D3D15E51 ] VMparport       C:\WINDOWS\system32\drivers\VMparport.sys
08:11:08.0089 0x078c  VMparport - ok
08:11:08.0092 0x078c  [ 5C33E873349CF67272A8B342AC963A6E, 9CB419F422C88C0055440E1AF94716C537E9D9CD34DF6F2AE81C3D2CDDD1FD31 ] vmusb           C:\WINDOWS\system32\DRIVERS\vmusb.sys
08:11:08.0108 0x078c  vmusb - ok
08:11:08.0124 0x078c  [ 9D88591D3B97D30234F5B965B8E0ABD6, 42ECDD6D789645242E4640F10C1FB91BF0C2B37CDE3CF864B8175EE3E05DB2DB ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
08:11:08.0152 0x078c  VMUSBArbService - ok
08:11:08.0163 0x078c  [ 2B2BB1F8BFEBE6B847FDB32F89EA2A3E, 743EBF3EF12067A77454B04559E266EFB306A454AF765A0821193C646A952F2E ] VMware NAT Service C:\WINDOWS\SYSWOW64\VMNAT.EXE
08:11:08.0186 0x078c  VMware NAT Service - ok
08:11:08.0191 0x078c  [ F6B89D7078138FE6E9C00CF311FFE517, 701A33BB32A0289B2878268A27A5F4D36167C126601D51DC6EEE1C109E990868 ] vmx86           C:\WINDOWS\system32\drivers\vmx86.sys
08:11:08.0207 0x078c  vmx86 - ok
08:11:08.0210 0x078c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
08:11:08.0227 0x078c  volmgr - ok
08:11:08.0235 0x078c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
08:11:08.0257 0x078c  volmgrx - ok
08:11:08.0264 0x078c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
08:11:08.0284 0x078c  volsnap - ok
08:11:08.0296 0x078c  [ 4D8FC912E146DE0115392381C7114588, 4162DCE8578D460E87D3419EA266111BBA716CB8B40F21B889A0587DF0D58978 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
08:11:08.0319 0x078c  vpnagent - ok
08:11:08.0322 0x078c  [ A8D4FED106B4BD337DF3DA20BA44E18E, 066F58895F9FF71E72852DB982C3CD2F7E92092411686CE972449B0123A04B1E ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva64.sys
08:11:08.0337 0x078c  vpnva - ok
08:11:08.0376 0x078c  [ B75FBCA62BF78ACCFE73B29B6BC21717, D8D6F0C702B30D52DF9E37244CCD989A306076EE89C6665F475FD9FAECA1C166 ] VSApiNt         C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
08:11:08.0429 0x078c  VSApiNt - ok
08:11:08.0437 0x078c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
08:11:08.0455 0x078c  vsmraid - ok
08:11:08.0459 0x078c  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\WINDOWS\system32\drivers\vsock.sys
08:11:08.0475 0x078c  vsock - ok
08:11:08.0502 0x078c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\WINDOWS\system32\vssvc.exe
08:11:08.0555 0x078c  VSS - ok
08:11:08.0560 0x078c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\WINDOWS\system32\DRIVERS\vwifibus.sys
08:11:08.0582 0x078c  vwifibus - ok
08:11:08.0585 0x078c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt

zoror · 02.03.2017, 08:31

TDSSKiller-Teil 3:

Code:

ATTFilter

C:\WINDOWS\system32\DRIVERS\vwififlt.sys
08:11:08.0608 0x078c  vwififlt - ok
08:11:08.0611 0x078c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
08:11:08.0633 0x078c  vwifimp - ok
08:11:08.0642 0x078c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\WINDOWS\system32\w32time.dll
08:11:08.0680 0x078c  W32Time - ok
08:11:08.0685 0x078c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\WINDOWS\system32\drivers\wacompen.sys
08:11:08.0704 0x078c  WacomPen - ok
08:11:08.0708 0x078c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:11:08.0741 0x078c  WANARP - ok
08:11:08.0744 0x078c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:11:08.0777 0x078c  Wanarpv6 - ok
08:11:08.0802 0x078c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\WINDOWS\system32\wbengine.exe
08:11:08.0843 0x078c  wbengine - ok
08:11:08.0850 0x078c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
08:11:08.0876 0x078c  WbioSrvc - ok
08:11:08.0885 0x078c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
08:11:08.0913 0x078c  wcncsvc - ok
08:11:08.0917 0x078c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
08:11:08.0937 0x078c  WcsPlugInService - ok
08:11:08.0940 0x078c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\WINDOWS\system32\drivers\wd.sys
08:11:08.0956 0x078c  Wd - ok
08:11:08.0970 0x078c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
08:11:08.0997 0x078c  Wdf01000 - ok
08:11:09.0002 0x078c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
08:11:09.0027 0x078c  WdiServiceHost - ok
08:11:09.0030 0x078c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
08:11:09.0056 0x078c  WdiSystemHost - ok
08:11:09.0068 0x078c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:11:09.0092 0x078c  WebClient - ok
08:11:09.0099 0x078c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
08:11:09.0135 0x078c  Wecsvc - ok
08:11:09.0139 0x078c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
08:11:09.0176 0x078c  wercplsupport - ok
08:11:09.0180 0x078c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
08:11:09.0213 0x078c  WerSvc - ok
08:11:09.0215 0x078c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\WINDOWS\system32\DRIVERS\wfplwf.sys
08:11:09.0247 0x078c  WfpLwf - ok
08:11:09.0250 0x078c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
08:11:09.0266 0x078c  WIMMount - ok
08:11:09.0268 0x078c  WinDefend - ok
08:11:09.0273 0x078c  WinHttpAutoProxySvc - ok
08:11:09.0281 0x078c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:11:09.0317 0x078c  Winmgmt - ok
08:11:09.0349 0x078c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:11:09.0398 0x078c  WinRM - ok
08:11:09.0407 0x078c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:11:09.0429 0x078c  WinUsb - ok
08:11:09.0444 0x078c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\WINDOWS\System32\wlansvc.dll
08:11:09.0479 0x078c  Wlansvc - ok
08:11:09.0483 0x078c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:11:09.0502 0x078c  WmiAcpi - ok
08:11:09.0509 0x078c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
08:11:09.0531 0x078c  wmiApSrv - ok
08:11:09.0533 0x078c  WMPNetworkSvc - ok
08:11:09.0536 0x078c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
08:11:09.0556 0x078c  WPCSvc - ok
08:11:09.0560 0x078c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
08:11:09.0582 0x078c  WPDBusEnum - ok
08:11:09.0585 0x078c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:11:09.0617 0x078c  ws2ifsl - ok
08:11:09.0622 0x078c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
08:11:09.0646 0x078c  wscsvc - ok
08:11:09.0648 0x078c  WSearch - ok
08:11:09.0689 0x078c  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
08:11:09.0745 0x078c  wuauserv - ok
08:11:09.0752 0x078c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
08:11:09.0772 0x078c  WudfPf - ok
08:11:09.0777 0x078c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
08:11:09.0799 0x078c  WUDFRd - ok
08:11:09.0803 0x078c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
08:11:09.0823 0x078c  wudfsvc - ok
08:11:09.0830 0x078c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
08:11:09.0853 0x078c  WwanSvc - ok
08:11:09.0865 0x078c  ================ Scan global ===============================
08:11:09.0868 0x078c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\WINDOWS\system32\basesrv.dll
08:11:09.0874 0x078c  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\WINDOWS\system32\winsrv.dll
08:11:09.0883 0x078c  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\WINDOWS\system32\winsrv.dll
08:11:09.0889 0x078c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\WINDOWS\system32\sxssrv.dll
08:11:09.0897 0x078c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\WINDOWS\system32\services.exe
08:11:09.0902 0x078c  [ Global ] - ok
08:11:09.0902 0x078c  ================ Scan MBR ==================================
08:11:09.0906 0x078c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:11:10.0001 0x078c  \Device\Harddisk0\DR0 - ok
08:11:10.0001 0x078c  ================ Scan VBR ==================================
08:11:10.0003 0x078c  [ 925B26D038614BDE3247E74F18DD5ED2 ] \Device\Harddisk0\DR0\Partition1
08:11:10.0004 0x078c  \Device\Harddisk0\DR0\Partition1 - ok
08:11:10.0005 0x078c  [ B367C5CF920D792D0BEC8D4B3B144D10 ] \Device\Harddisk0\DR0\Partition2
08:11:10.0007 0x078c  \Device\Harddisk0\DR0\Partition2 - ok
08:11:10.0007 0x078c  ================ Scan generic autorun ======================
08:11:10.0012 0x078c  [ 45188A07E5DDEAF071D52D75B79679DF, 26337D5C6C99FD45EB1A0E93D4DB680E269B7DB623D385BAAB20C64B06CA5FAC ] C:\WINDOWS\system32\igfxtray.exe
08:11:10.0033 0x078c  IgfxTray - ok
08:11:10.0042 0x078c  [ D52E4A9D072D48C55E7669AF5407FD5C, B15DC85F608B642C43C56D8D531F8335F5266BC8449B49450C679C8E2FF1F394 ] C:\WINDOWS\system32\hkcmd.exe
08:11:10.0064 0x078c  HotKeysCmds - ok
08:11:10.0073 0x078c  [ 984AC44377C24665F48CE29149F605AF, 71760C7539C7FE901520F6A9DA4C32192E1F94F698DB5EE1FBC0BDB2D9DF0309 ] C:\WINDOWS\system32\igfxpers.exe
08:11:10.0098 0x078c  Persistence - ok
08:11:10.0110 0x078c  [ 49250EC8E64916CF40A78AC6CD916F40, C29B6999D6D98A884FD11C354CD89074A037807B17753CDAC4F218AF070DC40F ] C:\Program Files\DellTPad\Apoint.exe
08:11:10.0135 0x078c  Apoint - ok
08:11:10.0138 0x078c  BTMTrayAgent - ok
08:11:10.0241 0x078c  [ 5BAD798CBAB39F3A56A9CD495320F67E, 668FB3F30DD99CBF9EBDDF4C079636DFD2C7693B3506AC8A6DD1B3CA4B5BAF11 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
08:11:10.0354 0x078c  RtHDVCpl - ok
08:11:10.0390 0x078c  [ C9C552CE10985B889DC476F6C015F85D, 901A7BFC84A7C42DF0B9CBFB49F39A95DDC62BAC9E08777DA53AB2B1550AAA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
08:11:10.0424 0x078c  RtHDVBg - ok
08:11:10.0447 0x078c  [ C9C552CE10985B889DC476F6C015F85D, 901A7BFC84A7C42DF0B9CBFB49F39A95DDC62BAC9E08777DA53AB2B1550AAA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
08:11:10.0480 0x078c  RtHDVBg_PushButton - ok
08:11:10.0523 0x078c  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
08:11:10.0575 0x078c  Malwarebytes TrayApp - ok
08:11:10.0582 0x078c  [ B2C71C77CB6CF0B032665D66E74A7D35, A56B49003EC087652321B9F0142228C1B687D14F06E62A7CC0509154722CF8BF ] C:\Program Files (x86)\Iron Mountain\Connected BackupPC\LaunchAgent.vbs
08:11:10.0651 0x078c  AgentUiRunKey - detected UnsignedFile.Multi.Generic ( 1 )
08:11:10.0697 0x078c  AgentUiRunKey ( UnsignedFile.Multi.Generic ) - warning
08:11:10.0875 0x078c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:11:10.0915 0x078c  Sidebar - ok
08:11:10.0919 0x078c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:11:10.0940 0x078c  mctadmin - ok
08:11:10.0958 0x078c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:11:10.0995 0x078c  Sidebar - ok
08:11:10.0998 0x078c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:11:11.0022 0x078c  mctadmin - ok
08:11:11.0030 0x078c  AV detected via SS2: Trend Micro OfficeScan Antivirus, C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe ( 12.0.0.6085 ), 0x41000 ( enabled : updated )
08:11:11.0031 0x078c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
08:11:11.0032 0x078c  FW detected via SS2: Trend Micro Personal Firewall,  (  ), 0x41010 ( enabled )
08:11:11.0172 0x078c  ============================================================
08:11:11.0172 0x078c  Scan finished
08:11:11.0172 0x078c  ============================================================
08:11:11.0178 0x204c  Detected object count: 1
08:11:11.0178 0x204c  Actual detected object count: 1
08:11:30.0602 0x204c  AgentUiRunKey ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:30.0602 0x204c  AgentUiRunKey ( UnsignedFile.Multi.Generic ) - User select action: Skip

