Windows 7 - PC nach gestrigem Java Update gestört. "Virus"?

M-K-D-B · 11.03.2017, 12:49

Servus,

ok, dann kannst du das mit Java vergessen, wenn die Browser es nicht mehr unterstützen. Dann läuft das wohl alles direkt über den Browser.

Zitat:

- Momentan hab ich Emsisoft laufen, ist noch die Testversion. Was würdest du mir empfehlen?

Tipps habe ich dir doch schon mit meinem letzten Post geschickt. Bleib bei Emsisoft, MBAM und AdwCleaner (beide kostenlos) noch dazu, ab und zu (1x pro Woche) den Rechner damit überprüfen.

Zitat:

- AdBlock Plus und NoScript sind **.xpi-Dateien, die kann der PC derzeit nicht öffnen. Was kann ich mir wo gefahrlos runterladen, um sie entpacken zu können?

Einfach FF starten und eine .xpi Datei in das geöffnete Firefox Fenster ziehen und dort loslassen, dann solltest du eine Meldung bekommen, die Installation erlauben.

==============================================================================

Klar können wir wegen dem Laptop noch schauen.

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Anni265 · 11.03.2017, 20:55

Hallo

Hier die FRST/Addition:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
durchgeführt von mautzi (Administrator) auf MAUZIMOBIL (11-03-2017 20:46:29)
Gestartet von D:\Downloads
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(Google Inc.) C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD16\Common\CLMPSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8266912 2017-02-28] (Emsisoft Ltd)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-06] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-12-29] (CyberLink Corp.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Google Update] => C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{40004EB2-6A31-4ABA-96F0-E5D279529049}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 - (Kein Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-18] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @Google.com/GoogleEarthPlugin -> C:\Users\mautzi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT","hxxp://www.web.de/"
CHR DefaultSearchURL: Default -> hxxp://www.startfenster.de/suche/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Startfenster
CHR DefaultSuggestURL: Default -> hxxp://www.startfenster.de/api/?q={searchTerms}&language={lang}
CHR Profile: C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Präsentationen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Tabellen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Google Mail) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [djhangopedggnlnicpbjklghlckmndge] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9655648 2017-02-28] (Emsisoft Ltd)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-11 20:45 - 2017-03-11 20:46 - 00000000 ____D C:\FRST
2017-02-25 12:24 - 2017-02-25 12:24 - 00610300 _____ C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-11 20:50 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 20:50 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 20:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-05 01:55 - 2016-08-23 11:24 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-02-27 22:36 - 2014-08-30 16:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 22:35 - 2014-08-30 16:21 - 00000000 ____D C:\ProgramData\Lexware
2017-02-27 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-25 12:24 - 2017-02-25 12:24 - 0610300 _____ () C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2011-06-09 21:42 - 2011-06-09 21:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-06 11:32 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-05-18 20:17 - 2011-05-18 21:11 - 0000316 _____ () C:\ProgramData\hpzinstall.log
2010-10-06 11:21 - 2010-10-06 11:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-06 11:21 - 2010-10-06 11:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-24 22:29

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
durchgeführt von mautzi (11-03-2017 20:52:01)
Gestartet von D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-04 16:11:39)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1083607986-3899408646-1555014007-500 - Administrator - Disabled)
Gast (S-1-5-21-1083607986-3899408646-1555014007-501 - Limited - Disabled)
mautzi (S-1-5-21-1083607986-3899408646-1555014007-1001 - Administrator - Enabled) => C:\Users\mautzi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Emsisoft Anti-Malware (Enabled - Out of date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.2406.60 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{7f65fe7f-fcc6-4c75-b83f-837e06afbc8c}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0890A5E5-FF51-4E0F-A4AB-4AC789175AE5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {149F6808-81A7-4FAD-8E4C-697585B4D5E9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {19B8A92E-63F6-4649-AD50-E9FCE74F754C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {1E78448C-5C6B-4B94-A1E9-0C878CC56D7E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {B102A43B-6D7E-4FB2-B413-4A9153B8FA34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001Core => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C2C6D31E-3173-4441-99B5-9C9411515DDD} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {D395BC04-8D8D-47A6-A61E-E9E4D29405C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3CCE98F-F26B-4F16-A9A7-4155D106905E} - System32\Tasks\{1C81B350-A6E0-4509-B9BF-3CDAB0DD8F5D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe 
Task: {F2D19DFC-311F-4D9A-9256-7F4931474470} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe 
Task: {FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} - System32\Tasks\{EC608DBC-556D-47F4-982C-C3562E422181} => pcalua.exe -a E:\Install_CD.exe -d E:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-10-06 11:54 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mautzi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{992B8816-A37A-48F2-AFC9-31386E7006A7}] => (Allow) LPort=5353
FirewallRules: [{06FA7406-8771-4464-BD0C-541CDDB35E30}] => (Allow) LPort=8182
FirewallRules: [{E972B106-8F08-443D-A679-9EFECFB46805}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5BFB44CC-2EF2-49D9-90B1-EEEEEE400507}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{99710056-08D1-4249-9D0A-1468B7DD13B5}] => (Allow) svchost.exe
FirewallRules: [{4E665AFC-E9E3-4F66-9FE7-914484CD9F5E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{DDB51E26-2AB4-4FF6-BEF7-87CA9371FF6A}C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe] => (Allow) C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{6A77191E-7B80-4A46-9840-074760F86FB6}C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe] => (Allow) C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe
FirewallRules: [{2D0623DB-54CB-4607-833C-9EE6FC7286F6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{871C7514-3D34-443E-8100-05AD19C4F0A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B7BBB13C-67FC-4FCF-8C5B-EAD974CF3CD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{986FF5DD-D87F-4BD8-BDDE-3E848328EBBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{35D1E778-F87F-4A55-A65F-103B44604261}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DF6EDDE2-B78B-4DE8-98FA-0F2E60014721}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6E8C5C22-914E-4FB9-BFB9-12A564AB3A97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B46A7E6-A787-4944-891D-89805D956F2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{312B8F1D-6103-4C99-BE88-C7D3CDDD717F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{48845745-DF22-492E-A1B4-A5BC58434ECA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CE9FB180-C9DF-4467-98D3-5EAEEF414734}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{45FCECB5-AC2A-485B-951A-0F4303AB3CF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F3589D56-82A6-4D39-8E82-42E82844D215}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{F5E0D7BA-C1CA-44D5-B70E-CAF20615A7D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F54899CF-A704-4333-9DBE-DB2595D0624F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B3D6198B-BAE4-49FF-B8DD-A973F901AC1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B8097AB3-6742-44EA-983B-E7308C65FDE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FD0A6ECB-DA4D-4789-8428-B3670B9B707F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F7B83F4D-30E8-447D-80FC-C3F4F1EDE0C2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{7EF8BCC2-C8B9-4A01-A702-20010754E320}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AF7B407B-331C-4893-A991-1E64E86EF838}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2D4DB1BC-4F0B-43E9-BA26-D5BB40FF0E3A}C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe] => (Block) C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe
FirewallRules: [UDP Query User{82B95E07-B0D6-42A2-AEC1-0206CD2D91A1}C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe] => (Block) C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe
FirewallRules: [{A8F893CB-C70B-42C7-87DB-1793AA70461A}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{522FB048-AEDC-4BA6-ABD8-2FE8A36094FD}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{EC53C0E4-1C75-4A5F-A0C0-7E6100168D50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{84C6423F-CDC5-4445-B484-9F7CC737BE03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6C35C163-AC40-4A46-9D9B-6E1D664F5978}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{8AECFBE2-53FF-4206-8F21-66FC08D13606}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{A1ABF86E-6881-4235-A85D-B7B4785C62D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{591F21B8-82F3-4495-892F-8467842D4076}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{DD32AC81-3D43-4845-9CCA-6A431A1605D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{C59A4C2E-4AF8-49DA-8945-A30787C71F59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Power Control [2010/10/06 03:20:40]
Description: Power Control [2010/10/06 03:20:40]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/06/2017 11:55:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:30:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (03/06/2017 09:26:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: MAUZIMOBIL)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: MAUZIMOBIL)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: MAUZIMOBIL)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\mautzi\ntuser.dat

Error: (03/06/2017 01:05:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/05/2017 11:34:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/05/2017 12:24:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.23537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 604

Startzeit: 01d295a27b19c5b3

Endzeit: 16

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 48d7d96a-0196-11e7-9023-20cf306065bd


Systemfehler:
=============
Error: (03/11/2017 08:39:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/11/2017 08:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/11/2017 08:39:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.

Error: (03/11/2017 08:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2010/10/06 03:20:40]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/06/2017 09:20:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2010/10/06 03:20:40]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/06/2017 01:03:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/06/2017 12:26:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2010/10/06 03:20:40]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/05/2017 12:37:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (03/05/2017 12:28:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/05/2017 12:22:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 77%
Installierter physikalischer RAM: 3948.54 MB
Verfügbarer physikalischer RAM: 874.96 MB
Summe virtueller Speicher: 7895.27 MB
Verfügbarer virtueller Speicher: 4922.32 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:0 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:288.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

Anni265 · 11.03.2017, 22:10

Hier TDSS, Teil 1:

Code:

ATTFilter

21:37:02.0996 0x0348  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
21:38:20.0598 0x0348  ============================================================
21:38:20.0598 0x0348  Current date / time: 2017/03/11 21:38:20.0598
21:38:20.0598 0x0348  SystemInfo:
21:38:20.0598 0x0348  
21:38:20.0598 0x0348  OS Version: 6.1.7601 ServicePack: 1.0
21:38:20.0598 0x0348  Product type: Workstation
21:38:20.0599 0x0348  ComputerName: MAUZIMOBIL
21:38:20.0599 0x0348  UserName: mautzi
21:38:20.0599 0x0348  Windows directory: C:\Windows
21:38:20.0599 0x0348  System windows directory: C:\Windows
21:38:20.0599 0x0348  Running under WOW64
21:38:20.0599 0x0348  Processor architecture: Intel x64
21:38:20.0599 0x0348  Number of processors: 4
21:38:20.0599 0x0348  Page size: 0x1000
21:38:20.0599 0x0348  Boot type: Normal boot
21:38:20.0599 0x0348  CodeIntegrityOptions = 0x00000001
21:38:20.0599 0x0348  ============================================================
21:38:22.0585 0x0348  KLMD registered as C:\Windows\system32\drivers\14873655.sys
21:38:22.0587 0x0348  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23572, osProperties = 0x1
21:38:24.0692 0x0348  System UUID: {A8CF256A-CF71-E698-AA3F-8A827E6D82F4}
21:38:25.0338 0x0348  KSN library init failed!
21:38:25.0895 0x0348  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:25.0903 0x0348  ============================================================
21:38:25.0903 0x0348  \Device\Harddisk0\DR0:
21:38:25.0903 0x0348  MBR partitions:
21:38:25.0903 0x0348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
21:38:25.0924 0x0348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393000
21:38:25.0924 0x0348  ============================================================
21:38:25.0956 0x0348  C: <-> \Device\Harddisk0\DR0\Partition1
21:38:25.0988 0x0348  D: <-> \Device\Harddisk0\DR0\Partition2
21:38:26.0005 0x0348  ============================================================
21:38:26.0007 0x0348  Initialize success
21:38:26.0007 0x0348  ============================================================
21:39:07.0586 0x1124  ============================================================
21:39:07.0586 0x1124  Scan started
21:39:07.0586 0x1124  Mode: Manual; SigCheck; TDLFS; 
21:39:07.0586 0x1124  ============================================================
21:39:08.0252 0x1124  ================ Scan system memory ========================
21:39:08.0252 0x1124  System memory - ok
21:39:08.0253 0x1124  ================ Scan services =============================
21:39:08.0466 0x1124  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:39:08.0686 0x1124  1394ohci - ok
21:39:09.0316 0x1124  [ BDC8A704B42081D169F923F498EE3871, 55122B4B6EC94E651F4700C1042DDA584BA53E2166532F6F6381D6565AAACC3D ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
21:39:09.0704 0x1124  a2AntiMalware - detected UnsignedFile.Multi.Generic ( 1 )
21:39:09.0877 0x1124  a2AntiMalware ( UnsignedFile.Multi.Generic ) - warning
21:39:10.0015 0x1124  ACDaemon - ok
21:39:10.0080 0x1124  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:39:10.0130 0x1124  ACPI - ok
21:39:10.0167 0x1124  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:39:10.0289 0x1124  AcpiPmi - ok
21:39:10.0355 0x1124  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:10.0403 0x1124  adp94xx - detected UnsignedFile.Multi.Generic ( 1 )
21:39:10.0403 0x1124  Object is SCO, delete is not allowed
21:39:10.0403 0x1124  adp94xx ( UnsignedFile.Multi.Generic ) - warning
21:39:10.0431 0x1124  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:39:10.0497 0x1124  adpahci - ok
21:39:10.0511 0x1124  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:39:10.0554 0x1124  adpu320 - ok
21:39:10.0596 0x1124  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:39:10.0650 0x1124  AeLookupSvc - ok
21:39:10.0712 0x1124  [ 2D00D3DADC1D3326BA788EB071F2726E, 559048C0A15BBA83367D0F2969F48042FB1D11C9862A0BA4DF69FB15DECB8761 ] AFBAgent        C:\Windows\system32\FBAgent.exe
21:39:10.0775 0x1124  AFBAgent - ok
21:39:10.0844 0x1124  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:39:10.0897 0x1124  AFD - detected UnsignedFile.Multi.Generic ( 1 )
21:39:10.0897 0x1124  Object is SCO, delete is not allowed
21:39:10.0897 0x1124  AFD ( UnsignedFile.Multi.Generic ) - warning
21:39:10.0927 0x1124  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:39:10.0964 0x1124  agp440 - ok
21:39:10.0998 0x1124  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:39:11.0081 0x1124  ALG - ok
21:39:11.0128 0x1124  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:39:11.0159 0x1124  aliide - ok
21:39:11.0236 0x1124  [ 46693222FCDB3175AAAED017EAA6FCC7, 901484FCD4C59BA2480EE6A26F5A9AA163DA2AA412B68FF7C97F4285F0DC593D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:39:11.0318 0x1124  AMD External Events Utility - ok
21:39:11.0364 0x1124  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:39:11.0397 0x1124  amdide - ok
21:39:11.0468 0x1124  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:39:11.0517 0x1124  AmdK8 - ok
21:39:11.0542 0x1124  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:39:11.0590 0x1124  AmdPPM - ok
21:39:11.0636 0x1124  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:39:11.0675 0x1124  amdsata - ok
21:39:11.0705 0x1124  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:11.0749 0x1124  amdsbs - ok
21:39:11.0763 0x1124  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:39:11.0797 0x1124  amdxata - ok
21:39:11.0855 0x1124  [ 9C7F164B49CADC658D1B3C575782F346, 7C5FD203735041B6AEB2E551A63CE5F46DB41044BC72E7E77A72F316197C80DA ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
21:39:11.0917 0x1124  AmUStor - ok
21:39:11.0974 0x1124  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\Windows\system32\drivers\appid.sys
21:39:12.0075 0x1124  AppID - ok
21:39:12.0097 0x1124  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:39:12.0167 0x1124  AppIDSvc - ok
21:39:12.0191 0x1124  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
21:39:12.0266 0x1124  Appinfo - ok
21:39:12.0305 0x1124  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:39:12.0342 0x1124  arc - ok
21:39:12.0361 0x1124  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:39:12.0400 0x1124  arcsas - ok
21:39:12.0478 0x1124  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:39:12.0502 0x1124  ASLDRService - ok
21:39:12.0512 0x1124  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:39:12.0540 0x1124  ASMMAP64 - ok
21:39:12.0632 0x1124  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:39:12.0692 0x1124  aspnet_state - ok
21:39:12.0725 0x1124  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:12.0827 0x1124  AsyncMac - ok
21:39:12.0870 0x1124  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:39:12.0896 0x1124  atapi - ok
21:39:13.0069 0x1124  [ A5E770426D18F8EF332A593F3289DA91, 87AC97758618765814B630CB1A189CD690DC6B0EAAE93D80EDE7771FB362C9AF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:39:13.0324 0x1124  athr - detected UnsignedFile.Multi.Generic ( 1 )
21:39:13.0324 0x1124  athr ( UnsignedFile.Multi.Generic ) - warning
21:39:13.0389 0x1124  [ EE672EACF3CBEDAB390E0655BF5A11AB, DFAFB55584CED9ECF499067D113F81BE51D492627FD36784C4BED06AE0BECC52 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:39:13.0439 0x1124  AtiHDAudioService - ok
21:39:13.0478 0x1124  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:39:13.0513 0x1124  AtiHdmiService - ok
21:39:13.0856 0x1124  [ 99C262242A279976206ECE1D3C74DF27, B0E35CF7F9C820C4D7300183CC4401ABEB1AA439959563E8513DDE00947ABA23 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:14.0265 0x1124  atikmdag - detected UnsignedFile.Multi.Generic ( 1 )
21:39:14.0265 0x1124  atikmdag ( UnsignedFile.Multi.Generic ) - warning
21:39:14.0291 0x1124  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7, A552CAF830CD1D01C077EDDEC95832F5826631D2DFA8747E0E393E32ACED2A57 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:39:14.0315 0x1124  ATKGFNEXSrv - ok
21:39:14.0381 0x1124  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:39:14.0462 0x1124  AudioEndpointBuilder - detected UnsignedFile.Multi.Generic ( 1 )
21:39:14.0462 0x1124  Object is SCO, delete is not allowed
21:39:14.0462 0x1124  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - warning
21:39:14.0513 0x1124  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:39:14.0545 0x1124  AudioSrv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:14.0545 0x1124  Object is SCO, delete is not allowed
21:39:14.0545 0x1124  AudioSrv ( UnsignedFile.Multi.Generic ) - warning
21:39:14.0623 0x1124  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:39:14.0690 0x1124  AxInstSV - ok
21:39:14.0746 0x1124  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:39:14.0794 0x1124  b06bdrv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:14.0794 0x1124  b06bdrv ( UnsignedFile.Multi.Generic ) - warning
21:39:14.0831 0x1124  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:39:14.0906 0x1124  b57nd60a - ok
21:39:14.0947 0x1124  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:39:15.0022 0x1124  BDESVC - ok
21:39:15.0042 0x1124  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:39:15.0138 0x1124  Beep - ok
21:39:15.0222 0x1124  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:39:15.0271 0x1124  BFE - detected UnsignedFile.Multi.Generic ( 1 )
21:39:15.0271 0x1124  Object is SCO, delete is not allowed
21:39:15.0271 0x1124  BFE ( UnsignedFile.Multi.Generic ) - warning
21:39:15.0345 0x1124  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:39:15.0406 0x1124  BITS - detected UnsignedFile.Multi.Generic ( 1 )
21:39:15.0406 0x1124  BITS ( UnsignedFile.Multi.Generic ) - warning
21:39:15.0430 0x1124  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:15.0480 0x1124  blbdrive - ok
21:39:15.0522 0x1124  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:39:15.0578 0x1124  bowser - ok
21:39:15.0606 0x1124  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:15.0662 0x1124  BrFiltLo - ok
21:39:15.0668 0x1124  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:15.0718 0x1124  BrFiltUp - ok
21:39:15.0763 0x1124  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:39:15.0849 0x1124  Browser - ok
21:39:15.0879 0x1124  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:39:15.0985 0x1124  Brserid - ok
21:39:15.0993 0x1124  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:16.0051 0x1124  BrSerWdm - ok
21:39:16.0057 0x1124  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:16.0105 0x1124  BrUsbMdm - ok
21:39:16.0112 0x1124  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:16.0152 0x1124  BrUsbSer - ok
21:39:16.0171 0x1124  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:16.0235 0x1124  BTHMODEM - ok
21:39:16.0279 0x1124  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:39:16.0369 0x1124  bthserv - ok
21:39:16.0396 0x1124  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:39:16.0504 0x1124  cdfs - ok
21:39:16.0562 0x1124  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:39:16.0607 0x1124  cdrom - ok
21:39:16.0658 0x1124  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:39:16.0761 0x1124  CertPropSvc - ok
21:39:16.0801 0x1124  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:39:16.0862 0x1124  circlass - ok
21:39:16.0912 0x1124  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
21:39:16.0973 0x1124  CLFS - ok
21:39:17.0035 0x1124  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:17.0067 0x1124  clr_optimization_v2.0.50727_32 - ok
21:39:17.0097 0x1124  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:39:17.0126 0x1124  clr_optimization_v2.0.50727_64 - ok
21:39:17.0220 0x1124  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:17.0343 0x1124  clr_optimization_v4.0.30319_32 - ok
21:39:17.0403 0x1124  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:39:17.0494 0x1124  clr_optimization_v4.0.30319_64 - ok
21:39:17.0526 0x1124  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:17.0572 0x1124  CmBatt - ok
21:39:17.0604 0x1124  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:39:17.0637 0x1124  cmdide - ok
21:39:17.0691 0x1124  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:39:17.0729 0x1124  CNG - detected UnsignedFile.Multi.Generic ( 1 )
21:39:17.0729 0x1124  CNG ( UnsignedFile.Multi.Generic ) - warning
21:39:17.0780 0x1124  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:39:17.0806 0x1124  Compbatt - ok
21:39:17.0844 0x1124  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:39:17.0901 0x1124  CompositeBus - ok
21:39:17.0925 0x1124  COMSysApp - ok
21:39:17.0945 0x1124  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:17.0979 0x1124  crcdisk - ok
21:39:18.0021 0x1124  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:39:18.0126 0x1124  CryptSvc - ok
21:39:18.0259 0x1124  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:39:18.0296 0x1124  cvhsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:18.0296 0x1124  cvhsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:18.0446 0x1124  [ 6EA664B77C4C3C72BA413E4442AD6644, 63213F5FBE516518675F218886B66DD2922D4F64E71D91A589285330B36A0239 ] CyberLink PowerDVD 16 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
21:39:18.0480 0x1124  CyberLink PowerDVD 16 Media Server Monitor Service - ok
21:39:18.0571 0x1124  [ 86F042A0024F7A9615CBE79EFAA65126, 2D44A167942CCE068AFB57B69CD05586294C45BCAC91586033CC59C98FE47F8B ] CyberLink PowerDVD 16 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
21:39:18.0626 0x1124  CyberLink PowerDVD 16 Media Server Service - ok
21:39:18.0700 0x1124  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:39:18.0738 0x1124  DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
21:39:18.0738 0x1124  Object is SCO, delete is not allowed
21:39:18.0738 0x1124  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
21:39:18.0770 0x1124  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:39:18.0905 0x1124  defragsvc - ok
21:39:18.0951 0x1124  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:39:19.0008 0x1124  DfsC - ok
21:39:19.0092 0x1124  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:39:19.0166 0x1124  Dhcp - ok
21:39:19.0325 0x1124  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:39:19.0421 0x1124  DiagTrack - detected UnsignedFile.Multi.Generic ( 1 )
21:39:19.0421 0x1124  DiagTrack ( UnsignedFile.Multi.Generic ) - warning
21:39:19.0454 0x1124  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:39:19.0553 0x1124  discache - ok
21:39:19.0603 0x1124  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
21:39:19.0631 0x1124  Disk - ok
21:39:19.0685 0x1124  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:39:19.0732 0x1124  Dnscache - ok
21:39:19.0781 0x1124  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:39:19.0902 0x1124  dot3svc - ok
21:39:19.0965 0x1124  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:39:20.0027 0x1124  Dot4 - ok
21:39:20.0085 0x1124  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:39:20.0137 0x1124  Dot4Print - ok
21:39:20.0161 0x1124  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:39:20.0221 0x1124  dot4usb - ok
21:39:20.0279 0x1124  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:39:20.0381 0x1124  DPS - ok
21:39:20.0425 0x1124  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:39:20.0479 0x1124  drmkaud - ok
21:39:20.0560 0x1124  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:39:20.0664 0x1124  DXGKrnl - detected UnsignedFile.Multi.Generic ( 1 )
21:39:20.0664 0x1124  Object is SCO, delete is not allowed
21:39:20.0664 0x1124  DXGKrnl ( UnsignedFile.Multi.Generic ) - warning
21:39:20.0717 0x1124  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:39:20.0802 0x1124  EapHost - ok
21:39:20.0996 0x1124  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:39:21.0214 0x1124  ebdrv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:21.0214 0x1124  ebdrv ( UnsignedFile.Multi.Generic ) - warning
21:39:21.0247 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\Windows\System32\lsass.exe
21:39:21.0341 0x1124  EFS - ok
21:39:21.0438 0x1124  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:39:21.0489 0x1124  ehRecvr - detected UnsignedFile.Multi.Generic ( 1 )
21:39:21.0489 0x1124  Object is SCO, delete is not allowed
21:39:21.0489 0x1124  ehRecvr ( UnsignedFile.Multi.Generic ) - warning
21:39:21.0524 0x1124  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:39:21.0604 0x1124  ehSched - ok
21:39:21.0683 0x1124  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:39:21.0734 0x1124  elxstor - detected UnsignedFile.Multi.Generic ( 1 )
21:39:21.0734 0x1124  Object is SCO, delete is not allowed
21:39:21.0734 0x1124  elxstor ( UnsignedFile.Multi.Generic ) - warning
21:39:21.0763 0x1124  [ 0E840AA66CAB02CBA9730C772BBE305B, 8862583E653D13D1D10A1A4A33704E4F70576E80370943AAFD1EAED6657A0104 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
21:39:21.0887 0x1124  epp - ok
21:39:21.0909 0x1124  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:39:21.0957 0x1124  ErrDev - ok
21:39:22.0004 0x1124  [ 3C38648375B7F3988691F53A7AAE10A9, 2423EE67C8E9ACEA3526E5221177F5C63665820ED8A82F6DE0A9997389687C03 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
21:39:22.0071 0x1124  ETD - ok
21:39:22.0134 0x1124  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:39:22.0172 0x1124  EventSystem - detected UnsignedFile.Multi.Generic ( 1 )
21:39:22.0172 0x1124  EventSystem ( UnsignedFile.Multi.Generic ) - warning
21:39:22.0212 0x1124  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:39:22.0324 0x1124  exfat - ok
21:39:22.0349 0x1124  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:39:22.0474 0x1124  fastfat - ok
21:39:22.0544 0x1124  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:39:22.0591 0x1124  Fax - detected UnsignedFile.Multi.Generic ( 1 )
21:39:22.0591 0x1124  Object is SCO, delete is not allowed
21:39:22.0591 0x1124  Fax ( UnsignedFile.Multi.Generic ) - warning
21:39:22.0631 0x1124  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:39:22.0675 0x1124  fdc - ok
21:39:22.0705 0x1124  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:39:22.0800 0x1124  fdPHost - ok
21:39:22.0819 0x1124  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:39:22.0918 0x1124  FDResPub - ok
21:39:22.0950 0x1124  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:39:22.0979 0x1124  FileInfo - ok
21:39:22.0995 0x1124  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:39:23.0087 0x1124  Filetrace - ok
21:39:23.0128 0x1124  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:23.0176 0x1124  flpydisk - ok
21:39:23.0218 0x1124  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:39:23.0267 0x1124  FltMgr - ok
21:39:23.0366 0x1124  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
21:39:23.0483 0x1124  FontCache - detected UnsignedFile.Multi.Generic ( 1 )
21:39:23.0484 0x1124  FontCache ( UnsignedFile.Multi.Generic ) - warning
21:39:23.0539 0x1124  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:39:23.0564 0x1124  FontCache3.0.0.0 - ok
21:39:23.0594 0x1124  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:39:23.0631 0x1124  FsDepends - ok
21:39:23.0690 0x1124  [ 5814011B2F6E088E29D689B5FCD49B8F, 15C09FB9A80FDDB65FB831944BEC1B81743E0B7E4469F35E9FD4142FBB673C0E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:39:23.0723 0x1124  fssfltr - ok
21:39:23.0792 0x1124  [ F6717211C1EC2CDDAA81B97B0727C2E9, C1FD5A389167A826C002E28339BFCF7DC8851652647016D0DCF8585EB0B8FB28 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:39:23.0835 0x1124  fsssvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:23.0835 0x1124  fsssvc ( UnsignedFile.Multi.Generic ) - warning
21:39:23.0887 0x1124  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:39:23.0914 0x1124  Fs_Rec - ok
21:39:23.0977 0x1124  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:39:24.0030 0x1124  fvevol - ok
21:39:24.0074 0x1124  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:24.0110 0x1124  gagp30kx - ok
21:39:24.0184 0x1124  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
21:39:24.0258 0x1124  gpsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:24.0258 0x1124  Object is SCO, delete is not allowed
21:39:24.0258 0x1124  gpsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:24.0339 0x1124  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:39:24.0366 0x1124  gupdate - ok
21:39:24.0394 0x1124  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:39:24.0421 0x1124  gupdatem - ok
21:39:24.0453 0x1124  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:39:24.0484 0x1124  gusvc - ok
21:39:24.0531 0x1124  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:39:24.0606 0x1124  hcw85cir - ok
21:39:24.0678 0x1124  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:39:24.0768 0x1124  HdAudAddService - ok
21:39:24.0793 0x1124  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:39:24.0847 0x1124  HDAudBus - ok
21:39:24.0888 0x1124  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:39:24.0920 0x1124  HECIx64 - ok
21:39:24.0940 0x1124  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:24.0976 0x1124  HidBatt - ok
21:39:25.0007 0x1124  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:39:25.0074 0x1124  HidBth - ok
21:39:25.0110 0x1124  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:39:25.0154 0x1124  HidIr - ok
21:39:25.0192 0x1124  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:39:25.0271 0x1124  hidserv - ok
21:39:25.0327 0x1124  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:39:25.0379 0x1124  HidUsb - ok
21:39:25.0431 0x1124  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:39:25.0538 0x1124  hkmsvc - ok
21:39:25.0585 0x1124  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:39:25.0675 0x1124  HomeGroupListener - ok
21:39:25.0710 0x1124  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:39:25.0791 0x1124  HomeGroupProvider - ok
21:39:25.0941 0x1124  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:39:25.0992 0x1124  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:25.0992 0x1124  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0038 0x1124  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:39:26.0176 0x1124  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:26.0176 0x1124  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0217 0x1124  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:39:26.0255 0x1124  HpSAMD - ok
21:39:26.0343 0x1124  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:39:26.0414 0x1124  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
21:39:26.0414 0x1124  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0482 0x1124  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:39:26.0546 0x1124  HTTP - detected UnsignedFile.Multi.Generic ( 1 )
21:39:26.0546 0x1124  Object is SCO, delete is not allowed
21:39:26.0546 0x1124  HTTP ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0596 0x1124  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:39:26.0621 0x1124  hwpolicy - ok
21:39:26.0688 0x1124  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:39:26.0730 0x1124  i8042prt - ok
21:39:26.0786 0x1124  [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:39:26.0806 0x1124  iaStor - detected UnsignedFile.Multi.Generic ( 1 )
21:39:26.0806 0x1124  iaStor ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0849 0x1124  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:39:26.0897 0x1124  iaStorV - detected UnsignedFile.Multi.Generic ( 1 )
21:39:26.0897 0x1124  Object is SCO, delete is not allowed
21:39:26.0897 0x1124  iaStorV ( UnsignedFile.Multi.Generic ) - warning
21:39:26.0981 0x1124  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:39:27.0076 0x1124  idsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:27.0076 0x1124  idsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:27.0112 0x1124  IEEtwCollectorService - ok
21:39:27.0146 0x1124  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:39:27.0184 0x1124  iirsp - ok
21:39:27.0285 0x1124  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:39:27.0347 0x1124  IKEEXT - detected UnsignedFile.Multi.Generic ( 1 )
21:39:27.0347 0x1124  Object is SCO, delete is not allowed
21:39:27.0347 0x1124  IKEEXT ( UnsignedFile.Multi.Generic ) - warning
21:39:27.0373 0x1124  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
21:39:27.0448 0x1124  Impcd - ok
21:39:27.0479 0x1124  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:39:27.0511 0x1124  intelide - ok
21:39:27.0555 0x1124  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:39:27.0600 0x1124  intelppm - ok
21:39:27.0656 0x1124  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:39:27.0757 0x1124  IPBusEnum - ok
21:39:27.0798 0x1124  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:27.0905 0x1124  IpFilterDriver - ok
21:39:27.0983 0x1124  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:39:28.0029 0x1124  iphlpsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:28.0029 0x1124  Object is SCO, delete is not allowed
21:39:28.0029 0x1124  iphlpsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:28.0069 0x1124  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:39:28.0120 0x1124  IPMIDRV - ok
21:39:28.0158 0x1124  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:39:28.0268 0x1124  IPNAT - ok
21:39:28.0302 0x1124  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:39:28.0347 0x1124  IRENUM - ok
21:39:28.0387 0x1124  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:39:28.0421 0x1124  isapnp - ok
21:39:28.0458 0x1124  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:39:28.0516 0x1124  iScsiPrt - ok
21:39:28.0544 0x1124  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:39:28.0581 0x1124  kbdclass - ok
21:39:28.0613 0x1124  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:39:28.0659 0x1124  kbdhid - ok
21:39:28.0696 0x1124  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
21:39:28.0724 0x1124  kbfiltr - ok
21:39:28.0742 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\Windows\system32\lsass.exe
21:39:28.0768 0x1124  KeyIso - ok
21:39:28.0799 0x1124  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:39:28.0829 0x1124  KSecDD - ok
21:39:28.0851 0x1124  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:39:28.0884 0x1124  KSecPkg - ok
21:39:28.0920 0x1124  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:39:29.0026 0x1124  ksthunk - ok
21:39:29.0078 0x1124  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:39:29.0212 0x1124  KtmRm - ok
21:39:29.0264 0x1124  [ 9C46A5421DE9D116C47155317CABB522, 276ECDAA08EADF2F2B572415637A58FC33097ED6A026580DAA1868AAC90064A7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
21:39:29.0332 0x1124  L1C - ok
21:39:29.0385 0x1124  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:39:29.0507 0x1124  LanmanServer - ok
21:39:29.0544 0x1124  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:39:29.0649 0x1124  LanmanWorkstation - ok
21:39:29.0703 0x1124  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:39:29.0803 0x1124  lltdio - ok
21:39:29.0858 0x1124  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:39:29.0990 0x1124  lltdsvc - ok
21:39:30.0025 0x1124  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:39:30.0125 0x1124  lmhosts - ok
21:39:30.0182 0x1124  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:39:30.0314 0x1124  LMS - detected UnsignedFile.Multi.Generic ( 1 )
21:39:30.0314 0x1124  LMS ( UnsignedFile.Multi.Generic ) - warning
21:39:30.0369 0x1124  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:30.0409 0x1124  LSI_FC - ok
21:39:30.0439 0x1124  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:30.0479 0x1124  LSI_SAS - ok
21:39:30.0496 0x1124  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:30.0532 0x1124  LSI_SAS2 - ok
21:39:30.0558 0x1124  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:30.0599 0x1124  LSI_SCSI - ok
21:39:30.0636 0x1124  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:39:30.0733 0x1124  luafv - ok
21:39:30.0786 0x1124  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:39:30.0829 0x1124  Mcx2Svc - ok
21:39:30.0856 0x1124  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:39:30.0891 0x1124  megasas - ok
21:39:30.0910 0x1124  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:30.0961 0x1124  MegaSR - ok
21:39:30.0999 0x1124  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:39:31.0103 0x1124  MMCSS - ok
21:39:31.0121 0x1124  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:39:31.0228 0x1124  Modem - ok
21:39:31.0254 0x1124  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:39:31.0308 0x1124  monitor - ok
21:39:31.0349 0x1124  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:39:31.0385 0x1124  mouclass - ok
21:39:31.0415 0x1124  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:39:31.0451 0x1124  mouhid - ok
21:39:31.0489 0x1124  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:39:31.0521 0x1124  mountmgr - ok
21:39:31.0592 0x1124  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:39:31.0705 0x1124  MpFilter - ok
21:39:31.0747 0x1124  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:39:31.0790 0x1124  mpio - ok
21:39:31.0818 0x1124  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:39:31.0909 0x1124  mpsdrv - ok
21:39:31.0979 0x1124  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:39:32.0040 0x1124  MpsSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:32.0040 0x1124  Object is SCO, delete is not allowed
21:39:32.0040 0x1124  MpsSvc ( UnsignedFile.Multi.Generic ) - warning
21:39:32.0082 0x1124  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:39:32.0155 0x1124  MRxDAV - ok
21:39:32.0193 0x1124  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:32.0287 0x1124  mrxsmb - ok
21:39:32.0319 0x1124  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:32.0411 0x1124  mrxsmb10 - ok
21:39:32.0438 0x1124  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:32.0502 0x1124  mrxsmb20 - ok
21:39:32.0541 0x1124  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:39:32.0568 0x1124  msahci - ok
21:39:32.0599 0x1124  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:39:32.0641 0x1124  msdsm - ok
21:39:32.0666 0x1124  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:39:32.0718 0x1124  MSDTC - ok
21:39:32.0763 0x1124  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:39:32.0867 0x1124  Msfs - ok
21:39:32.0897 0x1124  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:39:32.0997 0x1124  mshidkmdf - ok
21:39:33.0031 0x1124  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:39:33.0057 0x1124  msisadrv - ok
21:39:33.0090 0x1124  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:39:33.0194 0x1124  MSiSCSI - ok
21:39:33.0199 0x1124  msiserver - ok
21:39:33.0245 0x1124  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:39:33.0323 0x1124  MSKSSRV - ok
21:39:33.0418 0x1124  [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:39:33.0450 0x1124  MsMpSvc - ok
21:39:33.0477 0x1124  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:33.0572 0x1124  MSPCLOCK - ok
21:39:33.0601 0x1124  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:39:33.0698 0x1124  MSPQM - ok
21:39:33.0742 0x1124  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:39:33.0780 0x1124  MsRPC - detected UnsignedFile.Multi.Generic ( 1 )
21:39:33.0780 0x1124  Object is SCO, delete is not allowed
21:39:33.0780 0x1124  MsRPC ( UnsignedFile.Multi.Generic ) - warning
21:39:33.0820 0x1124  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:39:33.0845 0x1124  mssmbios - ok
21:39:33.0884 0x1124  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:39:33.0978 0x1124  MSTEE - ok
21:39:33.0999 0x1124  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:34.0052 0x1124  MTConfig - ok
21:39:34.0080 0x1124  [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:39:34.0107 0x1124  MTsensor - ok
21:39:34.0129 0x1124  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:39:34.0158 0x1124  Mup - ok
21:39:34.0226 0x1124  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:39:34.0268 0x1124  napagent - detected UnsignedFile.Multi.Generic ( 1 )
21:39:34.0269 0x1124  Object is SCO, delete is not allowed
21:39:34.0269 0x1124  napagent ( UnsignedFile.Multi.Generic ) - warning
21:39:34.0321 0x1124  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:39:34.0412 0x1124  NativeWifiP - ok
21:39:34.0487 0x1124  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:39:34.0549 0x1124  NDIS - detected UnsignedFile.Multi.Generic ( 1 )
21:39:34.0549 0x1124  Object is SCO, delete is not allowed
21:39:34.0549 0x1124  NDIS ( UnsignedFile.Multi.Generic ) - warning
21:39:34.0587 0x1124  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:34.0691 0x1124  NdisCap - ok
21:39:34.0723 0x1124  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:34.0821 0x1124  NdisTapi - ok
21:39:34.0856 0x1124  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:34.0963 0x1124  Ndisuio - ok
21:39:35.0026 0x1124  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:35.0130 0x1124  NdisWan - ok
21:39:35.0161 0x1124  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:39:35.0248 0x1124  NDProxy - ok
21:39:35.0290 0x1124  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:39:35.0351 0x1124  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:35.0351 0x1124  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:39:35.0386 0x1124  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:39:35.0490 0x1124  NetBIOS - ok
21:39:35.0537 0x1124  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:39:35.0616 0x1124  NetBT - ok
21:39:35.0641 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\Windows\system32\lsass.exe
21:39:35.0669 0x1124  Netlogon - ok
21:39:35.0717 0x1124  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:39:35.0755 0x1124  Netman - detected UnsignedFile.Multi.Generic ( 1 )
21:39:35.0755 0x1124  Netman ( UnsignedFile.Multi.Generic ) - warning
21:39:35.0799 0x1124  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:35.0848 0x1124  NetMsmqActivator - ok
21:39:35.0859 0x1124  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:35.0894 0x1124  NetPipeActivator - ok
21:39:35.0921 0x1124  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:39:35.0948 0x1124  netprofm - detected UnsignedFile.Multi.Generic ( 1 )
21:39:35.0948 0x1124  Object is SCO, delete is not allowed
21:39:35.0948 0x1124  netprofm ( UnsignedFile.Multi.Generic ) - warning
21:39:35.0959 0x1124  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:35.0990 0x1124  NetTcpActivator - ok
21:39:35.0999 0x1124  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:36.0031 0x1124  NetTcpPortSharing - ok
21:39:36.0065 0x1124  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:36.0098 0x1124  nfrd960 - ok
21:39:36.0161 0x1124  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:39:36.0213 0x1124  NisDrv - ok
21:39:36.0284 0x1124  [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
21:39:36.0318 0x1124  NisSrv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:36.0318 0x1124  NisSrv ( UnsignedFile.Multi.Generic ) - warning
21:39:36.0378 0x1124  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:39:36.0474 0x1124  NlaSvc - ok
21:39:36.0498 0x1124  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:39:36.0588 0x1124  Npfs - ok
21:39:36.0616 0x1124  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:39:36.0704 0x1124  nsi - ok
21:39:36.0720 0x1124  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:39:36.0829 0x1124  nsiproxy - ok
21:39:36.0951 0x1124  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:39:37.0050 0x1124  Ntfs - detected UnsignedFile.Multi.Generic ( 1 )
21:39:37.0050 0x1124  Object is SCO, delete is not allowed
21:39:37.0050 0x1124  Ntfs ( UnsignedFile.Multi.Generic ) - warning
21:39:37.0087 0x1124  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:39:37.0184 0x1124  Null - ok
21:39:37.0235 0x1124  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:39:37.0278 0x1124  nvraid - ok
21:39:37.0301 0x1124  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:39:37.0344 0x1124  nvstor - ok
21:39:37.0382 0x1124  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:39:37.0425 0x1124  nv_agp - ok
21:39:37.0440 0x1124  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:39:37.0491 0x1124  ohci1394 - ok
21:39:37.0521 0x1124  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:37.0550 0x1124  ose - ok
21:39:37.0873 0x1124  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:39:38.0162 0x1124  osppsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:38.0162 0x1124  osppsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:38.0203 0x1124  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:39:38.0290 0x1124  p2pimsvc - ok
21:39:38.0328 0x1124  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:39:38.0378 0x1124  p2psvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:38.0378 0x1124  Object is SCO, delete is not allowed
21:39:38.0378 0x1124  p2psvc ( UnsignedFile.Multi.Generic ) - warning
21:39:38.0412 0x1124  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:39:38.0469 0x1124  Parport - ok
21:39:38.0506 0x1124  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:39:38.0535 0x1124  partmgr - ok
21:39:38.0585 0x1124  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:39:38.0648 0x1124  PcaSvc - ok
21:39:38.0700 0x1124  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:39:38.0734 0x1124  pci - ok
21:39:38.0780 0x1124  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:39:38.0805 0x1124  pciide - ok
21:39:38.0843 0x1124  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:38.0902 0x1124  pcmcia - ok
21:39:38.0922 0x1124  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:39:38.0949 0x1124  pcw - ok
21:39:39.0007 0x1124  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:39:39.0086 0x1124  PEAUTH - detected UnsignedFile.Multi.Generic ( 1 )
21:39:39.0087 0x1124  Object is SCO, delete is not allowed
21:39:39.0087 0x1124  PEAUTH ( UnsignedFile.Multi.Generic ) - warning
21:39:39.0174 0x1124  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:39:39.0218 0x1124  PerfHost - ok
21:39:39.0332 0x1124  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:39:39.0458 0x1124  pla - detected UnsignedFile.Multi.Generic ( 1 )
21:39:39.0458 0x1124  Object is SCO, delete is not allowed
21:39:39.0458 0x1124  pla ( UnsignedFile.Multi.Generic ) - warning
21:39:39.0527 0x1124  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:39:39.0576 0x1124  PlugPlay - detected UnsignedFile.Multi.Generic ( 1 )
21:39:39.0576 0x1124  Object is SCO, delete is not allowed
21:39:39.0576 0x1124  PlugPlay ( UnsignedFile.Multi.Generic ) - warning
21:39:39.0740 0x1124  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:39:39.0786 0x1124  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:39.0786 0x1124  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:39:39.0822 0x1124  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:39:39.0872 0x1124  PNRPAutoReg - ok
21:39:39.0908 0x1124  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:39:39.0952 0x1124  PNRPsvc - ok
21:39:40.0007 0x1124  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:39:40.0045 0x1124  PolicyAgent - detected UnsignedFile.Multi.Generic ( 1 )
21:39:40.0046 0x1124  Object is SCO, delete is not allowed
21:39:40.0046 0x1124  PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
21:39:40.0084 0x1124  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:39:40.0192 0x1124  Power - ok
21:39:40.0251 0x1124  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:39:40.0358 0x1124  PptpMiniport - ok
21:39:40.0404 0x1124  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:39:40.0450 0x1124  Processor - ok
21:39:40.0491 0x1124  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:39:40.0584 0x1124  ProfSvc - ok
21:39:40.0604 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\Windows\system32\lsass.exe
21:39:40.0631 0x1124  ProtectedStorage - ok
21:39:40.0692 0x1124  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:39:40.0795 0x1124  Psched - ok
21:39:40.0915 0x1124  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:39:41.0042 0x1124  ql2300 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:41.0042 0x1124  Object is SCO, delete is not allowed
21:39:41.0042 0x1124  ql2300 ( UnsignedFile.Multi.Generic ) - warning
21:39:41.0063 0x1124  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:41.0104 0x1124  ql40xx - ok
21:39:41.0138 0x1124  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:39:41.0205 0x1124  QWAVE - ok
21:39:41.0226 0x1124  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:39:41.0283 0x1124  QWAVEdrv - ok
21:39:41.0326 0x1124  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:39:41.0413 0x1124  RasAcd - ok
21:39:41.0462 0x1124  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:41.0563 0x1124  RasAgileVpn - ok
21:39:41.0601 0x1124  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:39:41.0694 0x1124  RasAuto - ok
21:39:41.0729 0x1124  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:41.0839 0x1124  Rasl2tp - ok
21:39:41.0897 0x1124  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:39:41.0945 0x1124  RasMan - detected UnsignedFile.Multi.Generic ( 1 )
21:39:41.0945 0x1124  Object is SCO, delete is not allowed
21:39:41.0945 0x1124  RasMan ( UnsignedFile.Multi.Generic ) - warning
21:39:41.0979 0x1124  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:42.0090 0x1124  RasPppoe - ok
21:39:42.0104 0x1124  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:39:42.0215 0x1124  RasSstp - ok
21:39:42.0257 0x1124  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:39:42.0395 0x1124  rdbss - ok
21:39:42.0418 0x1124  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:42.0469 0x1124  rdpbus - ok
21:39:42.0503 0x1124  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:42.0605 0x1124  RDPCDD - ok
21:39:42.0615 0x1124  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:39:42.0703 0x1124  RDPENCDD - ok
21:39:42.0721 0x1124  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:39:42.0821 0x1124  RDPREFMP - ok
21:39:42.0872 0x1124  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:39:42.0967 0x1124  RDPWD - ok
21:39:43.0023 0x1124  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:39:43.0061 0x1124  rdyboost - ok
21:39:43.0094 0x1124  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:39:43.0184 0x1124  RemoteAccess - ok
21:39:43.0231 0x1124  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:39:43.0354 0x1124  RemoteRegistry - ok
21:39:43.0379 0x1124  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:39:43.0468 0x1124  RpcEptMapper - ok
21:39:43.0494 0x1124  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:39:43.0542 0x1124  RpcLocator - ok
21:39:43.0594 0x1124  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
21:39:43.0621 0x1124  RpcSs - detected UnsignedFile.Multi.Generic ( 1 )
21:39:43.0621 0x1124  Object is SCO, delete is not allowed
21:39:43.0621 0x1124  RpcSs ( UnsignedFile.Multi.Generic ) - warning
21:39:43.0657 0x1124  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:39:43.0763 0x1124  rspndr - ok
21:39:43.0785 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\Windows\system32\lsass.exe
21:39:43.0813 0x1124  SamSs - ok
21:39:43.0845 0x1124  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:39:43.0883 0x1124  sbp2port - ok
21:39:43.0927 0x1124  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:39:44.0049 0x1124  SCardSvr - ok
21:39:44.0079 0x1124  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:39:44.0177 0x1124  scfilter - ok
21:39:44.0264 0x1124  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:39:44.0339 0x1124  Schedule - detected UnsignedFile.Multi.Generic ( 1 )
21:39:44.0339 0x1124  Schedule ( UnsignedFile.Multi.Generic ) - warning
21:39:44.0369 0x1124  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:39:44.0449 0x1124  SCPolicySvc - ok
21:39:44.0490 0x1124  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:39:44.0571 0x1124  SDRSVC - ok
21:39:44.0622 0x1124  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:39:44.0695 0x1124  secdrv - ok
21:39:44.0726 0x1124  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
21:39:44.0793 0x1124  seclogon - ok
21:39:44.0821 0x1124  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:39:44.0913 0x1124  SENS - ok
21:39:44.0935 0x1124  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc

Anni265 · 11.03.2017, 22:13

Nun Teil 2:

Code:

ATTFilter

C:\Windows\system32\sensrsvc.dll
21:39:44.0998 0x1124  SensrSvc - ok
21:39:45.0041 0x1124  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:39:45.0085 0x1124  Serenum - ok
21:39:45.0122 0x1124  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:39:45.0175 0x1124  Serial - ok
21:39:45.0205 0x1124  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:39:45.0241 0x1124  sermouse - ok
21:39:45.0288 0x1124  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:39:45.0392 0x1124  SessionEnv - ok
21:39:45.0432 0x1124  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:39:45.0491 0x1124  sffdisk - ok
21:39:45.0509 0x1124  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:39:45.0562 0x1124  sffp_mmc - ok
21:39:45.0579 0x1124  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:39:45.0619 0x1124  sffp_sd - ok
21:39:45.0658 0x1124  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:45.0693 0x1124  sfloppy - ok
21:39:45.0766 0x1124  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
21:39:45.0830 0x1124  Sftfs - detected UnsignedFile.Multi.Generic ( 1 )
21:39:45.0830 0x1124  Sftfs ( UnsignedFile.Multi.Generic ) - warning
21:39:45.0922 0x1124  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:39:45.0964 0x1124  sftlist - detected UnsignedFile.Multi.Generic ( 1 )
21:39:45.0964 0x1124  sftlist ( UnsignedFile.Multi.Generic ) - warning
21:39:46.0005 0x1124  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:39:46.0065 0x1124  Sftplay - ok
21:39:46.0090 0x1124  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:39:46.0124 0x1124  Sftredir - ok
21:39:46.0135 0x1124  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
21:39:46.0169 0x1124  Sftvol - ok
21:39:46.0188 0x1124  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:39:46.0226 0x1124  sftvsa - ok
21:39:46.0274 0x1124  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:39:46.0343 0x1124  SharedAccess - detected UnsignedFile.Multi.Generic ( 1 )
21:39:46.0343 0x1124  Object is SCO, delete is not allowed
21:39:46.0343 0x1124  SharedAccess ( UnsignedFile.Multi.Generic ) - warning
21:39:46.0390 0x1124  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:39:46.0428 0x1124  ShellHWDetection - detected UnsignedFile.Multi.Generic ( 1 )
21:39:46.0428 0x1124  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
21:39:46.0470 0x1124  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
21:39:46.0508 0x1124  SiSGbeLH - ok
21:39:46.0553 0x1124  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:46.0590 0x1124  SiSRaid2 - ok
21:39:46.0606 0x1124  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:46.0646 0x1124  SiSRaid4 - ok
21:39:46.0666 0x1124  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:39:46.0760 0x1124  Smb - ok
21:39:46.0803 0x1124  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:39:46.0851 0x1124  SNMPTRAP - ok
21:39:46.0985 0x1124  [ F06A6DE8438F7446BFF9E61F31356521, 6F8819013B4362A83793914282878047B3C3A42D2E978438AF47A7E9F12AA81C ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
21:39:47.0143 0x1124  SNP2UVC - detected UnsignedFile.Multi.Generic ( 1 )
21:39:47.0143 0x1124  SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
21:39:47.0172 0x1124  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:39:47.0198 0x1124  spldr - ok
21:39:47.0258 0x1124  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:39:47.0303 0x1124  Spooler - detected UnsignedFile.Multi.Generic ( 1 )
21:39:47.0303 0x1124  Spooler ( UnsignedFile.Multi.Generic ) - warning
21:39:47.0514 0x1124  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:39:47.0724 0x1124  sppsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:47.0724 0x1124  sppsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:47.0757 0x1124  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:39:47.0863 0x1124  sppuinotify - ok
21:39:47.0925 0x1124  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:39:47.0974 0x1124  srv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:47.0974 0x1124  Object is SCO, delete is not allowed
21:39:47.0974 0x1124  srv ( UnsignedFile.Multi.Generic ) - warning
21:39:48.0016 0x1124  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:39:48.0085 0x1124  srv2 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:48.0085 0x1124  Object is SCO, delete is not allowed
21:39:48.0086 0x1124  srv2 ( UnsignedFile.Multi.Generic ) - warning
21:39:48.0128 0x1124  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:39:48.0196 0x1124  srvnet - ok
21:39:48.0244 0x1124  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:39:48.0360 0x1124  SSDPSRV - ok
21:39:48.0370 0x1124  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:39:48.0463 0x1124  SstpSvc - ok
21:39:48.0612 0x1124  [ 94A6522AC9F3E05FD039AD105ADE96D0, 50E62BDE650B55980F9166E4A1555D61E4652BF7C442A402A39F4DAD9119B0EE ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
21:39:48.0793 0x1124  STacSV - ok
21:39:48.0826 0x1124  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:39:48.0859 0x1124  stexstor - ok
21:39:48.0926 0x1124  [ DDB811B13D827081E7C1DDFF302AB334, D2C86644ECD6DC20815766874FF15CAF3DEEBBD2E452E146492719518CECC5CE ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
21:39:48.0976 0x1124  STHDA - detected UnsignedFile.Multi.Generic ( 1 )
21:39:48.0976 0x1124  STHDA ( UnsignedFile.Multi.Generic ) - warning
21:39:49.0082 0x1124  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:39:49.0131 0x1124  stisvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0131 0x1124  Object is SCO, delete is not allowed
21:39:49.0131 0x1124  stisvc ( UnsignedFile.Multi.Generic ) - warning
21:39:49.0160 0x1124  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:39:49.0192 0x1124  swenum - ok
21:39:49.0252 0x1124  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:39:49.0301 0x1124  swprv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0302 0x1124  Object is SCO, delete is not allowed
21:39:49.0302 0x1124  swprv ( UnsignedFile.Multi.Generic ) - warning
21:39:49.0420 0x1124  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:39:49.0526 0x1124  SysMain - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0526 0x1124  Object is SCO, delete is not allowed
21:39:49.0526 0x1124  SysMain ( UnsignedFile.Multi.Generic ) - warning
21:39:49.0565 0x1124  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:39:49.0637 0x1124  TabletInputService - ok
21:39:49.0680 0x1124  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:39:49.0727 0x1124  TapiSrv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0727 0x1124  TapiSrv ( UnsignedFile.Multi.Generic ) - warning
21:39:49.0854 0x1124  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:39:49.0973 0x1124  Tcpip - detected UnsignedFile.Multi.Generic ( 1 )
21:39:49.0973 0x1124  Object is SCO, delete is not allowed
21:39:49.0973 0x1124  Tcpip ( UnsignedFile.Multi.Generic ) - warning
21:39:50.0108 0x1124  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:39:50.0186 0x1124  TCPIP6 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:50.0186 0x1124  Object is SCO, delete is not allowed
21:39:50.0186 0x1124  TCPIP6 ( UnsignedFile.Multi.Generic ) - warning
21:39:50.0219 0x1124  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:39:50.0300 0x1124  tcpipreg - ok
21:39:50.0354 0x1124  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:39:50.0431 0x1124  TDPIPE - ok
21:39:50.0467 0x1124  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:39:50.0516 0x1124  TDTCP - ok
21:39:50.0545 0x1124  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:39:50.0625 0x1124  tdx - ok
21:39:50.0670 0x1124  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:39:50.0707 0x1124  TermDD - ok
21:39:50.0767 0x1124  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:39:50.0832 0x1124  TermService - detected UnsignedFile.Multi.Generic ( 1 )
21:39:50.0832 0x1124  Object is SCO, delete is not allowed
21:39:50.0832 0x1124  TermService ( UnsignedFile.Multi.Generic ) - warning
21:39:50.0859 0x1124  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:39:50.0921 0x1124  Themes - ok
21:39:50.0950 0x1124  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:39:51.0034 0x1124  THREADORDER - ok
21:39:51.0083 0x1124  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:39:51.0182 0x1124  TrkWks - ok
21:39:51.0239 0x1124  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:39:51.0339 0x1124  TrustedInstaller - ok
21:39:51.0376 0x1124  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:51.0431 0x1124  tssecsrv - ok
21:39:51.0476 0x1124  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:39:51.0553 0x1124  TsUsbFlt - ok
21:39:51.0614 0x1124  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:39:51.0710 0x1124  tunnel - ok
21:39:51.0754 0x1124  [ C45A3E051C65106A28982CAED125F855, 9164708ABC6B1BA804B8297AA4EEBC65C4BDD4D399AD6CBAB9C66BB7AA9020E8 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
21:39:51.0847 0x1124  TurboB - ok
21:39:51.0887 0x1124  [ BAEF86EBEAECE76573FA822DEA256F6C, B845AB0AACCCF4C2D4A8DD152C57C52416C5938FB3FEB670DB5434FA95620F3B ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:39:51.0960 0x1124  TurboBoost - ok
21:39:52.0001 0x1124  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:39:52.0038 0x1124  uagp35 - ok
21:39:52.0093 0x1124  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:39:52.0141 0x1124  udfs - detected UnsignedFile.Multi.Generic ( 1 )
21:39:52.0141 0x1124  Object is SCO, delete is not allowed
21:39:52.0141 0x1124  udfs ( UnsignedFile.Multi.Generic ) - warning
21:39:52.0174 0x1124  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:39:52.0228 0x1124  UI0Detect - ok
21:39:52.0302 0x1124  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:39:52.0339 0x1124  uliagpkx - ok
21:39:52.0378 0x1124  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
21:39:52.0416 0x1124  umbus - ok
21:39:52.0451 0x1124  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:39:52.0502 0x1124  UmPass - ok
21:39:52.0670 0x1124  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:39:52.0799 0x1124  UNS - detected UnsignedFile.Multi.Generic ( 1 )
21:39:52.0799 0x1124  UNS ( UnsignedFile.Multi.Generic ) - warning
21:39:52.0844 0x1124  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:39:52.0880 0x1124  upnphost - detected UnsignedFile.Multi.Generic ( 1 )
21:39:52.0880 0x1124  upnphost ( UnsignedFile.Multi.Generic ) - warning
21:39:52.0921 0x1124  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
21:39:52.0984 0x1124  usbccgp - ok
21:39:53.0017 0x1124  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:39:53.0093 0x1124  usbcir - ok
21:39:53.0133 0x1124  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:39:53.0205 0x1124  usbehci - ok
21:39:53.0265 0x1124  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
21:39:53.0311 0x1124  usbhub - detected UnsignedFile.Multi.Generic ( 1 )
21:39:53.0311 0x1124  Object is SCO, delete is not allowed
21:39:53.0311 0x1124  usbhub ( UnsignedFile.Multi.Generic ) - warning
21:39:53.0345 0x1124  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:39:53.0394 0x1124  usbohci - ok
21:39:53.0431 0x1124  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:39:53.0482 0x1124  usbprint - ok
21:39:53.0536 0x1124  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
21:39:53.0607 0x1124  usbscan - ok
21:39:53.0641 0x1124  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:53.0705 0x1124  USBSTOR - ok
21:39:53.0753 0x1124  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:39:53.0800 0x1124  usbuhci - ok
21:39:53.0856 0x1124  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:39:53.0918 0x1124  usbvideo - ok
21:39:53.0945 0x1124  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:39:54.0079 0x1124  UxSms - ok
21:39:54.0108 0x1124  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\Windows\system32\lsass.exe
21:39:54.0134 0x1124  VaultSvc - ok
21:39:54.0152 0x1124  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:39:54.0178 0x1124  vdrvroot - ok
21:39:54.0247 0x1124  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:39:54.0293 0x1124  vds - detected UnsignedFile.Multi.Generic ( 1 )
21:39:54.0293 0x1124  Object is SCO, delete is not allowed
21:39:54.0293 0x1124  vds ( UnsignedFile.Multi.Generic ) - warning
21:39:54.0324 0x1124  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:54.0368 0x1124  vga - ok
21:39:54.0387 0x1124  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:39:54.0494 0x1124  VgaSave - ok
21:39:54.0540 0x1124  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:39:54.0598 0x1124  vhdmp - ok
21:39:54.0649 0x1124  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:39:54.0682 0x1124  viaide - ok
21:39:54.0701 0x1124  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:39:54.0730 0x1124  volmgr - ok
21:39:54.0785 0x1124  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:39:54.0819 0x1124  volmgrx - detected UnsignedFile.Multi.Generic ( 1 )
21:39:54.0819 0x1124  Object is SCO, delete is not allowed
21:39:54.0819 0x1124  volmgrx ( UnsignedFile.Multi.Generic ) - warning
21:39:54.0863 0x1124  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:39:54.0889 0x1124  volsnap - detected UnsignedFile.Multi.Generic ( 1 )
21:39:54.0889 0x1124  Object is SCO, delete is not allowed
21:39:54.0889 0x1124  volsnap ( UnsignedFile.Multi.Generic ) - warning
21:39:54.0933 0x1124  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:54.0977 0x1124  vsmraid - ok
21:39:55.0095 0x1124  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:39:55.0202 0x1124  VSS - detected UnsignedFile.Multi.Generic ( 1 )
21:39:55.0202 0x1124  Object is SCO, delete is not allowed
21:39:55.0202 0x1124  VSS ( UnsignedFile.Multi.Generic ) - warning
21:39:55.0215 0x1124  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:55.0257 0x1124  vwifibus - ok
21:39:55.0266 0x1124  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:55.0334 0x1124  vwififlt - ok
21:39:55.0379 0x1124  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:39:55.0437 0x1124  vwifimp - ok
21:39:55.0480 0x1124  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:39:55.0529 0x1124  W32Time - detected UnsignedFile.Multi.Generic ( 1 )
21:39:55.0530 0x1124  Object is SCO, delete is not allowed
21:39:55.0530 0x1124  W32Time ( UnsignedFile.Multi.Generic ) - warning
21:39:55.0557 0x1124  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:39:55.0604 0x1124  WacomPen - ok
21:39:55.0650 0x1124  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:39:55.0760 0x1124  WANARP - ok
21:39:55.0768 0x1124  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:39:55.0848 0x1124  Wanarpv6 - ok
21:39:55.0960 0x1124  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:39:56.0057 0x1124  wbengine - detected UnsignedFile.Multi.Generic ( 1 )
21:39:56.0057 0x1124  Object is SCO, delete is not allowed
21:39:56.0057 0x1124  wbengine ( UnsignedFile.Multi.Generic ) - warning
21:39:56.0106 0x1124  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:39:56.0186 0x1124  WbioSrvc - ok
21:39:56.0238 0x1124  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:39:56.0286 0x1124  wcncsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:56.0286 0x1124  Object is SCO, delete is not allowed
21:39:56.0286 0x1124  wcncsvc ( UnsignedFile.Multi.Generic ) - warning
21:39:56.0303 0x1124  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:39:56.0354 0x1124  WcsPlugInService - ok
21:39:56.0396 0x1124  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:39:56.0429 0x1124  Wd - ok
21:39:56.0509 0x1124  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:39:56.0563 0x1124  Wdf01000 - detected UnsignedFile.Multi.Generic ( 1 )
21:39:56.0563 0x1124  Object is SCO, delete is not allowed
21:39:56.0563 0x1124  Wdf01000 ( UnsignedFile.Multi.Generic ) - warning
21:39:56.0603 0x1124  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:39:56.0669 0x1124  WdiServiceHost - ok
21:39:56.0678 0x1124  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:39:56.0710 0x1124  WdiSystemHost - ok
21:39:56.0764 0x1124  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
21:39:56.0804 0x1124  WebClient - detected UnsignedFile.Multi.Generic ( 1 )
21:39:56.0805 0x1124  Object is SCO, delete is not allowed
21:39:56.0805 0x1124  WebClient ( UnsignedFile.Multi.Generic ) - warning
21:39:56.0840 0x1124  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:39:56.0961 0x1124  Wecsvc - ok
21:39:56.0972 0x1124  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:39:57.0091 0x1124  wercplsupport - ok
21:39:57.0122 0x1124  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:39:57.0213 0x1124  WerSvc - ok
21:39:57.0248 0x1124  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:57.0336 0x1124  WfpLwf - ok
21:39:57.0382 0x1124  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
21:39:57.0423 0x1124  WimFltr - ok
21:39:57.0459 0x1124  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:39:57.0490 0x1124  WIMMount - ok
21:39:57.0527 0x1124  WinDefend - ok
21:39:57.0541 0x1124  WinHttpAutoProxySvc - ok
21:39:57.0603 0x1124  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:39:57.0722 0x1124  Winmgmt - ok
21:39:57.0872 0x1124  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:39:58.0090 0x1124  WinRM - detected UnsignedFile.Multi.Generic ( 1 )
21:39:58.0090 0x1124  Object is SCO, delete is not allowed
21:39:58.0090 0x1124  WinRM ( UnsignedFile.Multi.Generic ) - warning
21:39:58.0157 0x1124  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:39:58.0220 0x1124  WinUsb - ok
21:39:58.0299 0x1124  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:39:58.0360 0x1124  Wlansvc - detected UnsignedFile.Multi.Generic ( 1 )
21:39:58.0360 0x1124  Object is SCO, delete is not allowed
21:39:58.0360 0x1124  Wlansvc ( UnsignedFile.Multi.Generic ) - warning
21:39:58.0397 0x1124  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:39:58.0432 0x1124  WmiAcpi - ok
21:39:58.0468 0x1124  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:39:58.0508 0x1124  wmiApSrv - ok
21:39:58.0540 0x1124  WMPNetworkSvc - ok
21:39:58.0581 0x1124  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:39:58.0651 0x1124  WPCSvc - ok
21:39:58.0689 0x1124  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:39:58.0742 0x1124  WPDBusEnum - ok
21:39:58.0778 0x1124  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:39:58.0882 0x1124  ws2ifsl - ok
21:39:58.0916 0x1124  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:39:58.0961 0x1124  wscsvc - ok
21:39:58.0967 0x1124  WSearch - ok
21:39:59.0129 0x1124  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:39:59.0293 0x1124  wuauserv - detected UnsignedFile.Multi.Generic ( 1 )
21:39:59.0293 0x1124  Object is SCO, delete is not allowed
21:39:59.0293 0x1124  wuauserv ( UnsignedFile.Multi.Generic ) - warning
21:39:59.0328 0x1124  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:39:59.0383 0x1124  WudfPf - ok
21:39:59.0427 0x1124  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:59.0496 0x1124  WUDFRd - ok
21:39:59.0532 0x1124  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:39:59.0590 0x1124  wudfsvc - ok
21:39:59.0638 0x1124  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:39:59.0711 0x1124  WwanSvc - ok
21:39:59.0870 0x1124  [ 380B1AE3C8E99FC2280967180FE4C513, 177507B966532B129760F2E1CCB6CFE04FFA5AA233D434168489EFBC65A7900A ] {41E8078B-96D9-42DC-8789-A1CF102CD880} C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl
21:39:59.0897 0x1124  {41E8078B-96D9-42DC-8789-A1CF102CD880} - ok
21:39:59.0911 0x1124  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
21:39:59.0914 0x1124  ================ Scan global ===============================
21:39:59.0940 0x1124  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:39:59.0976 0x1124  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
21:40:00.0046 0x1124  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
21:40:00.0086 0x1124  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:40:00.0130 0x1124  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:40:00.0159 0x1124  [ Global ] - ok
21:40:00.0160 0x1124  ================ Scan MBR ==================================
21:40:00.0179 0x1124  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:40:00.0627 0x1124  \Device\Harddisk0\DR0 - ok
21:40:00.0628 0x1124  ================ Scan VBR ==================================
21:40:00.0631 0x1124  [ 2EC3F90DE56A9464CAC5BBF68EC62165 ] \Device\Harddisk0\DR0\Partition1
21:40:00.0635 0x1124  \Device\Harddisk0\DR0\Partition1 - ok
21:40:00.0640 0x1124  [ 8A81BDD2C6402100E2AB4D42A2708107 ] \Device\Harddisk0\DR0\Partition2
21:40:00.0644 0x1124  \Device\Harddisk0\DR0\Partition2 - ok
21:40:00.0645 0x1124  ================ Scan generic autorun ======================
21:40:00.0726 0x1124  [ 68161603C58407CBE4099D9CD739E0D1, CAA67722A810DC9165950399A0C15D2D7B3472AC0AA0EB5D0904ECC4D5BD7B8E ] C:\Program Files\Elantech\ETDCtrl.exe
21:40:00.0773 0x1124  ETDWare - detected UnsignedFile.Multi.Generic ( 1 )
21:40:00.0773 0x1124  ETDWare ( UnsignedFile.Multi.Generic ) - warning
21:40:00.0914 0x1124  [ 9DEA654E4D9820958D6B4D1EBAF2F31E, 526599AE6A3949AC43EAFA3A5F881A50BBC6549F3F3A0F00E2309E210ABFF40C ] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
21:40:01.0016 0x1124  ASUS WebStorage - detected UnsignedFile.Multi.Generic ( 1 )
21:40:01.0016 0x1124  ASUS WebStorage ( UnsignedFile.Multi.Generic ) - warning
21:40:01.0090 0x1124  [ 06C2C34EA4C666835C6AB492976C0BA1, E47662ED93191B425709F2221BB3C776D06506C120DC94562896A5463188F2E8 ] C:\Program Files\IDT\WDM\sttray64.exe
21:40:01.0169 0x1124  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
21:40:01.0169 0x1124  SysTrayApp ( UnsignedFile.Multi.Generic ) - warning
21:40:01.0214 0x1124  [ DFAC78508DEFE8841DA4CDD1FA472C1A, A9055BD9C27E53F89E847C66FF73E090419CFDBFB51CA59645800E426476097E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
21:40:01.0381 0x1124  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
21:40:01.0381 0x1124  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - warning
21:40:01.0403 0x1124  Setwallpaper - ok
21:40:01.0531 0x1124  [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] C:\Program Files\Microsoft Security Client\msseces.exe
21:40:01.0615 0x1124  MSC - detected UnsignedFile.Multi.Generic ( 1 )
21:40:01.0616 0x1124  MSC ( UnsignedFile.Multi.Generic ) - warning
21:40:02.0128 0x1124  [ 7F7D637F5902732E327912233CAA3AE7, 381CC77505423D7267A7796DC852D7D35F206756082E719E9427666B3A2A0E7D ] c:\program files\emsisoft anti-malware\a2guard.exe
21:40:02.0661 0x1124  emsisoft anti-malware - detected UnsignedFile.Multi.Generic ( 1 )
21:40:02.0661 0x1124  emsisoft anti-malware ( UnsignedFile.Multi.Generic ) - warning
21:40:02.0774 0x1124  [ A152156F4793837A8FDB706C10D2640E, 86C4E02B99316E43CE4D791BDFC8D79591D56CD275736CC3735F1280F4F477D2 ] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
21:40:03.0037 0x1124  Boingo Wi-Fi - detected UnsignedFile.Multi.Generic ( 1 )
21:40:03.0037 0x1124  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - warning
21:40:03.0103 0x1124  [ E96857D927626076104CFC5A9D237F91, B5B50B144E24DE29E03FB913B3A5A7553448FEB75607798EFE4A4B8B272FA31F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
21:40:03.0293 0x1124  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
21:40:03.0293 0x1124  StartCCC ( UnsignedFile.Multi.Generic ) - warning
21:40:03.0690 0x1124  [ 6529C89512CE4498919BDC512572F82C, DFF9BB4BFAFE8BA2E1F13B668C6E010FD18591B0CECF65574EA5E14143C79A83 ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
21:40:04.0080 0x1124  ATKOSD2 - detected UnsignedFile.Multi.Generic ( 1 )
21:40:04.0080 0x1124  ATKOSD2 ( UnsignedFile.Multi.Generic ) - warning
21:40:04.0112 0x1124  [ 5666955DC9FD455A003D86A21E0483A9, 359E2B5857269EDCE395D6171642EAC8B23170AA5266932B2BAE1E5955E8FE77 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
21:40:04.0141 0x1124  ATKMEDIA - ok
21:40:04.0168 0x1124  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
21:40:04.0191 0x1124  HControlUser - ok
21:40:04.0269 0x1124  [ 21293443961A4E2597453EE7A9347F22, FDA88181C975C251E56D5A38E5473F45B9CB4E1258A6E93320D34D656AB1E6ED ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
21:40:04.0293 0x1124  HP Software Update - ok
21:40:04.0415 0x1124  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:40:04.0476 0x1124  Adobe ARM - detected UnsignedFile.Multi.Generic ( 1 )
21:40:04.0476 0x1124  Adobe ARM ( UnsignedFile.Multi.Generic ) - warning
21:40:04.0530 0x1124  [ 826DDBBCA98F2E6CD1DFE33CEF33994C, A57B96DFAEC0E86EA4D2B95AE4F21434955D39802B1464D34BE95F25808471C8 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
21:40:04.0551 0x1124  Adobe Reader Speed Launcher - ok
21:40:04.0605 0x1124  [ 17A2294ED8BA499132BC7B067D43BC66, 4C79D2D63F43C0EDC1FC122676E0019BDF5E55DE7A1674462ABC664AB30D917A ] C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
21:40:04.0643 0x1124  PowerDVD16Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:40:04.0644 0x1124  PowerDVD16Agent ( UnsignedFile.Multi.Generic ) - warning
21:40:04.0766 0x1124  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:40:04.0980 0x1124  Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
21:40:04.0981 0x1124  Object is SCO, delete is not allowed
21:40:04.0981 0x1124  Sidebar ( UnsignedFile.Multi.Generic ) - warning
21:40:05.0034 0x1124  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:40:05.0102 0x1124  mctadmin - ok
21:40:05.0184 0x1124  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:40:05.0234 0x1124  Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
21:40:05.0234 0x1124  Object is SCO, delete is not allowed
21:40:05.0234 0x1124  Sidebar ( UnsignedFile.Multi.Generic ) - warning
21:40:05.0244 0x1124  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:40:05.0287 0x1124  mctadmin - ok
21:40:05.0455 0x1124  [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
21:40:05.0504 0x1124  Google Update - detected UnsignedFile.Multi.Generic ( 1 )
21:40:05.0504 0x1124  Google Update ( UnsignedFile.Multi.Generic ) - warning
21:40:05.0568 0x1124  [ AC43952EA7D028BD35099391DB2FF599, 1D688F98C3158D91F873421663B7BD60DA3A35DCF793792B9D398D5DFC9050F0 ] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
21:40:05.0725 0x1124  Syncables - detected UnsignedFile.Multi.Generic ( 1 )
21:40:05.0725 0x1124  Syncables ( UnsignedFile.Multi.Generic ) - warning
21:40:05.0865 0x1124  [ CD788725375AB8B06A3D17842E200864, 1D57A3BB84128E1F5EF91813647E1B397990022EDF84FE9EB0865048999CA16E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
21:40:05.0950 0x1124  GarminExpressTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
21:40:05.0950 0x1124  GarminExpressTrayApp ( UnsignedFile.Multi.Generic ) - warning
21:40:05.0951 0x1124  ============================================================
21:40:05.0951 0x1124  Scan finished
21:40:05.0951 0x1124  ============================================================
21:40:05.0968 0x056c  Detected object count: 102
21:40:05.0968 0x056c  Actual detected object count: 102
21:42:13.0110 0x056c  a2AntiMalware ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0110 0x056c  a2AntiMalware ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0112 0x056c  adp94xx ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0112 0x056c  adp94xx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0114 0x056c  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0114 0x056c  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0116 0x056c  athr ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0116 0x056c  athr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0118 0x056c  atikmdag ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0118 0x056c  atikmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0120 0x056c  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0120 0x056c  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0122 0x056c  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0122 0x056c  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0124 0x056c  b06bdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0124 0x056c  b06bdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0126 0x056c  BFE ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0126 0x056c  BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0128 0x056c  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0129 0x056c  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0130 0x056c  CNG ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0130 0x056c  CNG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0133 0x056c  cvhsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0133 0x056c  cvhsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0135 0x056c  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0135 0x056c  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0137 0x056c  DiagTrack ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0137 0x056c  DiagTrack ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0139 0x056c  DXGKrnl ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0139 0x056c  DXGKrnl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0141 0x056c  ebdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0141 0x056c  ebdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0143 0x056c  ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0143 0x056c  ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0145 0x056c  elxstor ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0146 0x056c  elxstor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0147 0x056c  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0147 0x056c  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0150 0x056c  Fax ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0150 0x056c  Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0152 0x056c  FontCache ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0152 0x056c  FontCache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0154 0x056c  fsssvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0154 0x056c  fsssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0156 0x056c  gpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0156 0x056c  gpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0158 0x056c  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0158 0x056c  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0160 0x056c  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0160 0x056c  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0162 0x056c  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0162 0x056c  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0164 0x056c  HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0164 0x056c  HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0166 0x056c  iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0166 0x056c  iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0168 0x056c  iaStorV ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0168 0x056c  iaStorV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0170 0x056c  idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0170 0x056c  idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0172 0x056c  IKEEXT ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0172 0x056c  IKEEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0174 0x056c  iphlpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0174 0x056c  iphlpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0176 0x056c  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0177 0x056c  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0178 0x056c  MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0179 0x056c  MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0180 0x056c  MsRPC ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0180 0x056c  MsRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0183 0x056c  napagent ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0183 0x056c  napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0185 0x056c  NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0185 0x056c  NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0187 0x056c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0187 0x056c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0189 0x056c  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0189 0x056c  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0191 0x056c  netprofm ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0191 0x056c  netprofm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0193 0x056c  NisSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0193 0x056c  NisSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0195 0x056c  Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0195 0x056c  Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0197 0x056c  osppsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0197 0x056c  osppsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0200 0x056c  p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0200 0x056c  p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0203 0x056c  PEAUTH ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0203 0x056c  PEAUTH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0205 0x056c  pla ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0205 0x056c  pla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0207 0x056c  PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0208 0x056c  PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0210 0x056c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0210 0x056c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0212 0x056c  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0212 0x056c  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0216 0x056c  ql2300 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0216 0x056c  ql2300 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0217 0x056c  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0217 0x056c  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0219 0x056c  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0219 0x056c  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0221 0x056c  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0221 0x056c  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0223 0x056c  Sftfs ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0223 0x056c  Sftfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0225 0x056c  sftlist ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0225 0x056c  sftlist ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0227 0x056c  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0227 0x056c  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0229 0x056c  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0229 0x056c  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0231 0x056c  SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0231 0x056c  SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0233 0x056c  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0234 0x056c  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0236 0x056c  sppsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0236 0x056c  sppsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0238 0x056c  srv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0238 0x056c  srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0240 0x056c  srv2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0240 0x056c  srv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0242 0x056c  STHDA ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0242 0x056c  STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0244 0x056c  stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0244 0x056c  stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0246 0x056c  swprv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0246 0x056c  swprv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0248 0x056c  SysMain ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0248 0x056c  SysMain ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0250 0x056c  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0250 0x056c  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0252 0x056c  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0252 0x056c  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0254 0x056c  TCPIP6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0254 0x056c  TCPIP6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0256 0x056c  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0256 0x056c  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0258 0x056c  udfs ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0258 0x056c  udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0260 0x056c  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0260 0x056c  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0262 0x056c  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0262 0x056c  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0264 0x056c  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0265 0x056c  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0267 0x056c  vds ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0267 0x056c  vds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0269 0x056c  volmgrx ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0269 0x056c  volmgrx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0271 0x056c  volsnap ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0271 0x056c  volsnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0273 0x056c  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0273 0x056c  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0275 0x056c  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0275 0x056c  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0277 0x056c  wbengine ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0277 0x056c  wbengine ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0279 0x056c  wcncsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0279 0x056c  wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0281 0x056c  Wdf01000 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0281 0x056c  Wdf01000 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0283 0x056c  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0283 0x056c  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0285 0x056c  WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0285 0x056c  WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0287 0x056c  Wlansvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0287 0x056c  Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0289 0x056c  wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0289 0x056c  wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0291 0x056c  ETDWare ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0291 0x056c  ETDWare ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0293 0x056c  ASUS WebStorage ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0293 0x056c  ASUS WebStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0295 0x056c  SysTrayApp ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0295 0x056c  SysTrayApp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0297 0x056c  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0297 0x056c  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0300 0x056c  MSC ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0300 0x056c  MSC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0302 0x056c  emsisoft anti-malware ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0302 0x056c  emsisoft anti-malware ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0304 0x056c  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0304 0x056c  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0306 0x056c  StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0306 0x056c  StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0308 0x056c  ATKOSD2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0308 0x056c  ATKOSD2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0310 0x056c  Adobe ARM ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0310 0x056c  Adobe ARM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0312 0x056c  PowerDVD16Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0312 0x056c  PowerDVD16Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0314 0x056c  Sidebar ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0314 0x056c  Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0317 0x056c  Sidebar ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0317 0x056c  Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0319 0x056c  Google Update ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0319 0x056c  Google Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0321 0x056c  Syncables ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0321 0x056c  Syncables ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:42:13.0323 0x056c  GarminExpressTrayApp ( UnsignedFile.Multi.Generic ) - skipped by user
21:42:13.0323 0x056c  GarminExpressTrayApp ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ganz schön was los...