M-K-D-B · 02.03.2017, 13:44

Servus,

die Einträge in der Hosts Datei stammen von dir?

Zitat:

10.110.68.93 v65.sap-labor.steria-mummert.de
52.28.180.197 v71.sap-labor.aws.internal # V71 IFRS 1&1

Wir führen AdwCleaner, MBAM und JRT erst nochmal aus.
Aber bitte genau so ausführen wie ich es poste!

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

zoror · 02.03.2017, 14:40

Hi Matthias,

also die Einträge sind von mir. Paar Fragen hätte ich:

-Können die Dateien in der Quarantäne gelöscht werden?
-Mein Firefox startet nicht mehr. "Konfigurationsdatei defekt" Kann ich alles deinstallieren? (Komplette APPDATA, Installation, Programmfiles)
-Ich konnte leider das Antivirus nicht deaktivieren. (Firmenrechner mit Privatnutzung) Trotzdem okay?

Folgende die Logs:
AdwCleaner:

Code:

ATTFilter

# AdwCleaner v6.044 - Bericht erstellt am 02/03/2017 um 13:55:19
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-01.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : XXX - XXX
# Gestartet von : D:\Users\XXX\Desktop\adwcleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****



***** [ Dateien ] *****

[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****



***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

D:\AdwCleaner\AdwCleaner[C0].txt - [4283 Bytes] - [27/02/2017 11:52:18]
D:\AdwCleaner\AdwCleaner[C2].txt - [1378 Bytes] - [02/03/2017 13:55:19]
D:\AdwCleaner\AdwCleaner[S0].txt - [4035 Bytes] - [27/02/2017 11:52:00]
D:\AdwCleaner\AdwCleaner[S1].txt - [1516 Bytes] - [28/02/2017 12:42:29]
D:\AdwCleaner\AdwCleaner[S2].txt - [1753 Bytes] - [02/03/2017 13:54:54]

########## EOF - D:\AdwCleaner\AdwCleaner[C2].txt - [1670 Bytes] ##########

MBAM:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 02.03.17
Scan-Zeit: 13:59
Protokolldatei: MBAM.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1402
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 408414
Abgelaufene Zeit: 6 Min., 17 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.DailyWiki, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\only-newsorggrowsm, In Quarantäne, [5454], [376106],1.0.1402
PUP.Optional.DailyWiki, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8067E513-9FF7-4072-BFCE-8DCF7E2F4BFD}, In Quarantäne, [5454], [376105],1.0.1402

Registrierungswert: 1
PUP.Optional.DailyWiki, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8067E513-9FF7-4072-BFCE-8DCF7E2F4BFD}|PATH, In Quarantäne, [5454], [376105],1.0.1402

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.DailyWiki, C:\WINDOWS\SYSTEM32\TASKS\only-newsorggrowsm, In Quarantäne, [5454], [376107],1.0.1402

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64 
Ran by XXX (Administrator) on 02.03.2017 at 14:23:10,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10 

Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B656I01X (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6ARLSL2 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBFO97L0 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSW3EWPW (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U11M34QG (Temporary Internet Files Folder) 
Successfully deleted: D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B656I01X (Temporary Internet Files Folder) 
Successfully deleted: D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6ARLSL2 (Temporary Internet Files Folder) 
Successfully deleted: D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBFO97L0 (Temporary Internet Files Folder) 
Successfully deleted: D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSW3EWPW (Temporary Internet Files Folder) 
Successfully deleted: D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U11M34QG (Temporary Internet Files Folder) 

Deleted the following from D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2ib3025l.default-1488457660529\prefs.js
user_pref(extensions.leechblock.sites1, *only-news.org* b2.ijquery11.com* www.Insightlk.com* www.onyl-news.org* www.plarium.com* www.wonderlandsads.com*);



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2017 at 14:26:31,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
durchgeführt von XXX (Administrator) auf MC00022820 (02-03-2017 14:30:24)
Gestartet von D:\Users\XXX\Desktop
Geladene Profile: XXX &  (Verfügbare Profile: XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Windows\System32\dgagent\dsagent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe
(Trend Micro Inc.) C:\Windows\System32\ShowMsg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Autonomy Inc.) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-10-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe [1414944 2013-11-12] (Autonomy Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503096 2016-09-30] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {0e77388a-78b7-11e4-b1ba-00a0c6000012} - F:\Autorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {e5ea185a-1d65-11e4-bba1-806e6f6e6963} - E:\SMS\bin\i386\TSMBAutorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll.INACTIVE
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{23F19CDE-3C6F-4ADB-95A0-10C85795AD63}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3EECC2C4-79E1-479C-8452-8788DB61E1C0}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{8F6D75BA-C493-473F-A755-73E356CBFEA7}: [DhcpNameServer] 10.110.25.7 10.110.14.7 10.2.92.17 10.1.11.130