Vielen Dank und einen schönen Sonntag!

LG, Anni[/CODE]

M-K-D-B · 12.03.2017, 11:46

Servus,

Zitat:

Gestartet von D:\Downloads

Alles bitte vom Desktop (C:\users\mautzi\Desktop\ ) starten.

Anni265 · 12.03.2017, 23:02

Hallo

Tut mir leid, aber LW C war rammelvoll, die Programme hatte es auf LW D gespeichert, hatte ich nicht bedacht. Leider geht eben mit 0 Byte nichts zu deinstallieren, außerdem sind da nur betriebsinterne Programme, da kann ich nichts wegmachen.
Hab jetzt einen Ordner verschoben, damit überhaupt was geht (hoffe ich).

Hier FRST/Addition:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
durchgeführt von mautzi (Administrator) auf MAUZIMOBIL (12-03-2017 22:47:42)
Gestartet von C:\Users\mautzi\Desktop
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(ASUS) C:\Windows\AsScrPro.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8266912 2017-02-28] (Emsisoft Ltd)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-06] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD16Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe"
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Google Update] => C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{40004EB2-6A31-4ABA-96F0-E5D279529049}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 - (Kein Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-18] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @Google.com/GoogleEarthPlugin -> C:\Users\mautzi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT","hxxp://www.web.de/"
CHR DefaultSearchURL: Default -> hxxp://www.startfenster.de/suche/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Startfenster
CHR DefaultSuggestURL: Default -> hxxp://www.startfenster.de/api/?q={searchTerms}&language={lang}
CHR Profile: C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Google Präsentationen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Tabellen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Google Mail) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [djhangopedggnlnicpbjklghlckmndge] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9655648 2017-02-28] (Emsisoft Ltd)
R2 CyberLink PowerDVD 16 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe [127768 2016-12-29] (CyberLink)
R2 CyberLink PowerDVD 16 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe [375064 2016-12-29] (CyberLink)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U2 TMAgent; kein ImagePath
U3 tmlwf; kein ImagePath
U3 tmwfp; kein ImagePath
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-12 22:47 - 2017-03-12 22:49 - 00021512 _____ C:\Users\mautzi\Desktop\FRST.txt
2017-03-12 22:47 - 2017-03-12 22:47 - 02424832 _____ (Farbar) C:\Users\mautzi\Desktop\FRST64.exe
2017-03-12 22:46 - 2017-03-11 21:56 - 00271396 _____ C:\Users\mautzi\Desktop\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-12 22:46 - 2017-03-11 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mautzi\Desktop\tdsskiller.exe
2017-03-12 22:46 - 2017-02-17 01:50 - 00000360 _____ C:\Users\mautzi\Desktop\Eierlikör.txt
2017-03-12 22:46 - 2017-02-08 18:52 - 00000272 _____ C:\Users\mautzi\Desktop\Gutscheine.txt
2017-03-12 22:46 - 2017-01-29 19:57 - 00000706 _____ C:\Users\mautzi\Desktop\Mami Videos - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-29 19:38 - 00000904 _____ C:\Users\mautzi\Desktop\Mami Bilder - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-11 01:34 - 00000231 _____ C:\Users\mautzi\Desktop\Text.txt
2017-03-12 22:07 - 2017-03-12 22:07 - 00003110 _____ C:\Windows\System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282}
2017-03-11 21:37 - 2017-03-11 21:57 - 00271484 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-11 20:45 - 2017-03-12 22:47 - 00000000 ____D C:\FRST
2017-02-25 12:24 - 2017-02-25 12:24 - 00610300 _____ C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2017-02-21 23:33 - 2017-02-22 00:01 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 23:31 - 2017-02-21 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-02-21 23:30 - 2017-03-12 22:31 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-12 22:50 - 2017-02-12 22:50 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\dvdcss
2017-02-12 19:13 - 2017-02-12 23:04 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\vlc
2017-02-12 19:09 - 2017-02-13 03:09 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-12 18:55 - 2017-02-12 18:55 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\Mozilla
2017-02-12 03:01 - 2017-02-12 03:01 - 00000000 ___HD C:\ProgramData\CanonBJ

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-12 22:46 - 2010-12-04 17:11 - 00000000 ____D C:\Users\mautzi
2017-03-12 22:30 - 2010-10-06 11:18 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-03-12 22:26 - 2016-11-03 21:25 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-03-12 22:00 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 22:00 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-12 21:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 21:57 - 2009-08-04 10:51 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-03-11 21:57 - 2009-08-04 10:51 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-03-11 21:57 - 2009-07-14 06:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 21:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-05 01:55 - 2016-08-23 11:24 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-02-27 22:36 - 2014-08-30 16:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 22:35 - 2014-08-30 16:21 - 00000000 ____D C:\ProgramData\Lexware
2017-02-27 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-02-27 22:28 - 2011-06-09 21:34 - 00000000 ____D C:\ProgramData\Skype
2017-02-25 12:24 - 2010-12-05 13:11 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\SoftGrid Client
2017-02-24 03:12 - 2017-02-02 19:24 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:06 - 2017-02-02 19:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 18:28 - 2010-10-06 11:54 - 00002136 _____ C:\Windows\system32\AutoRunFilter.ini
2017-02-22 18:28 - 2010-10-06 11:54 - 00001379 _____ C:\Windows\system32\ServiceFilter.ini
2017-02-12 03:09 - 2010-10-06 11:20 - 00000000 ____D C:\ProgramData\CyberLink
2017-02-12 03:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2017-02-12 02:39 - 2010-12-05 13:04 - 00000000 ____D C:\Users\mautzi\AppData\Local\Cyberlink

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-25 12:24 - 2017-02-25 12:24 - 0610300 _____ () C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2011-06-09 21:42 - 2011-06-09 21:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-06 11:32 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-05-18 20:17 - 2011-05-18 21:11 - 0000316 _____ () C:\ProgramData\hpzinstall.log
2010-10-06 11:21 - 2010-10-06 11:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-06 11:21 - 2010-10-06 11:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-24 22:29

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-03-2017
durchgeführt von mautzi (12-03-2017 22:49:40)
Gestartet von C:\Users\mautzi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-04 16:11:39)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1083607986-3899408646-1555014007-500 - Administrator - Disabled)
Gast (S-1-5-21-1083607986-3899408646-1555014007-501 - Limited - Disabled)
mautzi (S-1-5-21-1083607986-3899408646-1555014007-1001 - Administrator - Enabled) => C:\Users\mautzi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Microsoft Security Essentials (Enabled - Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.2406.60 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{7f65fe7f-fcc6-4c75-b83f-837e06afbc8c}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0890A5E5-FF51-4E0F-A4AB-4AC789175AE5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {149F6808-81A7-4FAD-8E4C-697585B4D5E9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {19B8A92E-63F6-4649-AD50-E9FCE74F754C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {1E78448C-5C6B-4B94-A1E9-0C878CC56D7E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {41894D1D-7E42-4529-B509-699169071502} - System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Task: {4B484F51-D0ED-4A2D-921A-9F953D737FDF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {5F1AD647-B94B-40E2-B123-3B1ED8A42A56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {77CC1654-DA51-470E-8EA6-23CAE7CFCB1B} - System32\Tasks\{85162ADB-7A1F-490F-BB28-8ECF2D916E18} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {79CD7CE1-961B-4559-9EAF-11B36E8580D9} - System32\Tasks\{7AEDB841-4FF3-4784-9667-A1BD370BC810} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {7CCC8D5D-3031-437B-AB61-3A7E63EA8D29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001UA => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {826E3F80-3E78-4C01-A3E1-3064A42A7776} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {85488013-D699-4560-A6D7-B03405D03D17} - System32\Tasks\{3D785787-5091-4ECE-B06F-68A3A42404A4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe"
Task: {B102A43B-6D7E-4FB2-B413-4A9153B8FA34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001Core => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C2C6D31E-3173-4441-99B5-9C9411515DDD} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {D395BC04-8D8D-47A6-A61E-E9E4D29405C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3CCE98F-F26B-4F16-A9A7-4155D106905E} - System32\Tasks\{1C81B350-A6E0-4509-B9BF-3CDAB0DD8F5D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe 
Task: {F2D19DFC-311F-4D9A-9256-7F4931474470} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe 
Task: {FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} - System32\Tasks\{EC608DBC-556D-47F4-982C-C3562E422181} => pcalua.exe -a E:\Install_CD.exe -d E:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-10-06 11:54 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-06 11:43 - 2010-10-06 11:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-01-25 20:01 - 2015-07-30 09:00 - 00541683 _____ () C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\sqlite3.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mautzi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{992B8816-A37A-48F2-AFC9-31386E7006A7}] => (Allow) LPort=5353
FirewallRules: [{06FA7406-8771-4464-BD0C-541CDDB35E30}] => (Allow) LPort=8182
FirewallRules: [{E972B106-8F08-443D-A679-9EFECFB46805}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5BFB44CC-2EF2-49D9-90B1-EEEEEE400507}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{99710056-08D1-4249-9D0A-1468B7DD13B5}] => (Allow) svchost.exe
FirewallRules: [{4E665AFC-E9E3-4F66-9FE7-914484CD9F5E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{DDB51E26-2AB4-4FF6-BEF7-87CA9371FF6A}C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe] => (Allow) C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{6A77191E-7B80-4A46-9840-074760F86FB6}C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe] => (Allow) C:\users\mautzi\appdata\local\google\google earth\client\googleearth.exe
FirewallRules: [{2D0623DB-54CB-4607-833C-9EE6FC7286F6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{871C7514-3D34-443E-8100-05AD19C4F0A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B7BBB13C-67FC-4FCF-8C5B-EAD974CF3CD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{986FF5DD-D87F-4BD8-BDDE-3E848328EBBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{35D1E778-F87F-4A55-A65F-103B44604261}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DF6EDDE2-B78B-4DE8-98FA-0F2E60014721}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6E8C5C22-914E-4FB9-BFB9-12A564AB3A97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B46A7E6-A787-4944-891D-89805D956F2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{312B8F1D-6103-4C99-BE88-C7D3CDDD717F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{48845745-DF22-492E-A1B4-A5BC58434ECA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CE9FB180-C9DF-4467-98D3-5EAEEF414734}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{45FCECB5-AC2A-485B-951A-0F4303AB3CF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F3589D56-82A6-4D39-8E82-42E82844D215}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{F5E0D7BA-C1CA-44D5-B70E-CAF20615A7D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F54899CF-A704-4333-9DBE-DB2595D0624F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B3D6198B-BAE4-49FF-B8DD-A973F901AC1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B8097AB3-6742-44EA-983B-E7308C65FDE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FD0A6ECB-DA4D-4789-8428-B3670B9B707F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F7B83F4D-30E8-447D-80FC-C3F4F1EDE0C2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{7EF8BCC2-C8B9-4A01-A702-20010754E320}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AF7B407B-331C-4893-A991-1E64E86EF838}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2D4DB1BC-4F0B-43E9-BA26-D5BB40FF0E3A}C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe] => (Block) C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe
FirewallRules: [UDP Query User{82B95E07-B0D6-42A2-AEC1-0206CD2D91A1}C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe] => (Block) C:\program files (x86)\arcsoft\totalmedia extreme 2\digital theatre\udigital theatre.exe
FirewallRules: [{A8F893CB-C70B-42C7-87DB-1793AA70461A}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{522FB048-AEDC-4BA6-ABD8-2FE8A36094FD}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{EC53C0E4-1C75-4A5F-A0C0-7E6100168D50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{84C6423F-CDC5-4445-B484-9F7CC737BE03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6C35C163-AC40-4A46-9D9B-6E1D664F5978}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{8AECFBE2-53FF-4206-8F21-66FC08D13606}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{A1ABF86E-6881-4235-A85D-B7B4785C62D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{591F21B8-82F3-4495-892F-8467842D4076}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{DD32AC81-3D43-4845-9CCA-6A431A1605D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{C59A4C2E-4AF8-49DA-8945-A30787C71F59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Power Control [2010/10/06 03:20:40]
Description: Power Control [2010/10/06 03:20:40]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/12/2017 10:17:29 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (376) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/12/2017 10:14:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053; Fehler = 0x80070070).