Internet Explorer:
==================
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.corp.sopra
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
URLSearchHook: [S-1-5-21-3113988489-2351696136-3761002224-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\WINDOWS\TEMP\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://otevpn3.ote.gr/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\WINDOWS\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://alm12prod.corp.sopra:8080/qcbin/ALM-Platform-Loader.12.2x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\WINDOWS\TEMP\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\WINDOWS\TEMP\f5tmp\f5syschk.cab
DPF: HKLM-x32 {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://alm.steria.com:8080/qcbin/ALM-Platform-Loader.11.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2ib3025l.default-1488457660529 [2017-03-02]
FF Extension: (LeechBlock) - D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2ib3025l.default-1488457660529\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-02]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260904419-1400770398-4175912926-321081: LWAPlugin15.8 -> D:\Users\XXX\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [Keine Datei]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2012-07-01] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7213344 2013-11-12] (Autonomy Corporation plc)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842344 2014-06-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [634024 2014-06-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R3 DSASvc; C:\WINDOWS\system32\dgagent\DSAGENT.exe [8696320 2016-11-14] (Trend Micro Inc.)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2015-08-10] (F5 Networks, Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [Datei ist nicht signiert]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [192104 2013-11-22] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4456040 2013-11-22] (IBM)
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5695536 2016-09-30] (Trend Micro Inc.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-10-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2015-01-26] (Realtek Semiconductor.) [Datei ist nicht signiert]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2014-06-22] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-09-07] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [852648 2016-09-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5309680 2016-09-30] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [601360 2015-05-14] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-06] (Microsoft Corporation)
S3 Smcinst; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\SmcLU\Setup\smcinst.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 btmaudio; C:\WINDOWS\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-10] (F5 Networks, Inc.)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2013-10-31] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [2261464 2013-10-31] (Realtek Semiconductor Corp.)
S3 JabraDFU; C:\WINDOWS\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2015-01-26] (GN Netcom A/S)
R2 LV_Tracker; C:\WINDOWS\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
R3 O2FJ2RDR; C:\WINDOWS\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-10-31] (O2Micro )
R3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R2 SAKFile; C:\WINDOWS\System32\drivers\sakfile.sys [122080 2016-11-14] (Trend Micro Inc.)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 ST_Accel; C:\WINDOWS\System32\DRIVERS\ST_Accel.sys [89312 2013-10-31] (STMicroelectronics)
R3 swg3kmbb05; C:\WINDOWS\System32\DRIVERS\swg3kmbb05.sys [482608 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3knmea05; C:\WINDOWS\System32\DRIVERS\swg3knmea05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3kser05; C:\WINDOWS\System32\DRIVERS\swg3kser05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swibus05; C:\WINDOWS\System32\DRIVERS\swibus05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R3 swibusflt05; C:\WINDOWS\System32\DRIVERS\swibusflt05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [128736 2016-10-05] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [322768 2016-08-26] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [86752 2016-10-05] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [157432 2015-06-16] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102624 2016-09-22] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [290296 2015-06-16] (Trend Micro Inc.)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpnv64.sys [45776 2012-04-06] (F5 Networks, Inc.)
S1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R2 VMparport; C:\WINDOWS\system32\drivers\VMparport.sys [32472 2015-06-24] (VMware, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-02 14:30 - 2017-03-02 14:30 - 00033902 _____ D:\Users\XXX\Desktop\FRST.txt
2017-03-02 14:21 - 2017-03-01 11:55 - 01663736 _____ (Malwarebytes) D:\Users\XXX\Desktop\JRT.exe
2017-03-02 13:49 - 2017-03-02 13:49 - 04031440 _____ D:\Users\XXX\Desktop\adwcleaner_6.044.exe
2017-03-02 08:09 - 2017-03-02 08:12 - 00484914 _____ C:\TDSSKiller.3.1.0.12_02.03.2017_08.09.45_log.txt
2017-03-02 08:04 - 2017-03-02 14:30 - 00000000 ____D C:\FRST
2017-03-02 08:02 - 2017-03-02 08:02 - 04747704 _____ (AO Kaspersky Lab) D:\Users\XXX\Desktop\tdsskiller.exe
2017-03-02 08:02 - 2017-03-02 08:02 - 02423808 _____ (Farbar) D:\Users\XXX\Desktop\FRST64.exe
2017-03-02 07:49 - 2017-03-02 13:57 - 00000000 ____D D:\Users\XXX\Desktop\Virus
2017-03-01 17:55 - 2017-03-01 17:55 - 00259584 _____ (OldTimer Tools) D:\Users\XXX\Downloads\OTH.scr
2017-03-01 12:10 - 2017-03-01 12:10 - 00001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2017-03-01 12:08 - 2017-03-01 12:08 - 04999096 _____ D:\Users\XXX\Downloads\ausetup_5.3.1.21.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 02870984 _____ (ESET) D:\Users\XXX\Downloads\esetsmartinstaller_deu.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 00465536 _____ (Bleeping Computer, LLC) D:\Users\XXX\Downloads\sc-cleaner.exe
2017-03-01 11:55 - 2017-03-01 11:55 - 01663736 _____ (Malwarebytes) D:\Users\XXX\Downloads\JRT.exe
2017-03-01 07:48 - 2017-03-01 07:48 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Mozilla
2017-03-01 07:48 - 2017-03-01 07:48 - 00000000 ____D D:\Users\XXX\AppData\Local\Mozilla
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barco
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\Program Files (x86)\Barco
2017-03-01 07:43 - 2017-03-02 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-01 07:43 - 2017-03-01 07:43 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-01 07:43 - 2017-03-01 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-28 17:09 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-28 13:59 - 2017-02-28 13:59 - 00054186 _____ D:\Users\XXX\Desktop\bookmarks-2017-02-28.json
2017-02-28 13:58 - 2017-02-28 13:58 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-28 13:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-28 13:57 - 2017-02-28 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-28 13:57 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 13:54 - 2017-02-28 13:56 - 46525608 _____ (Safer-Networking Ltd. ) D:\Users\XXX\Downloads\spybot-2.4.exe
2017-02-28 13:52 - 2017-03-02 14:20 - 00081696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-28 13:52 - 2017-03-02 14:19 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 13:52 - 2017-03-02 14:19 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-28 13:52 - 2017-03-02 14:19 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-28 13:52 - 2017-03-01 08:19 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-28 13:51 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-28 13:06 - 2017-02-28 13:07 - 55566792 _____ (Malwarebytes ) D:\Users\XXX\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-28 12:55 - 2017-02-28 12:55 - 00388608 _____ (Trend Micro Inc.) D:\Users\XXX\Downloads\HijackThis.exe
2017-02-28 12:41 - 2017-02-28 12:41 - 04015056 _____ D:\Users\XXX\Downloads\AdwCleaner_6.043.exe
2017-02-28 07:28 - 2017-02-28 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D D:\Users\XXX\Documents\My Cheat Tables
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-02-27 16:49 - 2017-02-27 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_Vorlagen 6.28 für Office 2010
2017-02-27 15:35 - 2017-02-27 15:35 - 00379520 _____ C:\WINDOWS\ntbtlog.txt
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Unity
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\Local\Unity
2017-02-27 10:15 - 2017-02-27 10:15 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Cheat Happens
2017-02-27 09:02 - 2017-02-27 09:02 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Jujubee S_A_
2017-02-27 08:07 - 2017-02-27 08:07 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\CEF
2017-02-27 07:50 - 2017-03-02 10:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-27 07:50 - 2017-02-27 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-22 15:45 - 2017-02-22 15:45 - 00000000 ____D D:\Users\XXX\Desktop\Belege Reisekostenabrechnung
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-21 13:46 - 2017-02-21 13:46 - 00000353 _____ D:\Users\XXX\Documents\Beispiel Kennzahlenimport.csv
2017-02-17 06:27 - 2017-02-23 20:06 - 00011994 _____ D:\Users\XXX\Documents\Autokalkulation.xlsx
2017-02-17 06:27 - 2017-02-17 06:35 - 00011503 _____ D:\Users\XXX\Documents\33716BB0.tmp
2017-02-17 06:27 - 2017-02-17 06:27 - 00000165 ____H D:\Users\XXX\Documents\~$Autokalkulation.xlsx
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-04 17:19 - 2017-02-04 17:19 - 00851608 _____ C:\WINDOWS\Minidump\020417-9625-01.dmp
2017-02-02 11:44 - 2017-02-02 11:44 - 00009431 _____ D:\Users\XXX\Documents\Mappe1.xlsx
2017-01-31 09:30 - 2017-01-31 09:30 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2017-01-31 09:30 - 2017-01-31 09:30 - 00000000 ____D C:\WINDOWS\system32\tmumh

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-02 14:26 - 2016-05-02 11:22 - 00001218 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-02 14:21 - 2011-04-12 08:26 - 00718418 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-02 14:21 - 2011-04-12 08:26 - 00156816 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-02 14:21 - 2009-07-14 06:13 - 01672678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-02 14:21 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-02 14:19 - 2017-01-29 10:40 - 00000000 ____D C:\WINDOWS\system32\dgagent
2017-03-02 14:19 - 2016-05-02 11:22 - 00001214 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-02 14:19 - 2014-10-01 17:25 - 00000638 _____ C:\WINDOWS\SMSCFG.INI
2017-03-02 14:06 - 2015-11-30 12:18 - 00000000 ____D C:\ProgramData\VMware
2017-03-02 14:06 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 14:06 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 14:06 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 13:43 - 2014-10-01 17:27 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-02 13:28 - 2016-05-02 09:01 - 00000000 ____D D:\Users\XXX\AppData\Roaming\KeePass
2017-03-02 09:16 - 2014-12-04 21:32 - 00000000 ____D C:\WINDOWS\SecurityCompliance
2017-03-01 07:39 - 2014-10-01 17:24 - 00001128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-02-28 20:40 - 2017-01-30 08:11 - 00011907 _____ C:\WINDOWS\cfgall.ini
2017-02-28 11:06 - 2014-10-01 19:13 - 00101725 __RSH C:\ProgramData\ntuser.pol
2017-02-28 07:28 - 2016-05-02 11:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 17:33 - 2016-10-31 08:25 - 00000000 ____D D:\Users\XXX\Desktop\Test_CSV
2017-02-27 17:29 - 2015-01-23 10:45 - 00000000 ____D D:\Users\XXX\Desktop\Dokumentenablage Desktop
2017-02-27 17:00 - 2014-10-02 09:19 - 00000000 ____D D:\Users\XXX
2017-02-27 16:49 - 2014-10-01 17:26 - 00000000 ____D C:\WINDOWS\ccmcache
2017-02-27 16:26 - 2014-10-02 09:19 - 00015328 __RSH D:\Users\XXX\ntuser.pol
2017-02-27 15:54 - 2015-06-30 12:55 - 00000000 ____D C:\Program Files\Freedom Scientific
2017-02-27 15:48 - 2009-07-14 06:08 - 00032632 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-02-27 08:04 - 2016-05-03 12:40 - 00000000 ____D C:\WINDOWS\pss
2017-02-27 07:55 - 2015-09-22 15:48 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2017-02-23 15:14 - 2016-08-24 08:14 - 00000000 ____D D:\Users\XXX\Desktop\TEMP
2017-02-23 14:38 - 2015-01-12 14:10 - 00000000 ____D C:\tmp
2017-02-23 13:26 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Local\VMware
2017-02-23 12:37 - 2009-07-14 06:32 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-23 12:34 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Roaming\VMware
2017-02-15 07:43 - 2014-10-01 17:27 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-15 07:43 - 2014-10-01 17:27 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 07:43 - 2014-10-01 17:27 - 00003822 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-07 09:32 - 2014-10-21 19:19 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 17:19 - 2015-04-27 07:42 - 1162779313 _____ C:\WINDOWS\MEMORY.DMP
2017-02-04 17:19 - 2015-04-27 07:42 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 12:45 - 2015-03-06 08:53 - 00000000 ____D D:\Users\XXX\Desktop\Notepad
2017-02-01 10:11 - 2015-09-08 18:22 - 00000000 ____D D:\Users\XXX\AppData\Local\ElevatedDiagnostics
2017-02-01 10:11 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-01 17:53 - 2014-10-01 17:53 - 0000872 _____ () C:\ProgramData\NCIDebug.log

Einige Dateien in TEMP:
====================
2017-03-02 07:44 - 2017-03-02 07:44 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\4nw5kdhv.dll
2017-03-02 13:57 - 2017-03-02 13:57 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\fezwey5d.dll
2017-03-02 14:19 - 2017-03-02 14:19 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\gbsnspko.dll
2017-03-01 13:59 - 2017-03-01 13:59 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\ikttexnb.dll
2017-03-01 13:59 - 2017-03-02 14:19 - 0011776 _____ () D:\Users\XXX\AppData\Local\Temp\Microsoft.GeneratedCode.dll
2012-07-20 04:05 - 2012-07-20 04:05 - 75674640 ____R () D:\Users\XXX\AppData\Local\Temp\Setup.exe
2017-03-01 17:15 - 2017-03-01 17:15 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\stcue2qu.dll
2017-03-01 07:47 - 2017-03-01 07:47 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\vof3im5k.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-22 12:44

==================== Ende von FRST.txt ============================

Additional:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-03-2017
durchgeführt von XXX (02-03-2017 14:30:45)
Gestartet von D:\Users\XXX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-01 18:09:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3113988489-2351696136-3761002224-500 - Administrator - Enabled)
Gast (S-1-5-21-3113988489-2351696136-3761002224-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
FW: Trend Micro Personal Firewall (Disabled) {BA79574A-0BD2-4111-E9B9-4C4D19E825DB}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.2.1677 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALM-Platform Loader 12.2x (HKLM-x32\...\{F895EE9A-5B77-4C5E-ADBF-1C1037B6F19A}) (Version: 12.21.4389.0 - HP)
BIG-IP Component Installer (HKLM-x32\...\{FD351D58-7BAE-403D-98A4-683FE7298F01}) (Version: 70.2013.1115.1202 - F5 Networks)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0811.0317 - F5 Networks, Inc.)
Browser Settings (HKLM-x32\...\{B4853DBD-27A9-489F-B559-D25D1C4EB1D2}) (Version: 5.8.0 - DSI)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
ClickShare Launcher (HKLM-x32\...\{25E136CF-DAD8-48B5-A1DF-E236E1ECF627}) (Version: 1.9.0.2 - Barco N.V.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.0.2 - Autonomy Corporation plc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Folder Creation (x32 Version: 1.0.0 - GDS CoE, SopraSteria) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Greenshot 1.1.8.35 (HKLM\...\Greenshot_is1) (Version: 1.1.8.35 - Greenshot)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Lotus Notes 8.5.3 de (HKLM-x32\...\{122A716C-63AD-4F73-BDCD-309F0A799C91}) (Version: 8.53.11286 - IBM)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MDS Version 2.5 (HKLM-x32\...\{06128DD2-874A-4635-8890-A27ECB901B6F}_is1) (Version: 2.5 - ProLogic S.E. GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 45.6.0 ESR (x86 de) (HKLM-x32\...\Mozilla Firefox 45.6.0 ESR (x86 de)) (Version: 45.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
NICI U.S./Worldwide 2.77.2.0 (x64) (HKLM\...\{31173D4D-50FB-47B7-B7AC-622EDFA97B88}) (Version: 2.77.2.0 - Novell, Inc.)
NICI U.S./Worldwide 2.77.3.0 (x32) (HKLM-x32\...\{7BD5D2CC-3186-4FE9-921E-4C4F64C68CAF}) (Version: 2.77.3.0 - Novell, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
PDF24 Creator (HKLM-x32\...\{3CB29F1E-FF6F-40EC-88FC-09BCBEC97662}) (Version: 6.3.2 - www.pdf24.org)
PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RDP - via Citrix (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RDP - via Citrix) (Version: 1.0 - Delivered by Citrix)
Realpolitiks (HKLM\...\Steam App 553260) (Version:  - Jujubee S.A.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RemoteAccess A1 (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RemoteAccess A1) (Version: 1.0 - Delivered by Citrix)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 2 - SAP)
Security Compliance (x32 Version: 1.7.0 - Steria) Hidden
Self-Service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Show active Citrix Sessions (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.Show active Citrix Sessions) (Version: 1.0 - Delivered by Citrix)
Skype for Business Basic 2016 - de-de (HKLM\...\SkypeforBusinessEntryRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software)
Sopra Steria Office 2010 Templates (HKLM-x32\...\{73BE14F5-DBA1-424A-852A-C30D700A2F75}) (Version: 5.1.0.0 - GDS CoE, Steria)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSO Management (x32 Version: 1.6.0 - Sopra Steria) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steria Browser Settings - Germany (HKLM-x32\...\{C8EF86F1-DB02-4DA8-9F1E-1611BB00F2A1}) (Version: 1.00.0000 - GDS CoE, Steria)
Steria Customization (HKLM-x32\...\{4D03E58B-C5FD-4E0C-81A0-0118F1FDC3CD}) (Version: 2.5.0.0 - GDS CoE, Steria)
Steria Theme - Germany (HKLM-x32\...\{7947BC9E-3B19-4CBC-AFAB-143555A66F37}) (Version: 1.0.0 - GDS CoE, Steria)
Steria Theme - Group (HKLM\...\{01889ADA-B618-4DF3-9447-7262449D2D03}) (Version: 4.0.0 - GDS CoE, Steria)
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.44109 - TeamViewer)
TeamViewer 8 Host (MSI Wrapper) (HKLM-x32\...\{A8BCD0F9-F225-4C7C-B46E-F04079553507}) (Version: 8.0.44109 - TeamViewer)
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.6158 - Trend Micro Inc.)
Trend Micro OfficeScan Agent (x32 Version: 11.0.6158 - Trend Micro Inc.) Hidden
Visual Paradigm 12.2 (HKLM\...\1106-5897-7327-6550) (Version: 12.2 - Visual Paradigm International Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
Vorlagen 6.08 für Office 2010 (HKLM-x32\...\{392314EF-73F0-4F04-AEFB-CA635D98E424}) (Version: 6.8.0.0 - Sopra Steria GmbH)
Vorlagen 6.28 für Office 2010 (HKLM-x32\...\{BFBA74D8-6E64-4ABA-BE03-CA76E1B58E5C}) (Version: 6.28.0.0 - Sopra Steria GmbH)
WinRAR 5.40 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> D:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1B5B6600-CDE0-4D18-9136-190EC86190EA} - System32\Tasks\{C93DC0BC-58DE-4A5F-8154-FAA6DAF5FF91} => pcalua.exe -a D:\Users\XXX\Downloads\templates_scrapbook_collection_full.exe -d D:\Users\XXX\Downloads
Task: {2E1F5968-A7D5-4814-AC63-480DC994279D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6EF3968C-97B6-4C69-A5A7-4B095AFAF868} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)
Task: {771E622A-0451-409B-8366-CF73EDB81B74} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Start Workspace Runtime at logon
Task: {7D22B5B1-E0B7-4ABF-85E5-E4E0ADC824AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {8A3515AE-0D71-4758-82F2-0C27982F5997} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9B03BA62-3569-4269-A2CE-8B0870C51FFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9DD9BE81-CE92-4E70-969C-931AD9F29C83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9DE65B24-5196-4C64-97FE-C940723C0876} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {A0D641B6-D017-4E64-8A2C-B6B7C44DB49F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AB21DBCC-5A07-4F7C-B593-26E2C210336E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {AC4C0A15-B431-48B2-BF6E-3132981221FB} - System32\Tasks\{08A0304F-FDD6-4269-B68E-819F4B1F6E77} => pcalua.exe -a D:\Users\XXX\Downloads\template_calendar_notes.exe -d D:\Users\XXX\Downloads
Task: {E4750597-2244-4500-86F4-B8DFD75930E5} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Update connections => Rundll32.exe tsworkspace,TaskUpdateWorkspaces2
Task: {E756CC9C-F1DD-4941-9D92-3269EA0A4C7B} - System32\Tasks\{4C30F20C-5A99-40A3-98D9-20939F63F437} => pcalua.exe -a "D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\700IB44V\JavaSetup8u51.exe" -d D:\Users\XXX\Desktop
Task: {F38D0629-EC66-4720-A314-6979D43D4054} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Report update status => Rundll32.exe tsworkspace,WorkspaceStatusNotify2
Task: {F6A7DDA6-B372-416C-8FEA-1655AB539AD9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {FC488C2E-B744-4DE8-A659-2DC141F0BF52} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-13 14:27 - 2012-12-06 13:09 - 00136704 _____ () C:\WINDOWS\System32\zlhp1600.dll
2014-12-26 15:22 - 2014-12-26 15:22 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2007-05-16 10:42 - 2007-05-16 10:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2012-12-19 03:06 - 2012-12-19 03:06 - 01300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00026408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_system-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00058320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_57.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00686608 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00110320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00036160 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_chrono-vc110-mt-1_57.dll
2016-09-11 09:20 - 2016-09-11 09:20 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_49.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00712480 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Library.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00411936 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Resources.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00471840 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Controls.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00231200 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.Enterprise.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00052000 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.dll
2017-03-02 14:19 - 2017-03-02 14:19 - 00775680 _____ () D:\Users\XXX\AppData\Local\Temp\gbsnspko.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00183072 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\de-DE\Connected.Agent.UI.Resources.resources.dll
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00076576 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\SDK8.dll
2017-02-28 13:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-02-28 13:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-28 13:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\.DEFAULT\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\amadeus.com -> hxxps://amadeus.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\api.mykds.com -> hxxps://api.mykds.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\frvab-appone01 -> hxxp://frvab-appone01
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\gallery.mailchimp.com -> gallery.mailchimp.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sap.com -> hxxps://crmemeahub1.tdc.sap.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.com -> sopra.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.fr -> sopra.fr
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopragroup.com -> sopragroup.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\steria.com -> hxxps://remoteaccess.steria.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\w.mykds.com -> hxxps://w.mykds.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-02-03 09:37 - 2017-03-01 07:37 - 00000937 ____A C:\WINDOWS\system32\Drivers\etc\hosts