Error: (03/11/2017 10:17:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070070).

Error: (03/11/2017 08:56:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (560) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 524288 (0x0000000000080000) für 393216 (0x00060000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 11:55:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:30:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (03/06/2017 09:26:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: MAUZIMOBIL)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: MAUZIMOBIL)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (03/06/2017 09:18:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: MAUZIMOBIL)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


Systemfehler:
=============
Error: (03/12/2017 10:17:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 116.72.0.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: Network Inspection System

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 2.1.12706.0

	Fehlercode: 0x80070070

	Fehlerbeschreibung: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (03/12/2017 10:17:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13504.0&avdelta=1.237.691.0&asdelta=1.237.691.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: AntiSpyware

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0x80070070

	Fehlerbeschreibung: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (03/12/2017 10:17:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13504.0&avdelta=1.237.691.0&asdelta=1.237.691.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0x80070070

	Fehlerbeschreibung: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (03/12/2017 10:17:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Suchen

	Quellpfad: Default URL

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0xc8000710

	Fehlerbeschreibung: Das verwendete Konto ist ein Arbeitsstationskonto. Verwenden Sie Ihr normales Benutzerkonto oder lokales Benutzerkonto, um auf diesen Server zuzugreifen.

Error: (03/12/2017 10:05:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 116.72.0.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Suchen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: Network Inspection System

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 2.1.12706.0

	Fehlercode: 0x80072ee2

	Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht.

Error: (03/12/2017 10:05:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13504.0&avdelta=1.237.691.0&asdelta=1.237.691.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: AntiSpyware

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0x80070070

	Fehlerbeschreibung: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (03/12/2017 10:05:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Malware Protection Center

	Aktualisierungsphase: Herunterladen

	Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13504.0&avdelta=1.237.691.0&asdelta=1.237.691.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0x80070070

	Fehlerbeschreibung: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (03/12/2017 10:05:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.237.691.0

	Aktualisierungsquelle: Microsoft Update Server

	Aktualisierungsphase: Suchen

	Quellpfad: Default URL

	Signaturtyp: AntiVirus

	Aktualisierungstyp: Vollständig

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: 

	Vorherige Modulversion: 1.1.13504.0

	Fehlercode: 0xc8000710

	Fehlerbeschreibung: Das verwendete Konto ist ein Arbeitsstationskonto. Verwenden Sie Ihr normales Benutzerkonto oder lokales Benutzerkonto, um auf diesen Server zuzugreifen.

Error: (03/12/2017 09:54:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Sicherheitscenter" wurde nicht richtig gestartet.

Error: (03/12/2017 09:54:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 53%
Installierter physikalischer RAM: 3948.54 MB
Verfügbarer physikalischer RAM: 1837.82 MB
Summe virtueller Speicher: 7895.27 MB
Verfügbarer virtueller Speicher: 5300.73 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:0.32 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:287.62 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

Anni265 · 12.03.2017, 23:24

2. TDSS:

Code:

ATTFilter

23:04:49.0449 0x10a4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
23:13:16.0694 0x10a4  ============================================================
23:13:16.0694 0x10a4  Current date / time: 2017/03/12 23:13:16.0694
23:13:16.0694 0x10a4  SystemInfo:
23:13:16.0694 0x10a4  
23:13:16.0694 0x10a4  OS Version: 6.1.7601 ServicePack: 1.0
23:13:16.0694 0x10a4  Product type: Workstation
23:13:16.0694 0x10a4  ComputerName: MAUZIMOBIL
23:13:16.0695 0x10a4  UserName: mautzi
23:13:16.0695 0x10a4  Windows directory: C:\Windows
23:13:16.0695 0x10a4  System windows directory: C:\Windows
23:13:16.0695 0x10a4  Running under WOW64
23:13:16.0695 0x10a4  Processor architecture: Intel x64
23:13:16.0695 0x10a4  Number of processors: 4
23:13:16.0695 0x10a4  Page size: 0x1000
23:13:16.0695 0x10a4  Boot type: Normal boot
23:13:16.0695 0x10a4  CodeIntegrityOptions = 0x00000001
23:13:16.0695 0x10a4  ============================================================
23:13:18.0366 0x10a4  KLMD registered as C:\Windows\system32\drivers\46020102.sys
23:13:18.0368 0x10a4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23572, osProperties = 0x1
23:13:20.0553 0x10a4  System UUID: {A8CF256A-CF71-E698-AA3F-8A827E6D82F4}
23:13:21.0979 0x10a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:13:21.0987 0x10a4  ============================================================
23:13:21.0987 0x10a4  \Device\Harddisk0\DR0:
23:13:21.0987 0x10a4  MBR partitions:
23:13:21.0987 0x10a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
23:13:22.0008 0x10a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393000
23:13:22.0008 0x10a4  ============================================================
23:13:22.0095 0x10a4  C: <-> \Device\Harddisk0\DR0\Partition1
23:13:22.0127 0x10a4  D: <-> \Device\Harddisk0\DR0\Partition2
23:13:22.0127 0x10a4  ============================================================
23:13:22.0129 0x10a4  Initialize success
23:13:22.0129 0x10a4  ============================================================
23:16:08.0759 0x17d4  ============================================================
23:16:08.0759 0x17d4  Scan started
23:16:08.0759 0x17d4  Mode: Manual; SigCheck; TDLFS; 
23:16:08.0759 0x17d4  ============================================================
23:16:08.0759 0x17d4  KSN ping started
23:16:09.0183 0x17d4  KSN ping finished: true
23:16:10.0506 0x17d4  ================ Scan system memory ========================
23:16:10.0506 0x17d4  System memory - ok
23:16:10.0507 0x17d4  ================ Scan services =============================
23:16:10.0709 0x17d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:16:10.0862 0x17d4  1394ohci - ok
23:16:11.0503 0x17d4  [ BDC8A704B42081D169F923F498EE3871, 55122B4B6EC94E651F4700C1042DDA584BA53E2166532F6F6381D6565AAACC3D ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
23:16:12.0140 0x17d4  a2AntiMalware - ok
23:16:12.0236 0x17d4  ACDaemon - ok
23:16:12.0300 0x17d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:16:12.0348 0x17d4  ACPI - ok
23:16:12.0388 0x17d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:16:12.0422 0x17d4  AcpiPmi - ok
23:16:12.0487 0x17d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:16:12.0536 0x17d4  adp94xx - ok
23:16:12.0574 0x17d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:16:12.0614 0x17d4  adpahci - ok
23:16:12.0630 0x17d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:16:12.0662 0x17d4  adpu320 - ok
23:16:12.0729 0x17d4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:16:12.0756 0x17d4  AeLookupSvc - ok
23:16:12.0821 0x17d4  [ 2D00D3DADC1D3326BA788EB071F2726E, 559048C0A15BBA83367D0F2969F48042FB1D11C9862A0BA4DF69FB15DECB8761 ] AFBAgent        C:\Windows\system32\FBAgent.exe
23:16:12.0857 0x17d4  AFBAgent - ok
23:16:12.0933 0x17d4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
23:16:12.0982 0x17d4  AFD - ok
23:16:13.0027 0x17d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:16:13.0053 0x17d4  agp440 - ok
23:16:13.0109 0x17d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:16:13.0141 0x17d4  ALG - ok
23:16:13.0183 0x17d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:16:13.0206 0x17d4  aliide - ok
23:16:13.0238 0x17d4  [ 46693222FCDB3175AAAED017EAA6FCC7, 901484FCD4C59BA2480EE6A26F5A9AA163DA2AA412B68FF7C97F4285F0DC593D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:16:13.0279 0x17d4  AMD External Events Utility - ok
23:16:13.0309 0x17d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:16:13.0333 0x17d4  amdide - ok
23:16:13.0381 0x17d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:16:13.0409 0x17d4  AmdK8 - ok
23:16:13.0432 0x17d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:16:13.0461 0x17d4  AmdPPM - ok
23:16:13.0515 0x17d4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:16:13.0546 0x17d4  amdsata - ok
23:16:13.0585 0x17d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:16:13.0618 0x17d4  amdsbs - ok
23:16:13.0632 0x17d4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:16:13.0657 0x17d4  amdxata - ok
23:16:13.0723 0x17d4  [ 9C7F164B49CADC658D1B3C575782F346, 7C5FD203735041B6AEB2E551A63CE5F46DB41044BC72E7E77A72F316197C80DA ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
23:16:13.0754 0x17d4  AmUStor - ok
23:16:13.0810 0x17d4  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\Windows\system32\drivers\appid.sys
23:16:13.0839 0x17d4  AppID - ok
23:16:13.0866 0x17d4  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:16:13.0893 0x17d4  AppIDSvc - ok
23:16:13.0916 0x17d4  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
23:16:13.0945 0x17d4  Appinfo - ok
23:16:13.0986 0x17d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:16:14.0013 0x17d4  arc - ok
23:16:14.0032 0x17d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:16:14.0058 0x17d4  arcsas - ok
23:16:14.0126 0x17d4  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:16:14.0146 0x17d4  ASLDRService - ok
23:16:14.0160 0x17d4  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:16:14.0177 0x17d4  ASMMAP64 - ok
23:16:14.0291 0x17d4  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:16:14.0322 0x17d4  aspnet_state - ok
23:16:14.0352 0x17d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:16:14.0428 0x17d4  AsyncMac - ok
23:16:14.0474 0x17d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:16:14.0499 0x17d4  atapi - ok
23:16:14.0666 0x17d4  [ A5E770426D18F8EF332A593F3289DA91, 87AC97758618765814B630CB1A189CD690DC6B0EAAE93D80EDE7771FB362C9AF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:16:14.0826 0x17d4  athr - ok
23:16:14.0894 0x17d4  [ EE672EACF3CBEDAB390E0655BF5A11AB, DFAFB55584CED9ECF499067D113F81BE51D492627FD36784C4BED06AE0BECC52 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:16:14.0959 0x17d4  AtiHDAudioService - ok
23:16:14.0994 0x17d4  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:16:15.0018 0x17d4  AtiHdmiService - ok
23:16:15.0361 0x17d4  [ 99C262242A279976206ECE1D3C74DF27, B0E35CF7F9C820C4D7300183CC4401ABEB1AA439959563E8513DDE00947ABA23 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:16:15.0694 0x17d4  atikmdag - ok
23:16:15.0774 0x17d4  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7, A552CAF830CD1D01C077EDDEC95832F5826631D2DFA8747E0E393E32ACED2A57 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:16:15.0796 0x17d4  ATKGFNEXSrv - ok
23:16:15.0863 0x17d4  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:16:15.0922 0x17d4  AudioEndpointBuilder - ok
23:16:15.0975 0x17d4  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:16:16.0034 0x17d4  AudioSrv - ok
23:16:16.0117 0x17d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:16:16.0160 0x17d4  AxInstSV - ok
23:16:16.0207 0x17d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:16:16.0257 0x17d4  b06bdrv - ok
23:16:16.0294 0x17d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:16:16.0333 0x17d4  b57nd60a - ok
23:16:16.0377 0x17d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:16:16.0407 0x17d4  BDESVC - ok
23:16:16.0428 0x17d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:16:16.0503 0x17d4  Beep - ok
23:16:16.0584 0x17d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:16:16.0645 0x17d4  BFE - ok
23:16:16.0719 0x17d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:16:16.0838 0x17d4  BITS - ok
23:16:16.0870 0x17d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:16:16.0898 0x17d4  blbdrive - ok
23:16:16.0929 0x17d4  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:16:16.0961 0x17d4  bowser - ok
23:16:17.0003 0x17d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:16:17.0035 0x17d4  BrFiltLo - ok
23:16:17.0041 0x17d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:16:17.0073 0x17d4  BrFiltUp - ok
23:16:17.0126 0x17d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:16:17.0159 0x17d4  Browser - ok
23:16:17.0179 0x17d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:16:17.0219 0x17d4  Brserid - ok
23:16:17.0228 0x17d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:16:17.0262 0x17d4  BrSerWdm - ok
23:16:17.0268 0x17d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:16:17.0301 0x17d4  BrUsbMdm - ok
23:16:17.0307 0x17d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:16:17.0333 0x17d4  BrUsbSer - ok
23:16:17.0348 0x17d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:16:17.0382 0x17d4  BTHMODEM - ok
23:16:17.0422 0x17d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:16:17.0504 0x17d4  bthserv - ok
23:16:17.0528 0x17d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:16:17.0611 0x17d4  cdfs - ok
23:16:17.0672 0x17d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:16:17.0705 0x17d4  cdrom - ok
23:16:17.0757 0x17d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:16:17.0838 0x17d4  CertPropSvc - ok
23:16:17.0867 0x17d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:16:17.0898 0x17d4  circlass - ok
23:16:17.0944 0x17d4  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
23:16:17.0998 0x17d4  CLFS - ok
23:16:18.0057 0x17d4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:16:18.0086 0x17d4  clr_optimization_v2.0.50727_32 - ok
23:16:18.0109 0x17d4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:16:18.0137 0x17d4  clr_optimization_v2.0.50727_64 - ok
23:16:18.0231 0x17d4  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:16:18.0263 0x17d4  clr_optimization_v4.0.30319_32 - ok
23:16:18.0304 0x17d4  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:16:18.0339 0x17d4  clr_optimization_v4.0.30319_64 - ok
23:16:18.0372 0x17d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:16:18.0402 0x17d4  CmBatt - ok
23:16:18.0439 0x17d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:16:18.0464 0x17d4  cmdide - ok
23:16:18.0503 0x17d4  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:16:18.0576 0x17d4  CNG - ok
23:16:18.0602 0x17d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:16:18.0626 0x17d4  Compbatt - ok
23:16:18.0680 0x17d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:16:18.0715 0x17d4  CompositeBus - ok
23:16:18.0727 0x17d4  COMSysApp - ok
23:16:18.0747 0x17d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:16:18.0772 0x17d4  crcdisk - ok
23:16:18.0812 0x17d4  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:16:18.0851 0x17d4  CryptSvc - ok
23:16:18.0985 0x17d4  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:16:19.0050 0x17d4  cvhsvc - ok
23:16:19.0193 0x17d4  [ 6EA664B77C4C3C72BA413E4442AD6644, 63213F5FBE516518675F218886B66DD2922D4F64E71D91A589285330B36A0239 ] CyberLink PowerDVD 16 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
23:16:19.0226 0x17d4  CyberLink PowerDVD 16 Media Server Monitor Service - ok
23:16:19.0318 0x17d4  [ 86F042A0024F7A9615CBE79EFAA65126, 2D44A167942CCE068AFB57B69CD05586294C45BCAC91586033CC59C98FE47F8B ] CyberLink PowerDVD 16 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
23:16:19.0373 0x17d4  CyberLink PowerDVD 16 Media Server Service - ok
23:16:19.0448 0x17d4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:16:19.0501 0x17d4  DcomLaunch - ok
23:16:19.0539 0x17d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:16:19.0640 0x17d4  defragsvc - ok
23:16:19.0687 0x17d4  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:16:19.0720 0x17d4  DfsC - ok
23:16:19.0783 0x17d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:16:19.0826 0x17d4  Dhcp - ok
23:16:19.0972 0x17d4  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:16:20.0092 0x17d4  DiagTrack - ok
23:16:20.0135 0x17d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:16:20.0212 0x17d4  discache - ok
23:16:20.0251 0x17d4  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
23:16:20.0280 0x17d4  Disk - ok
23:16:20.0334 0x17d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:16:20.0368 0x17d4  Dnscache - ok
23:16:20.0417 0x17d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:16:20.0515 0x17d4  dot3svc - ok
23:16:20.0569 0x17d4  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:16:20.0611 0x17d4  Dot4 - ok
23:16:20.0667 0x17d4  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
23:16:20.0701 0x17d4  Dot4Print - ok
23:16:20.0732 0x17d4  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:16:20.0766 0x17d4  dot4usb - ok
23:16:20.0817 0x17d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:16:20.0904 0x17d4  DPS - ok
23:16:20.0941 0x17d4  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:16:20.0967 0x17d4  drmkaud - ok
23:16:21.0042 0x17d4  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:16:21.0131 0x17d4  DXGKrnl - ok
23:16:21.0167 0x17d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:16:21.0248 0x17d4  EapHost - ok
23:16:21.0441 0x17d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:16:21.0672 0x17d4  ebdrv - ok
23:16:21.0708 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\Windows\System32\lsass.exe
23:16:21.0734 0x17d4  EFS - ok
23:16:21.0821 0x17d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:16:21.0898 0x17d4  ehRecvr - ok
23:16:21.0930 0x17d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:16:21.0965 0x17d4  ehSched - ok
23:16:22.0043 0x17d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:16:22.0108 0x17d4  elxstor - ok
23:16:22.0136 0x17d4  [ 0E840AA66CAB02CBA9730C772BBE305B, 8862583E653D13D1D10A1A4A33704E4F70576E80370943AAFD1EAED6657A0104 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
23:16:22.0174 0x17d4  epp - ok
23:16:22.0205 0x17d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:16:22.0232 0x17d4  ErrDev - ok
23:16:22.0267 0x17d4  [ 3C38648375B7F3988691F53A7AAE10A9, 2423EE67C8E9ACEA3526E5221177F5C63665820ED8A82F6DE0A9997389687C03 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
23:16:22.0295 0x17d4  ETD - ok
23:16:22.0352 0x17d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:16:22.0450 0x17d4  EventSystem - ok
23:16:22.0486 0x17d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:16:22.0575 0x17d4  exfat - ok
23:16:22.0601 0x17d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:16:22.0698 0x17d4  fastfat - ok
23:16:22.0760 0x17d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:16:22.0834 0x17d4  Fax - ok
23:16:22.0849 0x17d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:16:22.0877 0x17d4  fdc - ok
23:16:22.0902 0x17d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:16:22.0978 0x17d4  fdPHost - ok
23:16:22.0994 0x17d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:16:23.0073 0x17d4  FDResPub - ok
23:16:23.0103 0x17d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:16:23.0130 0x17d4  FileInfo - ok
23:16:23.0148 0x17d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:16:23.0229 0x17d4  Filetrace - ok
23:16:23.0281 0x17d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:16:23.0308 0x17d4  flpydisk - ok
23:16:23.0349 0x17d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:16:23.0386 0x17d4  FltMgr - ok
23:16:23.0486 0x17d4  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
23:16:23.0601 0x17d4  FontCache - ok
23:16:23.0659 0x17d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:16:23.0682 0x17d4  FontCache3.0.0.0 - ok
23:16:23.0714 0x17d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:16:23.0741 0x17d4  FsDepends - ok
23:16:23.0799 0x17d4  [ 5814011B2F6E088E29D689B5FCD49B8F, 15C09FB9A80FDDB65FB831944BEC1B81743E0B7E4469F35E9FD4142FBB673C0E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
23:16:23.0824 0x17d4  fssfltr - ok
23:16:23.0901 0x17d4  [ F6717211C1EC2CDDAA81B97B0727C2E9, C1FD5A389167A826C002E28339BFCF7DC8851652647016D0DCF8585EB0B8FB28 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:16:23.0959 0x17d4  fsssvc - ok
23:16:23.0996 0x17d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:16:24.0021 0x17d4  Fs_Rec - ok
23:16:24.0085 0x17d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:16:24.0137 0x17d4  fvevol - ok
23:16:24.0172 0x17d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:16:24.0200 0x17d4  gagp30kx - ok
23:16:24.0268 0x17d4  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
23:16:24.0335 0x17d4  gpsvc - ok
23:16:24.0415 0x17d4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:16:24.0441 0x17d4  gupdate - ok
23:16:24.0480 0x17d4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:16:24.0507 0x17d4  gupdatem - ok
23:16:24.0540 0x17d4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:16:24.0569 0x17d4  gusvc - ok
23:16:24.0617 0x17d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:16:24.0645 0x17d4  hcw85cir - ok
23:16:24.0709 0x17d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:16:24.0768 0x17d4  HdAudAddService - ok
23:16:24.0791 0x17d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:16:24.0829 0x17d4  HDAudBus - ok
23:16:24.0864 0x17d4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:16:24.0886 0x17d4  HECIx64 - ok
23:16:24.0906 0x17d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:16:24.0934 0x17d4  HidBatt - ok
23:16:24.0950 0x17d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:16:24.0989 0x17d4  HidBth - ok
23:16:25.0032 0x17d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:16:25.0066 0x17d4  HidIr - ok
23:16:25.0103 0x17d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:16:25.0183 0x17d4  hidserv - ok
23:16:25.0238 0x17d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:16:25.0265 0x17d4  HidUsb - ok
23:16:25.0299 0x17d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:16:25.0383 0x17d4  hkmsvc - ok
23:16:25.0452 0x17d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:16:25.0490 0x17d4  HomeGroupListener - ok
23:16:25.0511 0x17d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:16:25.0548 0x17d4  HomeGroupProvider - ok
23:16:25.0674 0x17d4  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:16:25.0706 0x17d4  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
23:16:25.0945 0x17d4  Detect skipped due to KSN trusted
23:16:25.0945 0x17d4  hpqcxs08 - ok
23:16:26.0156 0x17d4  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:16:26.0173 0x17d4  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
23:16:26.0406 0x17d4  Detect skipped due to KSN trusted
23:16:26.0406 0x17d4  hpqddsvc - ok
23:16:26.0446 0x17d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:16:26.0474 0x17d4  HpSAMD - ok
23:16:26.0572 0x17d4  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:16:26.0661 0x17d4  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
23:16:26.0880 0x17d4  Detect skipped due to KSN trusted
23:16:26.0880 0x17d4  HPSLPSVC - ok
23:16:26.0953 0x17d4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:16:27.0064 0x17d4  HTTP - ok
23:16:27.0100 0x17d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:16:27.0123 0x17d4  hwpolicy - ok
23:16:27.0181 0x17d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:16:27.0213 0x17d4  i8042prt - ok
23:16:27.0267 0x17d4  [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:16:27.0304 0x17d4  iaStor - ok
23:16:27.0353 0x17d4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:16:27.0413 0x17d4  iaStorV - ok
23:16:27.0496 0x17d4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:16:27.0585 0x17d4  idsvc - ok
23:16:27.0609 0x17d4  IEEtwCollectorService - ok
23:16:27.0639 0x17d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:16:27.0666 0x17d4  iirsp - ok
23:16:27.0745 0x17d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:16:27.0835 0x17d4  IKEEXT - ok
23:16:27.0866 0x17d4  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:16:27.0896 0x17d4  Impcd - ok
23:16:27.0928 0x17d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:16:27.0954 0x17d4  intelide - ok
23:16:27.0982 0x17d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:16:28.0012 0x17d4  intelppm - ok
23:16:28.0049 0x17d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:16:28.0132 0x17d4  IPBusEnum - ok
23:16:28.0170 0x17d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:16:28.0251 0x17d4  IpFilterDriver - ok
23:16:28.0333 0x17d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:16:28.0399 0x17d4  iphlpsvc - ok
23:16:28.0441 0x17d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:16:28.0472 0x17d4  IPMIDRV - ok
23:16:28.0497 0x17d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:16:28.0578 0x17d4  IPNAT - ok
23:16:28.0608 0x17d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:16:28.0647 0x17d4  IRENUM - ok
23:16:28.0661 0x17d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:16:28.0685 0x17d4  isapnp - ok
23:16:28.0720 0x17d4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:16:28.0756 0x17d4  iScsiPrt - ok
23:16:28.0795 0x17d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:16:28.0823 0x17d4  kbdclass - ok
23:16:28.0853 0x17d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:16:28.0881 0x17d4  kbdhid - ok
23:16:28.0914 0x17d4  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
23:16:28.0933 0x17d4  kbfiltr - ok
23:16:28.0948 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\Windows\system32\lsass.exe
23:16:28.0975 0x17d4  KeyIso - ok
23:16:29.0006 0x17d4  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:16:29.0035 0x17d4  KSecDD - ok
23:16:29.0058 0x17d4  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:16:29.0090 0x17d4  KSecPkg - ok
23:16:29.0127 0x17d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:16:29.0204 0x17d4  ksthunk - ok
23:16:29.0251 0x17d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:16:29.0345 0x17d4  KtmRm - ok
23:16:29.0823 0x17d4  [ 9C46A5421DE9D116C47155317CABB522, 276ECDAA08EADF2F2B572415637A58FC33097ED6A026580DAA1868AAC90064A7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:16:29.0850 0x17d4  L1C - ok
23:16:29.0900 0x17d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:16:29.0999 0x17d4  LanmanServer - ok
23:16:30.0036 0x17d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:16:30.0119 0x17d4  LanmanWorkstation - ok
23:16:30.0174 0x17d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:16:30.0257 0x17d4  lltdio - ok
23:16:30.0307 0x17d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:16:30.0401 0x17d4  lltdsvc - ok
23:16:30.0430 0x17d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:16:30.0511 0x17d4  lmhosts - ok
23:16:30.0566 0x17d4  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:16:30.0587 0x17d4  LMS - detected UnsignedFile.Multi.Generic ( 1 )
23:16:30.0811 0x17d4  Detect skipped due to KSN trusted
23:16:30.0811 0x17d4  LMS - ok
23:16:30.0862 0x17d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:16:30.0893 0x17d4  LSI_FC - ok
23:16:30.0932 0x17d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:16:30.0961 0x17d4  LSI_SAS - ok
23:16:30.0978 0x17d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:16:31.0005 0x17d4  LSI_SAS2 - ok
23:16:31.0029 0x17d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:16:31.0057 0x17d4  LSI_SCSI - ok
23:16:31.0075 0x17d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:16:31.0153 0x17d4  luafv - ok
23:16:31.0202 0x17d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:16:31.0231 0x17d4  Mcx2Svc - ok
23:16:31.0250 0x17d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:16:31.0276 0x17d4  megasas - ok
23:16:31.0294 0x17d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:16:31.0335 0x17d4  MegaSR - ok
23:16:31.0371 0x17d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:16:31.0453 0x17d4  MMCSS - ok
23:16:31.0482 0x17d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:16:31.0561 0x17d4  Modem - ok
23:16:31.0581 0x17d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:16:31.0616 0x17d4  monitor - ok
23:16:31.0655 0x17d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:16:31.0682 0x17d4  mouclass - ok
23:16:31.0710 0x17d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:16:31.0738 0x17d4  mouhid - ok
23:16:31.0773 0x17d4  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:16:31.0800 0x17d4  mountmgr - ok
23:16:31.0876 0x17d4  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:16:31.0935 0x17d4  MpFilter - ok
23:16:31.0976 0x17d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:16:32.0008 0x17d4  mpio - ok
23:16:32.0036 0x17d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:16:32.0135 0x17d4  mpsdrv - ok
23:16:32.0210 0x17d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:16:32.0351 0x17d4  MpsSvc - ok
23:16:32.0388 0x17d4  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:16:32.0423 0x17d4  MRxDAV - ok
23:16:32.0465 0x17d4  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:16:32.0503 0x17d4  mrxsmb - ok
23:16:32.0538 0x17d4  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:16:32.0589 0x17d4  mrxsmb10 - ok
23:16:32.0611 0x17d4  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:16:32.0646 0x17d4  mrxsmb20 - ok
23:16:32.0682 0x17d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:16:32.0707 0x17d4  msahci - ok
23:16:32.0729 0x17d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:16:32.0760 0x17d4  msdsm - ok
23:16:32.0813 0x17d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:16:32.0865 0x17d4  MSDTC - ok
23:16:32.0893 0x17d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:16:32.0983 0x17d4  Msfs - ok
23:16:33.0016 0x17d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:16:33.0088 0x17d4  mshidkmdf - ok
23:16:33.0128 0x17d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:16:33.0152 0x17d4  msisadrv - ok
23:16:33.0187 0x17d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:16:33.0264 0x17d4  MSiSCSI - ok
23:16:33.0269 0x17d4  msiserver - ok
23:16:33.0309 0x17d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:16:33.0380 0x17d4  MSKSSRV - ok
23:16:33.0483 0x17d4  [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:16:33.0517 0x17d4  MsMpSvc - ok
23:16:33.0530 0x17d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:16:33.0605 0x17d4  MSPCLOCK - ok
23:16:33.0632 0x17d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:16:33.0712 0x17d4  MSPQM - ok
23:16:33.0764 0x17d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:16:33.0823 0x17d4  MsRPC - ok
23:16:33.0863 0x17d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:16:33.0888 0x17d4  mssmbios - ok
23:16:33.0916 0x17d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:16:33.0993 0x17d4  MSTEE - ok
23:16:34.0008 0x17d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:16:34.0036 0x17d4  MTConfig - ok
23:16:34.0068 0x17d4  [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:16:34.0086 0x17d4  MTsensor - ok
23:16:34.0106 0x17d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:16:34.0133 0x17d4  Mup - ok
23:16:34.0191 0x17d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:16:34.0305 0x17d4  napagent - ok
23:16:34.0364 0x17d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:16:34.0427 0x17d4  NativeWifiP - ok
23:16:34.0507 0x17d4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:16:34.0598 0x17d4  NDIS - ok
23:16:34.0619 0x17d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:16:34.0702 0x17d4  NdisCap - ok
23:16:34.0733 0x17d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:16:34.0813 0x17d4  NdisTapi - ok
23:16:34.0855 0x17d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:16:34.0933 0x17d4  Ndisuio - ok
23:16:34.0970 0x17d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:16:35.0053 0x17d4  NdisWan - ok
23:16:35.0083 0x17d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:16:35.0154 0x17d4  NDProxy - ok
23:16:35.0200 0x17d4  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:16:35.0213 0x17d4  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:16:35.0439 0x17d4  Detect skipped due to KSN trusted
23:16:35.0439 0x17d4  Net Driver HPZ12 - ok
23:16:35.0473 0x17d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:16:35.0555 0x17d4  NetBIOS - ok
23:16:35.0602 0x17d4  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:16:35.0639 0x17d4  NetBT - ok
23:16:35.0652 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\Windows\system32\lsass.exe
23:16:35.0678 0x17d4  Netlogon - ok
23:16:35.0727 0x17d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:16:35.0839 0x17d4  Netman - ok
23:16:35.0886 0x17d4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:35.0921 0x17d4  NetMsmqActivator - ok
23:16:35.0940 0x17d4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:35.0974 0x17d4  NetPipeActivator - ok
23:16:36.0002 0x17d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:16:36.0108 0x17d4  netprofm - ok
23:16:36.0128 0x17d4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:36.0162 0x17d4  NetTcpActivator - ok
23:16:36.0183 0x17d4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:36.0217 0x17d4  NetTcpPortSharing - ok
23:16:36.0251 0x17d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:16:36.0277 0x17d4  nfrd960 - ok
23:16:36.0336 0x17d4  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:16:36.0375 0x17d4  NisDrv - ok
23:16:36.0459 0x17d4  [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
23:16:36.0523 0x17d4  NisSrv - ok
23:16:36.0575 0x17d4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:16:36.0631 0x17d4  NlaSvc - ok
23:16:36.0652 0x17d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:16:36.0730 0x17d4  Npfs - ok
23:16:36.0757 0x17d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:16:36.0836 0x17d4  nsi - ok
23:16:36.0851 0x17d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:16:36.0930 0x17d4  nsiproxy - ok
23:16:37.0059 0x17d4  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:16:37.0194 0x17d4  Ntfs - ok
23:16:37.0218 0x17d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:16:37.0293 0x17d4  Null - ok
23:16:37.0333 0x17d4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:16:37.0364 0x17d4  nvraid - ok
23:16:37.0399 0x17d4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:16:37.0434 0x17d4  nvstor - ok
23:16:37.0458 0x17d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:16:37.0488 0x17d4  nv_agp - ok
23:16:37.0515 0x17d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:16:37.0545 0x17d4  ohci1394 - ok
23:16:37.0575 0x17d4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:16:37.0601 0x17d4  ose - ok
23:16:37.0933 0x17d4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:16:38.0295 0x17d4  osppsvc - ok
23:16:38.0344 0x17d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:16:38.0401 0x17d4  p2pimsvc - ok
23:16:38.0437 0x17d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:16:38.0495 0x17d4  p2psvc - ok
23:16:38.0532 0x17d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:16:38.0563 0x17d4  Parport - ok
23:16:38.0603 0x17d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:16:38.0629 0x17d4  partmgr - ok
23:16:38.0671 0x17d4  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:16:38.0710 0x17d4  PcaSvc - ok
23:16:38.0742 0x17d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:16:38.0776 0x17d4  pci - ok
23:16:38.0812 0x17d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:16:38.0836 0x17d4  pciide - ok
23:16:38.0875 0x17d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:16:38.0910 0x17d4  pcmcia - ok
23:16:38.0931 0x17d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:16:38.0958 0x17d4  pcw - ok
23:16:39.0018 0x17d4  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:16:39.0094 0x17d4  PEAUTH - ok
23:16:39.0173 0x17d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:16:39.0204 0x17d4  PerfHost - ok
23:16:39.0318 0x17d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:16:39.0489 0x17d4  pla - ok
23:16:39.0559 0x17d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:16:39.0604 0x17d4  PlugPlay - ok
23:16:39.0662 0x17d4  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:16:39.0677 0x17d4  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:16:39.0913 0x17d4  Detect skipped due to KSN trusted
23:16:39.0914 0x17d4  Pml Driver HPZ12 - ok
23:16:40.0118 0x17d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:16:40.0145 0x17d4  PNRPAutoReg - ok
23:16:40.0183 0x17d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:16:40.0240 0x17d4  PNRPsvc - ok
23:16:40.0292 0x17d4  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:16:40.0364 0x17d4  PolicyAgent - ok
23:16:40.0413 0x17d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:16:40.0501 0x17d4  Power - ok
23:16:40.0558 0x17d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:16:40.0640 0x17d4  PptpMiniport - ok
23:16:40.0667 0x17d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:16:40.0698 0x17d4  Processor - ok
23:16:40.0743 0x17d4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:16:40.0781 0x17d4  ProfSvc - ok
23:16:40.0829 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:16:40.0855 0x17d4  ProtectedStorage - ok
23:16:40.0911 0x17d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:16:40.0992 0x17d4  Psched - ok
23:16:41.0109 0x17d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:16:41.0242 0x17d4  ql2300 - ok
23:16:41.0270 0x17d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:16:41.0300 0x17d4  ql40xx - ok
23:16:41.0335 0x17d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:16:41.0397 0x17d4  QWAVE - ok
23:16:41.0412 0x17d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:16:41.0451 0x17d4  QWAVEdrv - ok
23:16:41.0490 0x17d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:16:41.0570 0x17d4  RasAcd - ok
23:16:41.0615 0x17d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:16:41.0696 0x17d4  RasAgileVpn - ok
23:16:41.0721 0x17d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:16:41.0802 0x17d4  RasAuto - ok
23:16:41.0839 0x17d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:16:41.0922 0x17d4  Rasl2tp - ok
23:16:41.0972 0x17d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:16:42.0064 0x17d4  RasMan - ok
23:16:42.0088 0x17d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:16:42.0169 0x17d4  RasPppoe - ok
23:16:42.0191 0x17d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:16:42.0275 0x17d4  RasSstp - ok
23:16:42.0311 0x17d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:16:42.0419 0x17d4  rdbss - ok
23:16:42.0450 0x17d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:16:42.0484 0x17d4  rdpbus - ok
23:16:42.0513 0x17d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:16:42.0589 0x17d4  RDPCDD - ok
23:16:42.0599 0x17d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:16:42.0680 0x17d4  RDPENCDD - ok
23:16:42.0698 0x17d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:16:42.0774 0x17d4  RDPREFMP - ok
23:16:42.0838 0x17d4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:16:42.0872 0x17d4  RDPWD - ok
23:16:42.0934 0x17d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:16:42.0970 0x17d4  rdyboost - ok
23:16:43.0004 0x17d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:16:43.0086 0x17d4  RemoteAccess - ok
23:16:43.0130 0x17d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:16:43.0219 0x17d4  RemoteRegistry - ok
23:16:43.0245 0x17d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:16:43.0326 0x17d4  RpcEptMapper - ok
23:16:43.0337 0x17d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:16:43.0366 0x17d4  RpcLocator - ok
23:16:43.0426 0x17d4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
23:16:43.0479 0x17d4  RpcSs - ok
23:16:43.0512 0x17d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:16:43.0592 0x17d4  rspndr - ok
23:16:43.0607 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\Windows\system32\lsass.exe
23:16:43.0634 0x17d4  SamSs - ok
23:16:43.0666 0x17d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:16:43.0697 0x17d4  sbp2port - ok
23:16:43.0737 0x17d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:16:43.0837 0x17d4  SCardSvr - ok
23:16:43.0868 0x17d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:16:43.0943 0x17d4  scfilter - ok
23:16:44.0031 0x17d4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
23:16:44.0137 0x17d4  Schedule - ok
23:16:44.0169 0x17d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:16:44.0250 0x17d4  SCPolicySvc - ok
23:16:44.0289 0x17d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:16:44.0324 0x17d4  SDRSVC - ok
23:16:44.0378 0x17d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:16:44.0404 0x17d4  secdrv - ok
23:16:44.0437 0x17d4  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
23:16:44.0466 0x17d4  seclogon - ok
23:16:44.0499 0x17d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:16:44.0579 0x17d4  SENS - ok
23:16:44.0603 0x17d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:16:44.0630 0x17d4  SensrSvc - ok
23:16:44.0686 0x17d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:16:44.0713 0x17d4  Serenum - ok
23:16:44.0746 0x17d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:16:44.0779 0x17d4  Serial - ok
23:16:44.0807 0x17d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:16:44.0835 0x17d4  sermouse - ok
23:16:44.0879 0x17d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:16:44.0964 0x17d4  SessionEnv - ok
23:16:45.0001 0x17d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:16:45.0034 0x17d4  sffdisk - ok
23:16:45.0055 0x17d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:16:45.0088 0x17d4  sffp_mmc - ok
23:16:45.0104 0x17d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:16:45.0138 0x17d4  sffp_sd - ok
23:16:45.0172 0x17d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:16:45.0198 0x17d4  sfloppy - ok
23:16:45.0267 0x17d4  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:16:45.0344 0x17d4  Sftfs - ok
23:16:45.0424 0x17d4  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:16:45.0490 0x17d4  sftlist - ok
23:16:45.0530 0x17d4  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:16:45.0578 0x17d4  Sftplay - ok
23:16:45.0604 0x17d4  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:16:45.0628 0x17d4  Sftredir - ok
23:16:45.0638 0x17d4  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:16:45.0663 0x17d4  Sftvol - ok
23:16:45.0691 0x17d4  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:16:45.0727 0x17d4  sftvsa - ok
23:16:45.0777 0x17d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:16:45.0890 0x17d4  SharedAccess - ok
23:16:45.0936 0x17d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:16:46.0048 0x17d4  ShellHWDetection - ok
23:16:46.0082 0x17d4  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
23:16:46.0112 0x17d4  SiSGbeLH - ok
23:16:46.0155 0x17d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:16:46.0181 0x17d4  SiSRaid2 - ok
23:16:46.0197 0x17d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:16:46.0224 0x17d4  SiSRaid4 - ok
23:16:46.0246 0x17d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:16:46.0328 0x17d4  Smb - ok
23:16:46.0372 0x17d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:16:46.0402 0x17d4  SNMPTRAP - ok
23:16:46.0543 0x17d4  [ F06A6DE8438F7446BFF9E61F31356521, 6F8819013B4362A83793914282878047B3C3A42D2E978438AF47A7E9F12AA81C ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
23:16:46.0702 0x17d4  SNP2UVC - ok
23:16:46.0730 0x17d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:16:46.0755 0x17d4  spldr - ok
23:16:46.0815 0x17d4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:16:46.0885 0x17d4  Spooler - ok
23:16:47.0103 0x17d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:16:47.0407 0x17d4  sppsvc - ok
23:16:47.0436 0x17d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:16:47.0519 0x17d4  sppuinotify - ok
23:16:47.0570 0x17d4  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:16:47.0633 0x17d4  srv - ok
23:16:47.0683 0x17d4  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:16:47.0727 0x17d4  srv2 - ok
23:16:47.0752 0x17d4  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:16:47.0787 0x17d4  srvnet - ok
23:16:47.0835 0x17d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:16:47.0914 0x17d4  SSDPSRV - ok
23:16:47.0923 0x17d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:16:47.0999 0x17d4  SstpSvc - ok
23:16:48.0147 0x17d4  [ 94A6522AC9F3E05FD039AD105ADE96D0, 50E62BDE650B55980F9166E4A1555D61E4652BF7C442A402A39F4DAD9119B0EE ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
23:16:48.0180 0x17d4  STacSV - ok
23:16:48.0218 0x17d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:16:48.0243 0x17d4  stexstor - ok
23:16:48.0306 0x17d4  [ DDB811B13D827081E7C1DDFF302AB334, D2C86644ECD6DC20815766874FF15CAF3DEEBBD2E452E146492719518CECC5CE ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
23:16:48.0368 0x17d4  STHDA - ok
23:16:48.0442 0x17d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:16:48.0532 0x17d4  stisvc - ok
23:16:48.0563 0x17d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:16:48.0589 0x17d4  swenum - ok
23:16:48.0634 0x17d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:16:48.0740 0x17d4  swprv - ok
23:16:48.0857 0x17d4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
23:16:49.0002 0x17d4  SysMain - ok
23:16:49.0067 0x17d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:16:49.0112 0x17d4  TabletInputService - ok
23:16:49.0150 0x17d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:16:49.0257 0x17d4  TapiSrv - ok
23:16:49.0387 0x17d4  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:16:49.0548 0x17d4  Tcpip - ok
23:16:49.0710 0x17d4  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:16:49.0853 0x17d4  TCPIP6 - ok
23:16:49.0898 0x17d4  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:16:49.0925 0x17d4  tcpipreg - ok
23:16:49.0967 0x17d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:16:49.0994 0x17d4  TDPIPE - ok
23:16:50.0025 0x17d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:16:50.0051 0x17d4  TDTCP - ok
23:16:50.0091 0x17d4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:16:50.0121 0x17d4  tdx - ok
23:16:50.0173 0x17d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:16:50.0201 0x17d4  TermDD - ok
23:16:50.0261 0x17d4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:16:50.0335 0x17d4  TermService - ok
23:16:50.0373 0x17d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:16:50.0412 0x17d4  Themes - ok
23:16:50.0442 0x17d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:16:50.0527 0x17d4  THREADORDER - ok
23:16:50.0575 0x17d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:16:50.0659 0x17d4  TrkWks - ok
23:16:50.0709 0x17d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:16:50.0795 0x17d4  TrustedInstaller - ok
23:16:50.0835 0x17d4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:16:50.0862 0x17d4  tssecsrv - ok
23:16:50.0912 0x17d4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:16:50.0941 0x17d4  TsUsbFlt - ok
23:16:51.0006 0x17d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:16:51.0090 0x17d4  tunnel - ok
23:16:51.0114 0x17d4  [ C45A3E051C65106A28982CAED125F855, 9164708ABC6B1BA804B8297AA4EEBC65C4BDD4D399AD6CBAB9C66BB7AA9020E8 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
23:16:51.0134 0x17d4  TurboB - ok
23:16:51.0169 0x17d4  [ BAEF86EBEAECE76573FA822DEA256F6C, B845AB0AACCCF4C2D4A8DD152C57C52416C5938FB3FEB670DB5434FA95620F3B ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:16:51.0195 0x17d4  TurboBoost - ok
23:16:51.0229 0x17d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:16:51.0256 0x17d4  uagp35 - ok
23:16:51.0311 0x17d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:16:51.0419 0x17d4  udfs - ok
23:16:51.0458 0x17d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:16:51.0490 0x17d4  UI0Detect - ok
23:16:51.0530 0x17d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:16:51.0558 0x17d4  uliagpkx - ok
23:16:51.0596 0x17d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
23:16:51.0625 0x17d4  umbus - ok
23:16:51.0658 0x17d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:16:51.0685 0x17d4  UmPass - ok
23:16:51.0878 0x17d4  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:16:52.0039 0x17d4  UNS - detected UnsignedFile.Multi.Generic ( 1 )
23:16:52.0280 0x17d4  Detect skipped due to KSN trusted
23:16:52.0280 0x17d4  UNS - ok
23:16:52.0457 0x17d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:16:52.0557 0x17d4  upnphost - ok
23:16:52.0589 0x17d4  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
23:16:52.0619 0x17d4  usbccgp - ok
23:16:52.0652 0x17d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:16:52.0683 0x17d4  usbcir - ok
23:16:52.0702 0x17d4  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:16:52.0731 0x17d4  usbehci - ok
23:16:52.0790 0x17d4  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
23:16:52.0845 0x17d4  usbhub - ok
23:16:52.0881 0x17d4  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:16:52.0907 0x17d4  usbohci - ok
23:16:52.0946 0x17d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:16:52.0979 0x17d4  usbprint - ok
23:16:53.0049 0x17d4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
23:16:53.0075 0x17d4  usbscan - ok
23:16:53.0112 0x17d4  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:16:53.0141 0x17d4  USBSTOR - ok
23:16:53.0179 0x17d4  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:16:53.0205 0x17d4  usbuhci - ok
23:16:53.0249 0x17d4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:16:53.0283 0x17d4  usbvideo - ok
23:16:53.0316 0x17d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:16:53.0394 0x17d4  UxSms - ok
23:16:53.0413 0x17d4  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\Windows\system32\lsass.exe
23:16:53.0439 0x17d4  VaultSvc - ok
23:16:53.0468 0x17d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:16:53.0494 0x17d4  vdrvroot - ok
23:16:53.0553 0x17d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:16:53.0669 0x17d4  vds - ok
23:16:53.0707 0x17d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:16:53.0737 0x17d4  vga - ok
23:16:53.0759 0x17d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:16:53.0830 0x17d4  VgaSave - ok
23:16:53.0878 0x17d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:16:53.0907 0x17d4  vhdmp - ok
23:16:53.0932 0x17d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:16:53.0954 0x17d4  viaide - ok
23:16:53.0973 0x17d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:16:53.0999 0x17d4  volmgr - ok
23:16:54.0045 0x17d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:16:54.0094 0x17d4  volmgrx - ok
23:16:54.0136 0x17d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:16:54.0175 0x17d4  volsnap - ok
23:16:54.0217 0x17d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:16:54.0247 0x17d4  vsmraid - ok
23:16:54.0367 0x17d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:16:54.0557 0x17d4  VSS - ok
23:16:54.0576 0x17d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:16:54.0609 0x17d4  vwifibus - ok
23:16:54.0618 0x17d4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:16:54.0657 0x17d4  vwififlt - ok
23:16:54.0695 0x17d4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:16:54.0733 0x17d4  vwifimp - ok
23:16:54.0776 0x17d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:16:54.0872 0x17d4  W32Time - ok
23:16:54.0896 0x17d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:16:54.0922 0x17d4  WacomPen - ok
23:16:54.0978 0x17d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:16:55.0051 0x17d4  WANARP - ok
23:16:55.0072 0x17d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:16:55.0149 0x17d4  Wanarpv6 - ok
23:16:55.0266 0x17d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:16:55.0396 0x17d4  wbengine - ok
23:16:55.0445 0x17d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:16:55.0506 0x17d4  WbioSrvc - ok
23:16:55.0566 0x17d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:16:55.0638 0x17d4  wcncsvc - ok
23:16:55.0653 0x17d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:16:55.0683 0x17d4  WcsPlugInService - ok
23:16:55.0723 0x17d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:16:55.0747 0x17d4  Wd - ok
23:16:55.0825 0x17d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:16:55.0908 0x17d4  Wdf01000 - ok
23:16:55.0942 0x17d4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:16:55.0975 0x17d4  WdiServiceHost - ok
23:16:55.0984 0x17d4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:16:56.0015 0x17d4  WdiSystemHost - ok
23:16:56.0069 0x17d4  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
23:16:56.0108 0x17d4  WebClient - ok
23:16:56.0145 0x17d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:16:56.0234 0x17d4  Wecsvc - ok
23:16:56.0245 0x17d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:16:56.0330 0x17d4  wercplsupport - ok
23:16:56.0344 0x17d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:16:56.0428 0x17d4  WerSvc - ok
23:16:56.0476 0x17d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:16:56.0553 0x17d4  WfpLwf - ok
23:16:56.0600 0x17d4  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23:16:56.0631 0x17d4  WimFltr - ok
23:16:56.0654 0x17d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:16:56.0679 0x17d4  WIMMount - ok
23:16:56.0722 0x17d4  WinDefend - ok
23:16:56.0747 0x17d4  WinHttpAutoProxySvc - ok
23:16:56.0809 0x17d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:16:56.0910 0x17d4  Winmgmt - ok
23:16:57.0067 0x17d4  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:16:57.0250 0x17d4  WinRM - ok
23:16:57.0320 0x17d4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:16:57.0354 0x17d4  WinUsb - ok
23:16:57.0439 0x17d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:16:57.0523 0x17d4  Wlansvc - ok
23:16:57.0560 0x17d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:16:57.0586 0x17d4  WmiAcpi - ok
23:16:57.0620 0x17d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:16:57.0660 0x17d4  wmiApSrv - ok
23:16:57.0692 0x17d4  WMPNetworkSvc - ok
23:16:57.0721 0x17d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:16:57.0748 0x17d4  WPCSvc - ok
23:16:57.0785 0x17d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:16:57.0824 0x17d4  WPDBusEnum - ok
23:16:57.0852 0x17d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:16:57.0931 0x17d4  ws2ifsl - ok
23:16:57.0958 0x17d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:16:58.0002 0x17d4  wscsvc - ok
23:16:58.0008 0x17d4  WSearch - ok
23:16:58.0167 0x17d4  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:16:58.0389 0x17d4  wuauserv - ok
23:16:58.0424 0x17d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:16:58.0454 0x17d4  WudfPf - ok
23:16:58.0502 0x17d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:16:58.0535 0x17d4  WUDFRd - ok
23:16:58.0563 0x17d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:16:58.0596 0x17d4  wudfsvc - ok
23:16:58.0647 0x17d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:16:58.0697 0x17d4  WwanSvc - ok
23:16:58.0799 0x17d4  {41E8078B-96D9-42DC-8789-A1CF102CD880} - ok
23:16:58.0813 0x17d4  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
23:16:58.0817 0x17d4  ================ Scan global ===============================
23:16:58.0849 0x17d4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:16:58.0875 0x17d4  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
23:16:58.0918 0x17d4  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
23:16:58.0951 0x17d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:16:58.0984 0x17d4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:16:58.0998 0x17d4  [ Global ] - ok
23:16:58.0999 0x17d4  ================ Scan MBR ==================================
23:16:59.0011 0x17d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:16:59.0449 0x17d4  \Device\Harddisk0\DR0 - ok
23:16:59.0450 0x17d4  ================ Scan VBR ==================================
23:16:59.0453 0x17d4  [ 2EC3F90DE56A9464CAC5BBF68EC62165 ] \Device\Harddisk0\DR0\Partition1
23:16:59.0457 0x17d4  \Device\Harddisk0\DR0\Partition1 - ok
23:16:59.0473 0x17d4  [ 8A81BDD2C6402100E2AB4D42A2708107 ] \Device\Harddisk0\DR0\Partition2
23:16:59.0477 0x17d4  \Device\Harddisk0\DR0\Partition2 - ok
23:16:59.0477 0x17d4  ================ Scan generic autorun ======================
23:16:59.0557 0x17d4  [ 68161603C58407CBE4099D9CD739E0D1, CAA67722A810DC9165950399A0C15D2D7B3472AC0AA0EB5D0904ECC4D5BD7B8E ] C:\Program Files\Elantech\ETDCtrl.exe
23:16:59.0681 0x17d4  ETDWare - ok
23:16:59.0818 0x17d4  [ 9DEA654E4D9820958D6B4D1EBAF2F31E, 526599AE6A3949AC43EAFA3A5F881A50BBC6549F3F3A0F00E2309E210ABFF40C ] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
23:16:59.0950 0x17d4  ASUS WebStorage - ok
23:17:00.0021 0x17d4  [ 06C2C34EA4C666835C6AB492976C0BA1, E47662ED93191B425709F2221BB3C776D06506C120DC94562896A5463188F2E8 ] C:\Program Files\IDT\WDM\sttray64.exe
23:17:00.0081 0x17d4  SysTrayApp - ok
23:17:00.0122 0x17d4  [ DFAC78508DEFE8841DA4CDD1FA472C1A, A9055BD9C27E53F89E847C66FF73E090419CFDBFB51CA59645800E426476097E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
23:17:00.0168 0x17d4  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
23:17:00.0413 0x17d4  Detect skipped due to KSN trusted
23:17:00.0413 0x17d4  AmIcoSinglun64 - ok
23:17:00.0443 0x17d4  Setwallpaper - ok
23:17:00.0573 0x17d4  [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] C:\Program Files\Microsoft Security Client\msseces.exe
23:17:00.0697 0x17d4  MSC - ok
23:17:01.0198 0x17d4  [ 7F7D637F5902732E327912233CAA3AE7, 381CC77505423D7267A7796DC852D7D35F206756082E719E9427666B3A2A0E7D ] c:\program files\emsisoft anti-malware\a2guard.exe
23:17:01.0677 0x17d4  emsisoft anti-malware - ok
23:17:01.0792 0x17d4  [ A152156F4793837A8FDB706C10D2640E, 86C4E02B99316E43CE4D791BDFC8D79591D56CD275736CC3735F1280F4F477D2 ] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
23:17:01.0835 0x17d4  Boingo Wi-Fi - detected UnsignedFile.Multi.Generic ( 1 )
23:17:02.0248 0x17d4  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - warning
23:17:02.0628 0x17d4  [ E96857D927626076104CFC5A9D237F91, B5B50B144E24DE29E03FB913B3A5A7553448FEB75607798EFE4A4B8B272FA31F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:17:02.0664 0x17d4  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
23:17:02.0908 0x17d4  Detect skipped due to KSN trusted
23:17:02.0908 0x17d4  StartCCC - ok
23:17:03.0313 0x17d4  [ 6529C89512CE4498919BDC512572F82C, DFF9BB4BFAFE8BA2E1F13B668C6E010FD18591B0CECF65574EA5E14143C79A83 ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
23:17:03.0781 0x17d4  ATKOSD2 - ok
23:17:03.0956 0x17d4  [ 5666955DC9FD455A003D86A21E0483A9, 359E2B5857269EDCE395D6171642EAC8B23170AA5266932B2BAE1E5955E8FE77 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
23:17:03.0984 0x17d4  ATKMEDIA - ok
23:17:04.0012 0x17d4  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
23:17:04.0035 0x17d4  HControlUser - ok
23:17:04.0113 0x17d4  [ 21293443961A4E2597453EE7A9347F22, FDA88181C975C251E56D5A38E5473F45B9CB4E1258A6E93320D34D656AB1E6ED ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
23:17:04.0135 0x17d4  HP Software Update - ok
23:17:04.0259 0x17d4  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:17:04.0342 0x17d4  Adobe ARM - ok
23:17:04.0385 0x17d4  [ 826DDBBCA98F2E6CD1DFE33CEF33994C, A57B96DFAEC0E86EA4D2B95AE4F21434955D39802B1464D34BE95F25808471C8 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:17:04.0404 0x17d4  Adobe Reader Speed Launcher - ok
23:17:04.0405 0x17d4  PowerDVD16Agent - ok
23:17:04.0520 0x17d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:17:04.0768 0x17d4  Sidebar - ok
23:17:04.0800 0x17d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:17:04.0859 0x17d4  mctadmin - ok
23:17:04.0938 0x17d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:17:05.0023 0x17d4  Sidebar - ok
23:17:05.0033 0x17d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:17:05.0076 0x17d4  mctadmin - ok
23:17:05.0243 0x17d4  [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
23:17:05.0316 0x17d4  Google Update - ok
23:17:05.0379 0x17d4  [ AC43952EA7D028BD35099391DB2FF599, 1D688F98C3158D91F873421663B7BD60DA3A35DCF793792B9D398D5DFC9050F0 ] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
23:17:05.0430 0x17d4  Syncables - ok
23:17:05.0565 0x17d4  [ CD788725375AB8B06A3D17842E200864, 1D57A3BB84128E1F5EF91813647E1B397990022EDF84FE9EB0865048999CA16E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
23:17:05.0677 0x17d4  GarminExpressTrayApp - ok
23:17:05.0680 0x17d4  Waiting for KSN requests completion. In queue: 98
23:17:07.0017 0x17d4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x61010 ( enabled : outofdate )
23:17:07.0019 0x17d4  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 2017.2.0.7219 ), 0x41000 ( enabled : updated )
23:17:07.0064 0x17d4  Win FW state via NFP2: enabled ( trusted )
23:17:07.0283 0x17d4  ============================================================
23:17:07.0283 0x17d4  Scan finished
23:17:07.0283 0x17d4  ============================================================
23:17:07.0298 0x0e00  Detected object count: 1
23:17:07.0298 0x0e00  Actual detected object count: 1
23:17:31.0662 0x0e00  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - skipped by user
23:17:31.0662 0x0e00  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:18:24.0533 0x11b0  Deinitialize success