10.110.68.93	v65.sap-labor.steria-mummert.de
52.28.180.197   v71.sap-labor.aws.internal           # V71 IFRS 1&1

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\SopraSteria\wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClickShare Launcher.lnk => C:\WINDOWS\pss\ClickShare Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\WINDOWS\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\WINDOWS\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingSvc => D:\Users\XXX\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B08E6C6CDE2758572C4F043B5B3B8653 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Greenshot => C:\Program Files\Greenshot\Greenshot.exe
MSCONFIG\startupreg: HP LaserJet 200 color MFP M276 Series Fax => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 200 color MFP M276 Series Fax"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: WavesSvc => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CE59B08F-4AC0-4841-94A3-BDEEED727A58}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{3152DDED-EAC6-4C3B-B79C-531EF16A4E02}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [TCP Query User{0BCECE6C-547E-4459-BBF4-B4EAD5BD26E7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B1B522E-27AD-4D38-8E79-B811BFC89807}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{7BDBFB02-DDF7-4542-9CE4-FDA4433C09A2}] => (Allow) LPort=12345
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

02-03-2017 14:23:11 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/02/2017 02:19:29 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/02/2017 02:06:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/02/2017 02:06:55 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/02/2017 01:57:03 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/02/2017 01:56:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/02/2017 01:56:18 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/02/2017 07:48:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "d:\users\XXX\downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/02/2017 07:44:25 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/02/2017 07:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/02/2017 07:43:45 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (03/02/2017 02:20:58 PM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (03/02/2017 02:19:28 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: AD-ONE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/02/2017 02:19:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID 
{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}
 und APPID 
{AD65A69D-3831-40D7-9629-9B0B50A93843}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (03/02/2017 02:18:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
VBoxNetAdp

Error: (03/02/2017 02:18:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Malwarebytes Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/02/2017 02:07:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Malwarebytes Service erreicht.

Error: (03/02/2017 02:06:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/02/2017 02:06:47 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne AD-ONE aufgrund der folgenden
Ursache nicht einrichten: 
Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar.


Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (03/02/2017 02:05:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/02/2017 01:58:31 PM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4600M CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8097.27 MB
Verfügbarer physikalischer RAM: 5519.09 MB
Summe virtueller Speicher: 16192.71 MB
Verfügbarer virtueller Speicher: 13367.24 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:80 GB) (Free:10.32 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:158.47 GB) (Free:44.89 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A61E5F51)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=158.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B · 02.03.2017, 20:41

Servus,

Führe zuerst Schritt 1 aus und überprüfe, ob Firefox danach wieder funktioniert und gib mir Beschied.

Falls es nicht funktioniert, dann Firefox über die Systemsteuerung deinstallieren, alle privaten Daten/Einstellungen entfernen, dann Firefox neu installieren.

Dann geht es so weiter:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.corp.sopra
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2012-07-01] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

zoror · 03.03.2017, 09:49

Hi Matthias,

der Firefox funktioniert wieder

Ich werde am Samstag prüfen, ob ich noch Probleme habe und gebe dir spätestens Sonntag die Rückmeldung, ob alles in Ordnung ist oder eben nicht.

Nachfolgend die Logs:
Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-03-2017
durchgeführt von XXX (03-03-2017 07:28:10) Run:1
Gestartet von D:\Users\XXX\Desktop
Geladene Profile: XXX (Verfügbare Profile: XXX)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.corp.sopra
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2012-07-01] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich entfernt
C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js => erfolgreich verschoben

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9984686 B
Java, Flash, Steam htmlcache => 21475070 B
Windows/system/drivers => 1556671 B
Edge => 0 B
Chrome => 26153135 B
Firefox => 4263037 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 409247 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58594054 B
systemprofile32 => 66520 B
LocalService => 100082087 B
NetworkService => 0 B
XXX => 452750790 B
smc-install => 0 B

RecycleBin => 0 B
EmptyTemp: => 652 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 07:28:31 ====

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d4df62fee6e874ab099921ec6d261cd
# end=init
# utc_time=2017-03-03 06:37:17
# local_time=2017-03-03 07:37:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 32589
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d4df62fee6e874ab099921ec6d261cd
# end=updated
# utc_time=2017-03-03 06:41:24
# local_time=2017-03-03 07:41:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9d4df62fee6e874ab099921ec6d261cd
# engine=32589
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-03-03 07:31:32
# local_time=2017-03-03 08:31:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776637 100 94 81190556 240156142 0 0
# scanned=239452
# found=0
# cleaned=0
# scan_time=3008

Hitman:

Code:

ATTFilter

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : MC00022820
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : AD-ONE\XXX
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-03-03 09:33:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 19s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 2.331.663
   Files scanned . . . . : 34.951
   Remnants scanned  . . : 252.556 files / 2.044.156 keys

Suspicious files ____________________________________________________________

   D:\Users\XXX\Desktop\FRST64.exe
      Size . . . . . . . : 2.423.808 bytes
      Age  . . . . . . . : 1.1 days (2017-03-02 08:02:07)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 60B968082A72AB85CF54E6FF5EE03588CD1F6CA566CC7CCDE96AA4F6080083CF
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\Users\XXX\Desktop\FRST64.exe

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
durchgeführt von XXX (Administrator) auf XXX (03-03-2017 09:37:18)
Gestartet von D:\Users\XXX\Desktop
Geladene Profile: XXX &  (Verfügbare Profile: XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Trend Micro Inc.) C:\Windows\System32\dgagent\dsagent.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trend Micro Inc.) C:\Windows\System32\ShowMsg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Autonomy Inc.) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-10-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe [1414944 2013-11-12] (Autonomy Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503096 2016-09-30] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {0e77388a-78b7-11e4-b1ba-00a0c6000012} - F:\Autorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\MountPoints2: {e5ea185a-1d65-11e4-bba1-806e6f6e6963} - E:\SMS\bin\i386\TSMBAutorun.exe
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll.INACTIVE
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{23F19CDE-3C6F-4ADB-95A0-10C85795AD63}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3EECC2C4-79E1-479C-8452-8788DB61E1C0}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{8F6D75BA-C493-473F-A755-73E356CBFEA7}: [DhcpNameServer] 10.110.25.7 10.110.14.7 10.2.92.17 10.1.11.130