Scheint geklappt zu haben.

Danke und LG
Anni

M-K-D-B · 13.03.2017, 16:45

Servus,

ich weiß nicht, warum sich da alles auf Laufwerk C füllt... komisch...

Schritt 0
Entweder Emsisoft oder Microsoft Security Essentials über die Systemsteuerung deinstallieren! (Bebilderte Anleitung)

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
URLSearchHook: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 - (Kein Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT","hxxp://www.web.de/"
CHR DefaultSearchURL: Default -> hxxp://www.startfenster.de/suche/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Startfenster
CHR DefaultSuggestURL: Default -> hxxp://www.startfenster.de/api/?q={searchTerms}&language={lang}
U2 TMAgent; kein ImagePath
U3 tmlwf; kein ImagePath
U3 tmwfp; kein ImagePath
Task: {FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} - System32\Tasks\{EC608DBC-556D-47F4-982C-C3562E422181} => pcalua.exe -a E:\Install_CD.exe -d E:\
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

Starte die FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

Anni265 · 13.03.2017, 21:27

Hallo

Soweit alles erledigt.

FRST-Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-03-2017
durchgeführt von mautzi (13-03-2017 19:52:19) Run:1
Gestartet von C:\Users\mautzi\Desktop
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
URLSearchHook: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 - (Kein Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Keine Datei
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT","hxxp://www.web.de/"
CHR DefaultSearchURL: Default -> hxxp://www.startfenster.de/suche/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Startfenster
CHR DefaultSuggestURL: Default -> hxxp://www.startfenster.de/api/?q={searchTerms}&language={lang}
U2 TMAgent; kein ImagePath
U3 tmlwf; kein ImagePath
U3 tmwfp; kein ImagePath
Task: {FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} - System32\Tasks\{EC608DBC-556D-47F4-982C-C3562E422181} => pcalua.exe -a E:\Install_CD.exe -d E:\
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Wert erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Wert erfolgreich entfernt
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Schlüssel nicht gefunden. 
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Wert erfolgreich entfernt
Chrome HomePage => erfolgreich entfernt
Chrome StartupUrls => erfolgreich entfernt
Chrome DefaultSearchURL => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
Chrome DefaultSuggestURL => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\TMAgent => Schlüssel erfolgreich entfernt
TMAgent => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\tmlwf => Schlüssel erfolgreich entfernt
tmlwf => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\tmwfp => Schlüssel erfolgreich entfernt
tmwfp => Dienst erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD7CC4DA-3618-432C-BD97-8D37B1D2AD2C} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{EC608DBC-556D-47F4-982C-C3562E422181} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC608DBC-556D-47F4-982C-C3562E422181} => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6457418 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 51020384333 B
Edge => 0 B
Chrome => 379378580 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 114278097 B
systemprofile32 => 82866 B
LocalService => 132244 B
NetworkService => 24985170 B
mautzi => 165982992 B

RecycleBin => 0 B
EmptyTemp: => 48.2 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:55:00 ====

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v6.044 - Bericht erstellt am 13/03/2017 um 20:11:45
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-13.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : mautzi - MAUZIMOBIL
# Gestartet von : C:\Users\mautzi\Desktop\AdwCleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\mautzi\AppData\Local\EmieBrowserModeList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\Local\EmieSiteList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\Local\EmieUserList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\LocalLow\EmieBrowserModeList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\LocalLow\EmieSiteList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\LocalLow\EmieUserList
[-] Ordner gelöscht: C:\Users\mautzi\AppData\Roaming\Systweak
[-] Ordner gelöscht: C:\Users\mautzi\AppData\Roaming\Yahoo!\Companion
[-] Ordner gelöscht: C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhangopedggnlnicpbjklghlckmndge


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\mautzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster Symbol.lnk
[-] Datei gelöscht: C:\Users\mautzi\AppData\Roaming\Mozilla\Extensions\startfensterde-0.0.1-an+fx-linux.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Schlüssel gelöscht: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Yahoo\Companion
[-] Schlüssel gelöscht: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Yahoo\YFriendsBar
[-] Schlüssel gelöscht: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Yahoo\Companion
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Yahoo\YFriendsBar
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Yahoo\Companion
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Yahoo\Companion
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Wert gelöscht: HKCU\Software\AM [Startfenster Symbol]
[-] Wert gelöscht: HKCU\Software\AM [VLC Updater]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\djhangopedggnlnicpbjklghlckmndge


***** [ Browser ] *****

[-] [C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default] [extension] Gelöscht: djhangopedggnlnicpbjklghlckmndge


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [17967 Bytes] - [13/03/2017 20:11:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [16633 Bytes] - [13/03/2017 20:10:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18115 Bytes] ##########

MBAM:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 13.03.17
Scan-Zeit: 21:02
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.75
Version des Aktualisierungspakets: 1.0.1394
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MAUZIMOBIL\mautzi

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 360290
Abgelaufene Zeit: 4 Min., 43 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

FRST/Addition:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
durchgeführt von mautzi (Administrator) auf MAUZIMOBIL (13-03-2017 21:12:38)
Gestartet von C:\Users\mautzi\Desktop
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Windows\AsScrPro.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-06] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD16Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe"
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Google Update] => C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{40004EB2-6A31-4ABA-96F0-E5D279529049}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23] (Adobe Systems Incorporated)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-18] [ist nicht signiert]
FF HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @Google.com/GoogleEarthPlugin -> C:\Users\mautzi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default [2017-03-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 CyberLink PowerDVD 16 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe [127768 2016-12-29] (CyberLink)
R2 CyberLink PowerDVD 16 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe [375064 2016-12-29] (CyberLink)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-13] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-13 21:12 - 2017-03-13 21:12 - 00000000 ____D C:\Users\mautzi\Desktop\FRST-OlderVersion
2017-03-13 21:11 - 2017-03-13 21:11 - 00001251 _____ C:\Users\mautzi\Desktop\mbam.txt
2017-03-13 21:01 - 2017-03-13 21:03 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-13 21:01 - 2017-03-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-13 21:00 - 2017-03-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-13 21:00 - 2017-03-13 21:00 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-13 21:00 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-13 20:17 - 2017-03-13 20:17 - 00018402 _____ C:\Users\mautzi\Desktop\AdwCleaner[C0].txt
2017-03-13 20:06 - 2017-03-13 20:11 - 00000000 ____D C:\AdwCleaner
2017-03-13 20:05 - 2017-03-13 20:05 - 04031440 _____ C:\Users\mautzi\Desktop\AdwCleaner_6.044.exe
2017-03-13 19:52 - 2017-03-13 19:55 - 00005965 _____ C:\Users\mautzi\Desktop\Fixlog.txt
2017-03-12 23:04 - 2017-03-12 23:18 - 00210550 _____ C:\TDSSKiller.3.1.0.12_12.03.2017_23.04.49_log.txt
2017-03-12 23:03 - 2017-03-12 23:03 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mautzi\Desktop\tdsskiller (1).exe
2017-03-12 22:49 - 2017-03-12 22:51 - 00044860 _____ C:\Users\mautzi\Desktop\Addition.txt
2017-03-12 22:47 - 2017-03-13 21:13 - 00019309 _____ C:\Users\mautzi\Desktop\FRST.txt
2017-03-12 22:47 - 2017-03-13 21:12 - 02424832 _____ (Farbar) C:\Users\mautzi\Desktop\FRST64.exe
2017-03-12 22:46 - 2017-03-11 21:56 - 00271396 _____ C:\Users\mautzi\Desktop\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-12 22:46 - 2017-03-11 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mautzi\Desktop\tdsskiller.exe
2017-03-12 22:46 - 2017-02-17 01:50 - 00000360 _____ C:\Users\mautzi\Desktop\Eierlikör.txt
2017-03-12 22:46 - 2017-02-08 18:52 - 00000272 _____ C:\Users\mautzi\Desktop\Gutscheine.txt
2017-03-12 22:46 - 2017-01-29 19:57 - 00000706 _____ C:\Users\mautzi\Desktop\Mami Videos - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-29 19:38 - 00000904 _____ C:\Users\mautzi\Desktop\Mami Bilder - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-11 01:34 - 00000231 _____ C:\Users\mautzi\Desktop\Text.txt
2017-03-12 22:07 - 2017-03-12 22:07 - 00003110 _____ C:\Windows\System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282}
2017-03-11 21:37 - 2017-03-11 21:57 - 00271484 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-11 20:45 - 2017-03-13 21:12 - 00000000 ____D C:\FRST
2017-02-25 12:24 - 2017-02-25 12:24 - 00610300 _____ C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2017-02-21 23:33 - 2017-03-13 19:30 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 23:30 - 2017-03-13 19:33 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-12 22:50 - 2017-02-12 22:50 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\dvdcss
2017-02-12 19:13 - 2017-02-12 23:04 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\vlc
2017-02-12 19:09 - 2017-02-13 03:09 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-12 18:55 - 2017-02-12 18:55 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\Mozilla
2017-02-12 03:01 - 2017-02-12 03:01 - 00000000 ___HD C:\ProgramData\CanonBJ

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-13 20:24 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-13 20:24 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-13 20:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-13 20:11 - 2011-05-18 20:38 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\Yahoo!
2017-03-12 22:46 - 2010-12-04 17:11 - 00000000 ____D C:\Users\mautzi
2017-03-12 22:30 - 2010-10-06 11:18 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-03-12 22:26 - 2016-11-03 21:25 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-03-11 21:57 - 2009-08-04 10:51 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-03-11 21:57 - 2009-08-04 10:51 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-03-11 21:57 - 2009-07-14 06:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 21:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-05 01:55 - 2016-08-23 11:24 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-02-27 22:36 - 2014-08-30 16:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 22:35 - 2014-08-30 16:21 - 00000000 ____D C:\ProgramData\Lexware
2017-02-27 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-02-27 22:28 - 2011-06-09 21:34 - 00000000 ____D C:\ProgramData\Skype
2017-02-25 12:24 - 2010-12-05 13:11 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\SoftGrid Client
2017-02-24 03:12 - 2017-02-02 19:24 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:06 - 2017-02-02 19:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 18:28 - 2010-10-06 11:54 - 00002136 _____ C:\Windows\system32\AutoRunFilter.ini
2017-02-22 18:28 - 2010-10-06 11:54 - 00001379 _____ C:\Windows\system32\ServiceFilter.ini
2017-02-12 03:09 - 2010-10-06 11:20 - 00000000 ____D C:\ProgramData\CyberLink
2017-02-12 03:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2017-02-12 02:39 - 2010-12-05 13:04 - 00000000 ____D C:\Users\mautzi\AppData\Local\Cyberlink