Internet Explorer:
==================
HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
URLSearchHook: [S-1-5-21-3113988489-2351696136-3761002224-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\WINDOWS\TEMP\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://otevpn3.ote.gr/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\WINDOWS\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://alm12prod.corp.sopra:8080/qcbin/ALM-Platform-Loader.12.2x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\WINDOWS\TEMP\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\WINDOWS\TEMP\f5tmp\f5syschk.cab
DPF: HKLM-x32 {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://alm.steria.com:8080/qcbin/ALM-Platform-Loader.11.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-10-31] (SAP, Walldorf)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll [2016-09-21] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-21] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg.dll [2015-06-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll [2015-06-17] (Trend Micro Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2ib3025l.default-1488457660529 [2017-03-03]
FF Extension: (LeechBlock) - D:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2ib3025l.default-1488457660529\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-02]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey [2017-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtensionOsprey
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260904419-1400770398-4175912926-321081: LWAPlugin15.8 -> D:\Users\XXX\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [Keine Datei]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Kein Name) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - D:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7213344 2013-11-12] (Autonomy Corporation plc)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842344 2014-06-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [634024 2014-06-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R3 DSASvc; C:\WINDOWS\system32\dgagent\DSAGENT.exe [8696320 2016-11-14] (Trend Micro Inc.)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2015-08-10] (F5 Networks, Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [Datei ist nicht signiert]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [192104 2013-11-22] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4456040 2013-11-22] (IBM)
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5695536 2016-09-30] (Trend Micro Inc.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2016-12-20] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-10-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2015-01-26] (Realtek Semiconductor.) [Datei ist nicht signiert]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2014-06-22] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-09-07] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [852648 2016-09-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5309680 2016-09-30] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [601360 2015-05-14] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-06] (Microsoft Corporation)
S3 Smcinst; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\SmcLU\Setup\smcinst.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 btmaudio; C:\WINDOWS\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-10] (F5 Networks, Inc.)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2013-10-31] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [2261464 2013-10-31] (Realtek Semiconductor Corp.)
S3 JabraDFU; C:\WINDOWS\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2015-01-26] (GN Netcom A/S)
R2 LV_Tracker; C:\WINDOWS\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
R3 O2FJ2RDR; C:\WINDOWS\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-10-31] (O2Micro )
R3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R2 SAKFile; C:\WINDOWS\System32\drivers\sakfile.sys [122080 2016-11-14] (Trend Micro Inc.)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 ST_Accel; C:\WINDOWS\System32\DRIVERS\ST_Accel.sys [89312 2013-10-31] (STMicroelectronics)
R3 swg3kmbb05; C:\WINDOWS\System32\DRIVERS\swg3kmbb05.sys [482608 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3knmea05; C:\WINDOWS\System32\DRIVERS\swg3knmea05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swg3kser05; C:\WINDOWS\System32\DRIVERS\swg3kser05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
R3 swibus05; C:\WINDOWS\System32\DRIVERS\swibus05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R3 swibusflt05; C:\WINDOWS\System32\DRIVERS\swibusflt05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [128736 2016-10-05] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [322768 2016-08-26] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [86752 2016-10-05] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [157432 2015-06-16] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [102624 2016-09-22] (Trend Micro Inc.)
R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [290296 2015-06-16] (Trend Micro Inc.)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpnv64.sys [45776 2012-04-06] (F5 Networks, Inc.)
S1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R2 VMparport; C:\WINDOWS\system32\drivers\VMparport.sys [32472 2015-06-24] (VMware, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-03 09:37 - 2017-03-03 09:37 - 00033728 _____ D:\Users\XXX\Desktop\FRST.txt
2017-03-03 09:32 - 2017-03-03 09:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-03 09:32 - 2017-03-03 09:31 - 11581544 _____ (SurfRight B.V.) D:\Users\XXX\Desktop\HitmanPro_x64.exe
2017-03-03 09:31 - 2017-03-03 09:31 - 11581544 _____ (SurfRight B.V.) D:\Users\XXX\Downloads\HitmanPro_x64.exe
2017-03-03 07:35 - 2017-03-01 12:03 - 02870984 _____ (ESET) D:\Users\XXX\Desktop\esetsmartinstaller_deu.exe
2017-03-03 07:34 - 2017-03-03 07:34 - 02870984 _____ (ESET) D:\Users\XXX\Downloads\esetsmartinstaller_deu (1).exe
2017-03-02 14:21 - 2017-03-01 11:55 - 01663736 _____ (Malwarebytes) D:\Users\XXX\Desktop\JRT.exe
2017-03-02 13:49 - 2017-03-02 13:49 - 04031440 _____ D:\Users\XXX\Desktop\adwcleaner_6.044.exe
2017-03-02 08:09 - 2017-03-02 08:12 - 00484914 _____ C:\TDSSKiller.3.1.0.12_02.03.2017_08.09.45_log.txt
2017-03-02 08:04 - 2017-03-03 09:37 - 00000000 ____D C:\FRST
2017-03-02 08:02 - 2017-03-02 08:02 - 04747704 _____ (AO Kaspersky Lab) D:\Users\XXX\Desktop\tdsskiller.exe
2017-03-02 08:02 - 2017-03-02 08:02 - 02423808 _____ (Farbar) D:\Users\XXX\Desktop\FRST64.exe
2017-03-02 07:49 - 2017-03-03 07:36 - 00000000 ____D D:\Users\XXX\Desktop\Virus
2017-03-01 17:55 - 2017-03-01 17:55 - 00259584 _____ (OldTimer Tools) D:\Users\XXX\Downloads\OTH.scr
2017-03-01 12:10 - 2017-03-01 12:10 - 00001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-03-01 12:10 - 2017-03-01 12:10 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2017-03-01 12:08 - 2017-03-01 12:08 - 04999096 _____ D:\Users\XXX\Downloads\ausetup_5.3.1.21.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 02870984 _____ (ESET) D:\Users\XXX\Downloads\esetsmartinstaller_deu.exe
2017-03-01 12:03 - 2017-03-01 12:03 - 00465536 _____ (Bleeping Computer, LLC) D:\Users\XXX\Downloads\sc-cleaner.exe
2017-03-01 11:55 - 2017-03-01 11:55 - 01663736 _____ (Malwarebytes) D:\Users\XXX\Downloads\JRT.exe
2017-03-01 07:48 - 2017-03-03 07:32 - 00000000 ____D D:\Users\XXX\AppData\Local\Mozilla
2017-03-01 07:48 - 2017-03-01 07:48 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Mozilla
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barco
2017-03-01 07:45 - 2017-03-01 07:45 - 00000000 ____D C:\Program Files (x86)\Barco
2017-03-01 07:43 - 2017-03-02 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-01 07:43 - 2017-03-01 07:43 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-01 07:43 - 2017-03-01 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-28 17:09 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-28 13:59 - 2017-02-28 13:59 - 00054186 _____ D:\Users\XXX\Desktop\bookmarks-2017-02-28.json
2017-02-28 13:58 - 2017-02-28 13:58 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-28 13:58 - 2017-02-28 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-28 13:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-28 13:57 - 2017-02-28 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-28 13:57 - 2017-02-28 17:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 13:54 - 2017-02-28 13:56 - 46525608 _____ (Safer-Networking Ltd. ) D:\Users\XXX\Downloads\spybot-2.4.exe
2017-02-28 13:52 - 2017-03-03 07:29 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 13:52 - 2017-03-03 07:29 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-28 13:52 - 2017-03-03 07:29 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-28 13:52 - 2017-03-03 07:29 - 00081696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-28 13:52 - 2017-03-03 07:29 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 13:51 - 2017-02-28 13:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-28 13:51 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-28 13:06 - 2017-02-28 13:07 - 55566792 _____ (Malwarebytes ) D:\Users\XXX\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-28 12:55 - 2017-02-28 12:55 - 00388608 _____ (Trend Micro Inc.) D:\Users\XXX\Downloads\HijackThis.exe
2017-02-28 12:41 - 2017-02-28 12:41 - 04015056 _____ D:\Users\XXX\Downloads\AdwCleaner_6.043.exe
2017-02-28 07:28 - 2017-02-28 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D D:\Users\XXX\Documents\My Cheat Tables
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-02-27 17:45 - 2017-02-27 17:45 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-02-27 16:49 - 2017-02-27 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_Vorlagen 6.28 für Office 2010
2017-02-27 15:35 - 2017-02-27 15:35 - 00379520 _____ C:\WINDOWS\ntbtlog.txt
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Unity
2017-02-27 11:14 - 2017-02-27 15:59 - 00000000 ____D D:\Users\XXX\AppData\Local\Unity
2017-02-27 10:15 - 2017-02-27 10:15 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Cheat Happens
2017-02-27 09:02 - 2017-02-27 09:02 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Jujubee S_A_
2017-02-27 08:07 - 2017-02-27 08:07 - 00000000 ____D D:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\Steam
2017-02-27 07:56 - 2017-02-27 07:56 - 00000000 ____D D:\Users\XXX\AppData\Local\CEF
2017-02-27 07:50 - 2017-03-02 10:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-27 07:50 - 2017-02-27 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-22 15:45 - 2017-02-22 15:45 - 00000000 ____D D:\Users\XXX\Desktop\Belege Reisekostenabrechnung
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 19:49 - 2017-02-21 19:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-21 13:46 - 2017-02-21 13:46 - 00000353 _____ D:\Users\XXX\Documents\Beispiel Kennzahlenimport.csv
2017-02-17 06:27 - 2017-02-23 20:06 - 00011994 _____ D:\Users\XXX\Documents\Autokalkulation.xlsx
2017-02-17 06:27 - 2017-02-17 06:35 - 00011503 _____ D:\Users\XXX\Documents\33716BB0.tmp
2017-02-17 06:27 - 2017-02-17 06:27 - 00000165 ____H D:\Users\XXX\Documents\~$Autokalkulation.xlsx
2017-02-09 09:33 - 2017-02-09 09:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 09:33 - 2017-02-09 09:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-04 17:19 - 2017-02-04 17:19 - 00851608 _____ C:\WINDOWS\Minidump\020417-9625-01.dmp
2017-02-02 11:44 - 2017-02-02 11:44 - 00009431 _____ D:\Users\XXX\Documents\Mappe1.xlsx