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-25 12:24 - 2017-02-25 12:24 - 0610300 _____ () C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2011-06-09 21:42 - 2011-06-09 21:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-06 11:32 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-05-18 20:17 - 2011-05-18 21:11 - 0000316 _____ () C:\ProgramData\hpzinstall.log
2010-10-06 11:21 - 2010-10-06 11:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-06 11:21 - 2010-10-06 11:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-24 22:29

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 13-03-2017
durchgeführt von mautzi (13-03-2017 21:14:42)
Gestartet von C:\Users\mautzi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-04 16:11:39)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1083607986-3899408646-1555014007-500 - Administrator - Disabled)
Gast (S-1-5-21-1083607986-3899408646-1555014007-501 - Limited - Disabled)
mautzi (S-1-5-21-1083607986-3899408646-1555014007-1001 - Administrator - Enabled) => C:\Users\mautzi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.2406.60 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{7f65fe7f-fcc6-4c75-b83f-837e06afbc8c}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0890A5E5-FF51-4E0F-A4AB-4AC789175AE5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {149F6808-81A7-4FAD-8E4C-697585B4D5E9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {19B8A92E-63F6-4649-AD50-E9FCE74F754C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {1E78448C-5C6B-4B94-A1E9-0C878CC56D7E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {41894D1D-7E42-4529-B509-699169071502} - System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Task: {4B484F51-D0ED-4A2D-921A-9F953D737FDF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {5F1AD647-B94B-40E2-B123-3B1ED8A42A56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {77CC1654-DA51-470E-8EA6-23CAE7CFCB1B} - System32\Tasks\{85162ADB-7A1F-490F-BB28-8ECF2D916E18} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {79CD7CE1-961B-4559-9EAF-11B36E8580D9} - System32\Tasks\{7AEDB841-4FF3-4784-9667-A1BD370BC810} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {7CCC8D5D-3031-437B-AB61-3A7E63EA8D29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001UA => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {85488013-D699-4560-A6D7-B03405D03D17} - System32\Tasks\{3D785787-5091-4ECE-B06F-68A3A42404A4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe"
Task: {B102A43B-6D7E-4FB2-B413-4A9153B8FA34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001Core => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C2C6D31E-3173-4441-99B5-9C9411515DDD} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {D395BC04-8D8D-47A6-A61E-E9E4D29405C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3CCE98F-F26B-4F16-A9A7-4155D106905E} - System32\Tasks\{1C81B350-A6E0-4509-B9BF-3CDAB0DD8F5D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe 
Task: {EDD4F212-11D2-4BC2-B2B3-88A7EC469531} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {F2D19DFC-311F-4D9A-9256-7F4931474470} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-10-06 11:54 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-06 11:43 - 2010-10-06 11:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-03-13 21:00 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-13 21:00 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-25 20:01 - 2015-07-30 09:00 - 00541683 _____ () C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\sqlite3.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mautzi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{F7D222C2-8082-4A6F-A57F-CCBFC93B351B}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{561AF6CD-59E6-4E62-B31A-62A42A6FA0C0}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{B21A585B-09E9-4844-B7F6-B5AEDA10D91E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8E15E601-E5DD-4BD4-9283-E4F72FE633EE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Power Control [2017/01/28 20:18:22]
Description: Power Control [2017/01/28 20:18:22]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {41E8078B-96D9-42DC-8789-A1CF102CD880}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Power Control [2010/10/06 03:20:40]
Description: Power Control [2010/10/06 03:20:40]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/13/2017 07:30:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/13/2017 07:28:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2service.exe, Version: 2017.2.0.7219, Zeitstempel: 0x58b21713
Name des fehlerhaften Moduls: fw64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x58580a67
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee99a1395
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0x01d29c275962b982
Pfad der fehlerhaften Anwendung: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Pfad des fehlerhaften Moduls: fw64.dll
Berichtskennung: e50ac7eb-081a-11e7-9021-20cf306065bd

Error: (03/12/2017 11:42:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/12/2017 10:17:29 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (376) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/12/2017 10:14:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053; Fehler = 0x80070070).

Error: (03/11/2017 10:17:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070070).

Error: (03/11/2017 08:56:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (560) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 524288 (0x0000000000080000) für 393216 (0x00060000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 11:55:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:30:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (03/06/2017 09:26:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.


Systemfehler:
=============
Error: (03/13/2017 08:13:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2010/10/06 03:20:40]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/13/2017 08:13:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2017/01/28 20:18:22]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/13/2017 08:11:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (03/13/2017 08:11:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/13/2017 08:11:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/13/2017 08:11:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/13/2017 08:10:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/13/2017 08:10:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/13/2017 08:10:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/13/2017 08:10:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 3948.54 MB
Verfügbarer physikalischer RAM: 1780.58 MB
Summe virtueller Speicher: 7895.27 MB
Verfügbarer virtueller Speicher: 5444.99 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:44.53 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:291.62 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

Jetzt sind es wirklich nur 72 GB, der verschwundene Platz ist wieder da.
Das waren doch nicht alles temporäre Dateien, oder? Löscht es die nicht auch bei der Systembereinigung?

Vielen Dank und gute Nacht.

LG, Anni

M-K-D-B · 13.03.2017, 21:44

Servus,

ich habe FRST angewiesen gehabt, alle temporären Dateien zu löschen.

Was genau meinst du mit "Systembereinigung"?

So geht es weiter:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Startfenster*
*VLC Updater*
*Yahoo\Companion*
*YFriendsBar*
*YTabBar*
*YBrowserToolbar*
*Systweak*

:folderfind
*Startfenster*
*VLC Updater*
*Yahoo\Companion*
*YFriendsBar*
*YTabBar*
*YBrowserToolbar*
*Systweak*

:regfind
Startfenster
VLC Updater
Yahoo\Companion
YFriendsBar
YTabBar
YBrowserToolbar
Systweak

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

Anni265 · 14.03.2017, 21:09

Hallo, hallo

- Ja, das war mir beim Lesen der Fixlist aufgefallen:-). Ich meinte natürlich die Datenträgerbereinigung für LW C. Wenn ich das mache, wird doch die Option angeboten, temporäre Dateien zu löschen. Wieso waren da noch so viele da? Ich hatte diese schon vorab bemerkt, war mir aber nicht ganz sicher, ob ich alle TEMP-Ordner leeren darf...
- Emsisoft ist erst einmal deinstalliert, allerdings gibt es noch 3 Ordner auf dem Rechner. Darf ich die löschen (Installer, Quarantäneordner mit Befunden, Berichte)?
- Nach dem Hochfahren kommen immer zwei Meldungen der Firewall, dass einige Funktionen/Features von Java/Google Chrom blockiert wurden. Wie geht das abzustellen?

1. FRST-Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-03-2017
durchgeführt von mautzi (14-03-2017 21:01:55) Run:2
Gestartet von C:\Users\mautzi\Desktop
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
EmptyTemp:
end
         
*****************

Prozesse erfolgreich geschlossen.
HKLM\System\CurrentControlSet\Services\ACDaemon => Schlüssel erfolgreich entfernt
ACDaemon => Dienst erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4199469 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 593276088 B
Edge => 0 B
Chrome => 11767568 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5006 B
mautzi => 3985601 B

RecycleBin => 0 B
EmptyTemp: => 592.8 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:02:04 ====

M-K-D-B · 14.03.2017, 21:10

Servus,

Zitat:

Wieso waren da noch so viele da?

Es gibt ja auch noch temporäre Dateien in Internet Browsern und temporäre Dateien, die die interne Bereinigung nicht erwischt.
FRST ist da schon sehr gründlich.

Zitat:

Darf ich die löschen (Installer, Quarantäneordner mit Befunden, Berichte)?

Jep, weg damit.

Zitat:

Nach dem Hochfahren kommen immer zwei Meldungen der Firewall, dass einige Funktionen/Features von Java/Google Chrom blockiert wurden. Wie geht das abzustellen?

Kann ich mir anschauen, wenn du meine zuletzt geposteten Schritte ausgeführt hast.

Anni265 · 14.03.2017, 21:45

2. SystemLook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 21:19 on 14/03/2017 by mautzi
Administrator - Elevation successful

========== filefind ==========

Searching for "*Startfenster*"
No files found.

Searching for "*VLC Updater*"
No files found.

Searching for "*Yahoo\Companion*"
No files found.

Searching for "*YFriendsBar*"
No files found.

Searching for "*YTabBar*"
No files found.

Searching for "*YBrowserToolbar*"
No files found.

Searching for "*Systweak*"
No files found.

========== folderfind ==========

Searching for "*Startfenster*"
No folders found.

Searching for "*VLC Updater*"
No folders found.

Searching for "*Yahoo\Companion*"
No folders found.

Searching for "*YFriendsBar*"
No folders found.

Searching for "*YTabBar*"
No folders found.

Searching for "*YBrowserToolbar*"
No folders found.

Searching for "*Systweak*"
No folders found.

========== regfind ==========

Searching for "Startfenster"
No data found.

Searching for "VLC Updater"
No data found.

Searching for "Yahoo\Companion"
No data found.

Searching for "YFriendsBar"
No data found.

Searching for "YTabBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}]
@="IYTabBarControl"

Searching for "YBrowserToolbar"
No data found.

Searching for "Systweak"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CosDeviceCache\839]
"HwId"="SystemSKUNumber:                      "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CosDeviceCache\842]
"HwId"="SystemFamily:                      "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11111658000237&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD&REV_1.0#_&0#]
"DeviceDesc"="SD              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD2&REV_1.0#_&1#]
"DeviceDesc"="SD2             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11111658000237&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD&REV_1.0#_&0#]
"DeviceDesc"="SD              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD2&REV_1.0#_&1#]
"DeviceDesc"="SD2             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11111658000237&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD&REV_1.0#_&0#]
"DeviceDesc"="SD              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HD_DV&PROD_SD2&REV_1.0#_&1#]
"DeviceDesc"="SD2             "

-= EOF =-

M-K-D-B · 14.03.2017, 21:50

Servus,

gut gemacht. Fehlen noch die Logdateien von FRST.

Anni265 · 14.03.2017, 21:52

3. FRST/Addition:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
durchgeführt von mautzi (Administrator) auf MAUZIMOBIL (14-03-2017 21:46:19)
Gestartet von C:\Users\mautzi\Desktop
Geladene Profile: mautzi (Verfügbare Profile: mautzi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Windows\AsScrPro.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-06] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-12-29] (CyberLink Corp.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Google Update] => C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-10-06]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{40004EB2-6A31-4ABA-96F0-E5D279529049}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23] (Adobe Systems Incorporated)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-24] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-18] [ist nicht signiert]
FF HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @Google.com/GoogleEarthPlugin -> C:\Users\mautzi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1083607986-3899408646-1555014007-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\mautzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 CyberLink PowerDVD 16 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSMonitorServicePDVD16.exe [127768 2016-12-29] (CyberLink)
R2 CyberLink PowerDVD 16 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe [375064 2016-12-29] (CyberLink)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-14] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [38168 2016-12-19] (CyberLink Corp.)
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-14 21:14 - 2017-03-14 21:14 - 00000768 _____ C:\Users\mautzi\Desktop\SystemLook_x64 - Verknüpfung.lnk
2017-03-13 21:12 - 2017-03-14 21:01 - 00000000 ____D C:\Users\mautzi\Desktop\FRST-OlderVersion
2017-03-13 21:11 - 2017-03-13 21:11 - 00001251 _____ C:\Users\mautzi\Desktop\mbam.txt
2017-03-13 21:01 - 2017-03-14 21:06 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 21:01 - 2017-03-14 21:06 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 21:01 - 2017-03-14 21:05 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 21:01 - 2017-03-14 21:05 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-13 21:01 - 2017-03-14 21:05 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 21:01 - 2017-03-13 21:01 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-13 21:01 - 2017-03-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-13 21:00 - 2017-03-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-13 21:00 - 2017-03-13 21:00 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-13 21:00 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-13 20:17 - 2017-03-13 20:17 - 00018402 _____ C:\Users\mautzi\Desktop\AdwCleaner[C0].txt
2017-03-13 20:06 - 2017-03-14 00:57 - 00000000 ____D C:\AdwCleaner
2017-03-13 20:05 - 2017-03-13 20:05 - 04031440 _____ C:\Users\mautzi\Desktop\AdwCleaner_6.044.exe
2017-03-13 19:52 - 2017-03-14 21:02 - 00001375 _____ C:\Users\mautzi\Desktop\Fixlog.txt
2017-03-12 23:04 - 2017-03-12 23:18 - 00210550 _____ C:\TDSSKiller.3.1.0.12_12.03.2017_23.04.49_log.txt
2017-03-12 23:03 - 2017-03-12 23:03 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mautzi\Desktop\tdsskiller (1).exe
2017-03-12 22:49 - 2017-03-13 21:15 - 00036390 _____ C:\Users\mautzi\Desktop\Addition.txt
2017-03-12 22:47 - 2017-03-14 21:47 - 00019447 _____ C:\Users\mautzi\Desktop\FRST.txt
2017-03-12 22:47 - 2017-03-14 21:01 - 02424832 _____ (Farbar) C:\Users\mautzi\Desktop\FRST64.exe
2017-03-12 22:46 - 2017-03-11 21:56 - 00271396 _____ C:\Users\mautzi\Desktop\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-12 22:46 - 2017-03-11 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mautzi\Desktop\tdsskiller.exe
2017-03-12 22:46 - 2017-02-17 01:50 - 00000360 _____ C:\Users\mautzi\Desktop\Eierlikör.txt
2017-03-12 22:46 - 2017-02-08 18:52 - 00000272 _____ C:\Users\mautzi\Desktop\Gutscheine.txt
2017-03-12 22:46 - 2017-01-29 19:57 - 00000706 _____ C:\Users\mautzi\Desktop\Mami Videos - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-29 19:38 - 00000904 _____ C:\Users\mautzi\Desktop\Mami Bilder - Verknüpfung.lnk
2017-03-12 22:46 - 2017-01-11 01:34 - 00000231 _____ C:\Users\mautzi\Desktop\Text.txt
2017-03-12 22:07 - 2017-03-12 22:07 - 00003110 _____ C:\Windows\System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282}
2017-03-11 21:37 - 2017-03-11 21:57 - 00271484 _____ C:\TDSSKiller.3.1.0.12_11.03.2017_21.37.02_log.txt
2017-03-11 20:45 - 2017-03-14 21:46 - 00000000 ____D C:\FRST
2017-02-25 12:24 - 2017-02-25 12:24 - 00610300 _____ C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2017-02-21 23:33 - 2017-03-13 19:30 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 23:30 - 2017-03-13 19:33 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-12 22:50 - 2017-02-12 22:50 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\dvdcss
2017-02-12 19:13 - 2017-02-12 23:04 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\vlc
2017-02-12 19:09 - 2017-02-13 03:09 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-12 18:55 - 2017-02-12 18:55 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\Mozilla
2017-02-12 03:01 - 2017-02-12 03:01 - 00000000 ___HD C:\ProgramData\CanonBJ

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-14 21:16 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-14 21:16 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-14 21:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 20:28 - 2016-08-23 11:24 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-03-14 00:59 - 2010-10-06 11:54 - 00002178 _____ C:\Windows\system32\AutoRunFilter.ini
2017-03-14 00:59 - 2010-10-06 11:54 - 00001391 _____ C:\Windows\system32\ServiceFilter.ini
2017-03-13 21:39 - 2010-10-06 11:18 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-03-13 20:11 - 2011-05-18 20:38 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\Yahoo!
2017-03-12 22:46 - 2010-12-04 17:11 - 00000000 ____D C:\Users\mautzi
2017-03-12 22:26 - 2016-11-03 21:25 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-03-11 21:57 - 2009-08-04 10:51 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-03-11 21:57 - 2009-08-04 10:51 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-03-11 21:57 - 2009-07-14 06:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 21:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-27 22:36 - 2014-08-30 16:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 22:35 - 2014-08-30 16:21 - 00000000 ____D C:\ProgramData\Lexware
2017-02-27 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-02-27 22:28 - 2011-06-09 21:34 - 00000000 ____D C:\ProgramData\Skype
2017-02-25 12:24 - 2010-12-05 13:11 - 00000000 ____D C:\Users\mautzi\AppData\Roaming\SoftGrid Client
2017-02-24 03:12 - 2017-02-02 19:24 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:06 - 2017-02-02 19:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-12 03:09 - 2010-10-06 11:20 - 00000000 ____D C:\ProgramData\CyberLink
2017-02-12 03:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2017-02-12 02:39 - 2010-12-05 13:04 - 00000000 ____D C:\Users\mautzi\AppData\Local\Cyberlink

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-25 12:24 - 2017-02-25 12:24 - 0610300 _____ () C:\Users\mautzi\AppData\Local\Q$_140066.DEU_SoftGridUserSettings_settings.cp.temp
2011-06-09 21:42 - 2011-06-09 21:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-06 11:32 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-05-18 20:17 - 2011-05-18 21:11 - 0000316 _____ () C:\ProgramData\hpzinstall.log
2010-10-06 11:21 - 2010-10-06 11:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-06 11:21 - 2010-10-06 11:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-24 22:29

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-03-2017
durchgeführt von mautzi (14-03-2017 21:48:29)
Gestartet von C:\Users\mautzi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-04 16:11:39)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1083607986-3899408646-1555014007-500 - Administrator - Disabled)
Gast (S-1-5-21-1083607986-3899408646-1555014007-501 - Limited - Disabled)
mautzi (S-1-5-21-1083607986-3899408646-1555014007-1001 - Administrator - Enabled) => C:\Users\mautzi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.2406.60 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{7f65fe7f-fcc6-4c75-b83f-837e06afbc8c}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1083607986-3899408646-1555014007-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mautzi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0890A5E5-FF51-4E0F-A4AB-4AC789175AE5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {149F6808-81A7-4FAD-8E4C-697585B4D5E9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {19B8A92E-63F6-4649-AD50-E9FCE74F754C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {1E78448C-5C6B-4B94-A1E9-0C878CC56D7E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {41894D1D-7E42-4529-B509-699169071502} - System32\Tasks\{5DB8CC2C-4C75-41E9-B756-1F91CEAEA282} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Task: {47BEF0A6-8A97-42CF-85BD-08E11BB654F6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {4B484F51-D0ED-4A2D-921A-9F953D737FDF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {5F1AD647-B94B-40E2-B123-3B1ED8A42A56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {77CC1654-DA51-470E-8EA6-23CAE7CFCB1B} - System32\Tasks\{85162ADB-7A1F-490F-BB28-8ECF2D916E18} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {79CD7CE1-961B-4559-9EAF-11B36E8580D9} - System32\Tasks\{7AEDB841-4FF3-4784-9667-A1BD370BC810} => C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe 
Task: {7CCC8D5D-3031-437B-AB61-3A7E63EA8D29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001UA => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {85488013-D699-4560-A6D7-B03405D03D17} - System32\Tasks\{3D785787-5091-4ECE-B06F-68A3A42404A4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\Digital Theatre\uDTStart.exe"
Task: {B102A43B-6D7E-4FB2-B413-4A9153B8FA34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1083607986-3899408646-1555014007-1001Core => C:\Users\mautzi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C2C6D31E-3173-4441-99B5-9C9411515DDD} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {D395BC04-8D8D-47A6-A61E-E9E4D29405C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E3CCE98F-F26B-4F16-A9A7-4155D106905E} - System32\Tasks\{1C81B350-A6E0-4509-B9BF-3CDAB0DD8F5D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe 
Task: {F2D19DFC-311F-4D9A-9256-7F4931474470} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-06 11:31 - 2010-10-06 11:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-10-06 11:54 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2017-03-13 21:00 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-13 21:00 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-06 11:43 - 2010-10-06 11:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-01-25 20:01 - 2015-07-30 09:00 - 00541683 _____ () C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\sqlite3.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 03:18 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1083607986-3899408646-1555014007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mautzi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{1CC4E635-5B65-4631-ACF8-EBC9B38AE606}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6128C9BB-4F4E-4DB9-9846-EC1DB9C56DA6}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8BFE5C58-86E3-4284-AE2F-9D2E81171E04}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{A7A78E41-1814-45CB-A54B-05BCA112DFD8}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F657F60F-D65E-40E3-ABBD-8E6E341FEF63}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4AFCA1BA-76F2-43B0-8E5D-4CC68DA85CA3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Wiederherstellungspunkte =========================

14-03-2017 01:25:16 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Power Control [2010/10/06 03:20:40]
Description: Power Control [2010/10/06 03:20:40]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/13/2017 07:30:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/13/2017 07:28:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2service.exe, Version: 2017.2.0.7219, Zeitstempel: 0x58b21713
Name des fehlerhaften Moduls: fw64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x58580a67
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee99a1395
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0x01d29c275962b982
Pfad der fehlerhaften Anwendung: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Pfad des fehlerhaften Moduls: fw64.dll
Berichtskennung: e50ac7eb-081a-11e7-9021-20cf306065bd

Error: (03/12/2017 11:42:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).

Error: (03/12/2017 10:17:29 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (376) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/12/2017 10:14:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053; Fehler = 0x80070070).

Error: (03/11/2017 10:17:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070070).

Error: (03/11/2017 08:56:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (560) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 524288 (0x0000000000080000) für 393216 (0x00060000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 11:55:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (03/06/2017 09:30:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Job does not exist

Error: (03/06/2017 09:26:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (720) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.


Systemfehler:
=============
Error: (03/14/2017 09:10:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/14/2017 09:04:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Control [2010/10/06 03:20:40]" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann den angegebenen Pfad nicht finden.

Error: (03/14/2017 09:02:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (03/14/2017 09:01:59 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Ein DCOM-Server konnte nicht gestartet werden: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. Fehler:
"5"
Aufgetreten beim Start dieses Befehls:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/14/2017 09:01:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2017 09:01:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2017 09:01:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2017 09:01:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2017 09:01:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2017 09:01:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 3948.54 MB
Verfügbarer physikalischer RAM: 1892.24 MB
Summe virtueller Speicher: 7895.27 MB
Verfügbarer virtueller Speicher: 5524.09 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:43.29 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:291.93 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

- Jetzt werden noch die 3 Ordner gelöscht!

Danke!

LG, Anni

14.03.2017, 21:50	#29
M-K-D-B /// TB-Ausbilder	Windows 7 - PC nach gestrigem Java Update gestört. "Virus"? Servus, gut gemacht. Fehlen noch die Logdateien von FRST.

Windows 7 - PC nach gestrigem Java Update gestört. "Virus"?

Plagegeister aller Art und deren Bekämpfung: Windows 7 - PC nach gestrigem Java Update gestört. "Virus"?