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-03 09:26 - 2016-05-02 11:22 - 00001218 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-03 09:26 - 2016-05-02 11:22 - 00001214 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-03 08:43 - 2014-10-01 17:27 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-03 07:50 - 2014-12-04 21:32 - 00000000 ____D C:\WINDOWS\SecurityCompliance
2017-03-03 07:39 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 07:39 - 2009-07-14 05:45 - 00029744 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 07:37 - 2011-04-12 08:26 - 00718418 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-03 07:37 - 2011-04-12 08:26 - 00156816 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-03 07:37 - 2009-07-14 06:13 - 01672678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 07:37 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf
2017-03-03 07:29 - 2017-01-29 10:40 - 00000000 ____D C:\WINDOWS\system32\dgagent
2017-03-03 07:29 - 2015-11-30 12:18 - 00000000 ____D C:\ProgramData\VMware
2017-03-03 07:29 - 2014-10-01 17:25 - 00000638 _____ C:\WINDOWS\SMSCFG.INI
2017-03-03 07:29 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 07:28 - 2016-08-24 08:50 - 00000000 ____D D:\Users\XXX\AppData\LocalLow\Temp
2017-03-02 13:28 - 2016-05-02 09:01 - 00000000 ____D D:\Users\XXX\AppData\Roaming\KeePass
2017-03-01 07:39 - 2014-10-01 17:24 - 00001128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-02-28 20:40 - 2017-01-30 08:11 - 00011907 _____ C:\WINDOWS\cfgall.ini
2017-02-28 11:06 - 2014-10-01 19:13 - 00101725 __RSH C:\ProgramData\ntuser.pol
2017-02-28 07:28 - 2016-05-02 11:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 17:33 - 2016-10-31 08:25 - 00000000 ____D D:\Users\XXX\Desktop\Test_CSV
2017-02-27 17:29 - 2015-01-23 10:45 - 00000000 ____D D:\Users\XXX\Desktop\Dokumentenablage Desktop
2017-02-27 17:00 - 2014-10-02 09:19 - 00000000 ____D D:\Users\XXX
2017-02-27 16:49 - 2014-10-01 17:26 - 00000000 ____D C:\WINDOWS\ccmcache
2017-02-27 16:26 - 2014-10-02 09:19 - 00015328 __RSH D:\Users\XXX\ntuser.pol
2017-02-27 15:54 - 2015-06-30 12:55 - 00000000 ____D C:\Program Files\Freedom Scientific
2017-02-27 15:48 - 2009-07-14 06:08 - 00032632 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-02-27 08:04 - 2016-05-03 12:40 - 00000000 ____D C:\WINDOWS\pss
2017-02-27 07:55 - 2015-09-22 15:48 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2017-02-23 15:14 - 2016-08-24 08:14 - 00000000 ____D D:\Users\XXX\Desktop\TEMP
2017-02-23 14:38 - 2015-01-12 14:10 - 00000000 ____D C:\tmp
2017-02-23 13:26 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Local\VMware
2017-02-23 12:37 - 2009-07-14 06:32 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-23 12:34 - 2015-11-30 12:20 - 00000000 ____D D:\Users\XXX\AppData\Roaming\VMware
2017-02-15 07:43 - 2014-10-01 17:27 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-15 07:43 - 2014-10-01 17:27 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 07:43 - 2014-10-01 17:27 - 00003822 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 07:43 - 2014-10-01 17:27 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-07 09:32 - 2014-10-21 19:19 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 17:19 - 2015-04-27 07:42 - 1162779313 _____ C:\WINDOWS\MEMORY.DMP
2017-02-04 17:19 - 2015-04-27 07:42 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 12:45 - 2015-03-06 08:53 - 00000000 ____D D:\Users\XXX\Desktop\Notepad
2017-02-01 10:11 - 2015-09-08 18:22 - 00000000 ____D D:\Users\XXX\AppData\Local\ElevatedDiagnostics
2017-02-01 10:11 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-01 17:53 - 2014-10-01 17:53 - 0000872 _____ () C:\ProgramData\NCIDebug.log

Einige Dateien in TEMP:
====================
2017-03-03 07:30 - 2017-03-03 07:30 - 0775680 _____ () D:\Users\XXX\AppData\Local\Temp\dgpjwero.dll
2017-03-03 07:30 - 2017-03-03 07:30 - 0011776 _____ () D:\Users\XXX\AppData\Local\Temp\Microsoft.GeneratedCode.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-22 12:44

==================== Ende von FRST.txt ============================

Addtion:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-03-2017
durchgeführt von XXX (03-03-2017 09:37:41)
Gestartet von D:\Users\XXX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-01 18:09:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3113988489-2351696136-3761002224-500 - Administrator - Enabled)
Gast (S-1-5-21-3113988489-2351696136-3761002224-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}
FW: Trend Micro Personal Firewall (Enabled) {BA79574A-0BD2-4111-E9B9-4C4D19E825DB}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.2.1677 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALM-Platform Loader 12.2x (HKLM-x32\...\{F895EE9A-5B77-4C5E-ADBF-1C1037B6F19A}) (Version: 12.21.4389.0 - HP)
BIG-IP Component Installer (HKLM-x32\...\{FD351D58-7BAE-403D-98A4-683FE7298F01}) (Version: 70.2013.1115.1202 - F5 Networks)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0811.0317 - F5 Networks, Inc.)
Browser Settings (HKLM-x32\...\{B4853DBD-27A9-489F-B559-D25D1C4EB1D2}) (Version: 5.8.0 - DSI)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
ClickShare Launcher (HKLM-x32\...\{25E136CF-DAD8-48B5-A1DF-E236E1ECF627}) (Version: 1.9.0.2 - Barco N.V.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.0.2 - Autonomy Corporation plc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Folder Creation (x32 Version: 1.0.0 - GDS CoE, SopraSteria) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Greenshot 1.1.8.35 (HKLM\...\Greenshot_is1) (Version: 1.1.8.35 - Greenshot)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Lotus Notes 8.5.3 de (HKLM-x32\...\{122A716C-63AD-4F73-BDCD-309F0A799C91}) (Version: 8.53.11286 - IBM)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MDS Version 2.5 (HKLM-x32\...\{06128DD2-874A-4635-8890-A27ECB901B6F}_is1) (Version: 2.5 - ProLogic S.E. GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 45.6.0 ESR (x86 de) (HKLM-x32\...\Mozilla Firefox 45.6.0 ESR (x86 de)) (Version: 45.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
NICI U.S./Worldwide 2.77.2.0 (x64) (HKLM\...\{31173D4D-50FB-47B7-B7AC-622EDFA97B88}) (Version: 2.77.2.0 - Novell, Inc.)
NICI U.S./Worldwide 2.77.3.0 (x32) (HKLM-x32\...\{7BD5D2CC-3186-4FE9-921E-4C4F64C68CAF}) (Version: 2.77.3.0 - Novell, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
PDF24 Creator (HKLM-x32\...\{3CB29F1E-FF6F-40EC-88FC-09BCBEC97662}) (Version: 6.3.2 - www.pdf24.org)
PDF24 Creator 8.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RDP - via Citrix (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RDP - via Citrix) (Version: 1.0 - Delivered by Citrix)
Realpolitiks (HKLM\...\Steam App 553260) (Version:  - Jujubee S.A.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RemoteAccess A1 (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.RemoteAccess A1) (Version: 1.0 - Delivered by Citrix)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 2 - SAP)
Security Compliance (x32 Version: 1.7.0 - Steria) Hidden
Self-Service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Show active Citrix Sessions (HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\store-5c0ec3f7@@XA65.Show active Citrix Sessions) (Version: 1.0 - Delivered by Citrix)
Skype for Business Basic 2016 - de-de (HKLM\...\SkypeforBusinessEntryRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software)
Sopra Steria Office 2010 Templates (HKLM-x32\...\{73BE14F5-DBA1-424A-852A-C30D700A2F75}) (Version: 5.1.0.0 - GDS CoE, Steria)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSO Management (x32 Version: 1.6.0 - Sopra Steria) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steria Browser Settings - Germany (HKLM-x32\...\{C8EF86F1-DB02-4DA8-9F1E-1611BB00F2A1}) (Version: 1.00.0000 - GDS CoE, Steria)
Steria Customization (HKLM-x32\...\{4D03E58B-C5FD-4E0C-81A0-0118F1FDC3CD}) (Version: 2.5.0.0 - GDS CoE, Steria)
Steria Theme - Germany (HKLM-x32\...\{7947BC9E-3B19-4CBC-AFAB-143555A66F37}) (Version: 1.0.0 - GDS CoE, Steria)
Steria Theme - Group (HKLM\...\{01889ADA-B618-4DF3-9447-7262449D2D03}) (Version: 4.0.0 - GDS CoE, Steria)
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.44109 - TeamViewer)
TeamViewer 8 Host (MSI Wrapper) (HKLM-x32\...\{A8BCD0F9-F225-4C7C-B46E-F04079553507}) (Version: 8.0.44109 - TeamViewer)
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.6158 - Trend Micro Inc.)
Trend Micro OfficeScan Agent (x32 Version: 11.0.6158 - Trend Micro Inc.) Hidden
Visual Paradigm 12.2 (HKLM\...\1106-5897-7327-6550) (Version: 12.2 - Visual Paradigm International Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
Vorlagen 6.08 für Office 2010 (HKLM-x32\...\{392314EF-73F0-4F04-AEFB-CA635D98E424}) (Version: 6.8.0.0 - Sopra Steria GmbH)
Vorlagen 6.28 für Office 2010 (HKLM-x32\...\{BFBA74D8-6E64-4ABA-BE03-CA76E1B58E5C}) (Version: 6.28.0.0 - Sopra Steria GmbH)
WinRAR 5.40 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> D:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1B5B6600-CDE0-4D18-9136-190EC86190EA} - System32\Tasks\{C93DC0BC-58DE-4A5F-8154-FAA6DAF5FF91} => pcalua.exe -a D:\Users\XXX\Downloads\templates_scrapbook_collection_full.exe -d D:\Users\XXX\Downloads
Task: {2E1F5968-A7D5-4814-AC63-480DC994279D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6EF3968C-97B6-4C69-A5A7-4B095AFAF868} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)
Task: {771E622A-0451-409B-8366-CF73EDB81B74} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Start Workspace Runtime at logon
Task: {7D22B5B1-E0B7-4ABF-85E5-E4E0ADC824AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {8A3515AE-0D71-4758-82F2-0C27982F5997} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9B03BA62-3569-4269-A2CE-8B0870C51FFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9DD9BE81-CE92-4E70-969C-931AD9F29C83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9DE65B24-5196-4C64-97FE-C940723C0876} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {A0D641B6-D017-4E64-8A2C-B6B7C44DB49F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AB21DBCC-5A07-4F7C-B593-26E2C210336E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {AC4C0A15-B431-48B2-BF6E-3132981221FB} - System32\Tasks\{08A0304F-FDD6-4269-B68E-819F4B1F6E77} => pcalua.exe -a D:\Users\XXX\Downloads\template_calendar_notes.exe -d D:\Users\XXX\Downloads
Task: {E4750597-2244-4500-86F4-B8DFD75930E5} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Update connections => Rundll32.exe tsworkspace,TaskUpdateWorkspaces2
Task: {E756CC9C-F1DD-4941-9D92-3269EA0A4C7B} - System32\Tasks\{4C30F20C-5A99-40A3-98D9-20939F63F437} => pcalua.exe -a "D:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\700IB44V\JavaSetup8u51.exe" -d D:\Users\XXX\Desktop
Task: {F38D0629-EC66-4720-A314-6979D43D4054} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\andy.mueller@steria-mummert.de\Report update status => Rundll32.exe tsworkspace,WorkspaceStatusNotify2
Task: {F6A7DDA6-B372-416C-8FEA-1655AB539AD9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {FC488C2E-B744-4DE8-A659-2DC141F0BF52} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-13 14:27 - 2012-12-06 13:09 - 00136704 _____ () C:\WINDOWS\System32\zlhp1600.dll
2014-12-26 15:22 - 2014-12-26 15:22 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2007-05-16 10:42 - 2007-05-16 10:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2012-12-19 03:06 - 2012-12-19 03:06 - 01300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00712480 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Library.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00411936 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Resources.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00471840 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Controls.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00231200 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.Enterprise.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00052000 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Connected.Agent.UI.Common.dll
2017-03-03 07:30 - 2017-03-03 07:30 - 00775680 _____ () D:\Users\XXX\AppData\Local\Temp\dgpjwero.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00183072 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\de-DE\Connected.Agent.UI.Resources.resources.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00026408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_system-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00058320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_57.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00686608 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00110320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_57.dll
2015-03-31 19:08 - 2015-03-31 19:08 - 00036160 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_chrono-vc110-mt-1_57.dll
2016-09-11 09:20 - 2016-09-11 09:20 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-11-12 10:52 - 2013-11-12 10:52 - 00076576 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\SDK8.dll
2017-02-28 13:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-28 13:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-02-28 13:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-28 13:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:32 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\.DEFAULT\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\amadeus.com -> hxxps://amadeus.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\api.mykds.com -> hxxps://api.mykds.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\frvab-appone01 -> hxxp://frvab-appone01
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\gallery.mailchimp.com -> gallery.mailchimp.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\microsoftonline.com -> hxxps://microsoftonline.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sap.com -> hxxps://crmemeahub1.tdc.sap.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sharepoint.com -> hxxps://steria.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.com -> sopra.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopra.fr -> sopra.fr
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\sopragroup.com -> sopragroup.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\steria.com -> hxxps://remoteaccess.steria.com
IE trusted site: HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\...\w.mykds.com -> hxxps://w.mykds.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-02-03 09:37 - 2017-03-01 07:37 - 00000937 ____A C:\WINDOWS\system32\Drivers\etc\hosts

10.110.68.93	v65.sap-labor.steria-mummert.de
52.28.180.197   v71.sap-labor.aws.internal           # V71 IFRS 1&1

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2260904419-1400770398-4175912926-321081\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\SopraSteria\wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClickShare Launcher.lnk => C:\WINDOWS\pss\ClickShare Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\WINDOWS\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: D:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\WINDOWS\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingSvc => D:\Users\XXX\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B08E6C6CDE2758572C4F043B5B3B8653 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Greenshot => C:\Program Files\Greenshot\Greenshot.exe
MSCONFIG\startupreg: HP LaserJet 200 color MFP M276 Series Fax => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 200 color MFP M276 Series Fax"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: WavesSvc => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CE59B08F-4AC0-4841-94A3-BDEEED727A58}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{3152DDED-EAC6-4C3B-B79C-531EF16A4E02}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [TCP Query User{0BCECE6C-547E-4459-BBF4-B4EAD5BD26E7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B1B522E-27AD-4D38-8E79-B811BFC89807}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{49D7E629-3716-409C-8782-33AAA4F5A0FF}] => (Allow) LPort=12345
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

02-03-2017 14:23:11 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/03/2017 09:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:37:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:37:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:37:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:35:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:34:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "D:\Users\XXX\Downloads\esetsmartinstaller_deu (1).exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/03/2017 07:30:02 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (03/03/2017 07:29:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/03/2017 07:29:18 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/03/2017 07:23:21 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: Bei der automatischen Zertifikatregistrierung für AD-ONE\XXX ist ein Fehler aufgetreten (0x8007003a) Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.


Systemfehler:
=============
Error: (03/03/2017 07:41:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/03/2017 07:41:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Users\XXX\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/03/2017 07:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/03/2017 07:41:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Users\XXX\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/03/2017 07:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/03/2017 07:41:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Users\XXX\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/03/2017 07:38:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/03/2017 07:38:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Users\XXX\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/03/2017 07:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/03/2017 07:38:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Users\XXX\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4600M CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 8097.27 MB
Verfügbarer physikalischer RAM: 5091.21 MB
Summe virtueller Speicher: 16192.71 MB
Verfügbarer virtueller Speicher: 12745.38 MB

==================== Laufwerke ================================

Drive c: (WINDOWS) (Fixed) (Total:80 GB) (Free:9.99 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:158.47 GB) (Free:45.39 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A61E5F51)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=158.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B · 03.03.2017, 13:30

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

zoror · 05.03.2017, 12:55

Danke, es treten keine Probleme mehr auf. Thema ist somit geschlossen. Ein kleines Dankeschön habe ich euch zukommen lassen

M-K-D-B · 05.03.2017, 20:42

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Browser öffnet automatisch (Wonderlandsads.com)

Plagegeister aller Art und deren Bekämpfung: Browser öffnet automatisch (Wonderlandsads.com)