Trojaner nach "Anruf von Microsoft Service Center"?

Esteban17 · 17.02.2014, 17:11

Hallo Leute, ich hoffe jemand kann mir helfen, denn das macht mich den ganzen Tag schon verrückt.

Heute um ca. 9 Uhr mogens bekomme ich einen Anruf aus Amerika, bei dem ein Mann mit indischem Akzent (soll nicht rassistisch klingen, aber naja dieses Cliché wurde erfüllt) mir mitteilte dass mein PC voller Malware und sie das bemerkt haben und der deutsche Support das nicht kann deswegen rufen sie persönlich aus Kalifornien an und wollen mir helfen. Komischerweise kannte der Mann meinen Namen, Telfonnummer, eine Art PC IP oder sowas von mir und mein Betriebssystem.
Da ich am Tag zuvor aufgrund einiger eigenartiges Weiterleitungen beim Surfen schon einen leisen verdacht hatte, schien es mir zumindest ein kleinwenig glaubwürdig (Suchte Sommerreifen-Angebote bei google, klicke auf den Link, Link baut sich 2x auf oder so, lande bei Hornbach.de).
(Während ich das hier so schreibe könnte ich mich für meine eigene Dummheit so unglaublich schlagen

)

Wie auch immer, ich habe ein paar Schritte befolgt, da ich keine großartige Ahnung von PC's habe weiß ich nicht mehr ganz genau was die einzelnen Dinge waren die ich geöffnet habe, jedoch meinte der Mann, dass wenn da Fehler zu sehen sind, diese das Problem seien.

Er wollte das ganze dann über eine Fernwartung lösen, hier wurde ich dann noch vorsichtiger & ich fragte nach einer Legitimation seinerseits dass das was er sagt wahr ist, mir wurde daraufhin zigmal versichert dass es sich wirklich um Microsoft handelt und er mir seine ID gibt, die ich bei der seite support.me eingeben sollte, diese sei auch seine Microsoft ID und wenn er seine Rechte missbraucht wird er entlassen, wenn ich auflege wird mein PC gesperrt und wenn ich ihm nicht glaube kann ich gern mit seinem Vorgesetzen reden bla bla bla.
Irgendwann habe ich mich breitschlagen lassen und habe dann diese support.me Verbindung hergestellt. Er konnte daraufhin etwas weniger als eine Minute meinen Desktop steuern, dann verlor er anscheinend die Verbindung und meinte, sie sei zu schlecht und ich solle doch ein anderes Programm runterladen. Da wurde es mir dann endgültig zu blöd und ich habe aufgelegt.

Habe, leider erst danach, mal gegoogelt und geguckt ob andere Leute so ähnliche Anrufe bekommen haben & ein Ergebnis führte mich zur Microsoft website wo genau vor diesem "Microsoft Support Center" als SCAM gewarnt wurde, hammermäßig.

Da ich nun Angst vor einem Virus habe, auch wenn er nur verdammt wenig Zeit hatte den draufzuspielen über diese support.me Seite, habe ich direkt mein Online Banking deaktivieren lassen & würde gerne alle Passwörter die ich habe ändern (natürlich auf einem anderen Gerät)
Habe daraufhin ein paar Freunde gefragt was ich denn jetzt machen soll um den Virus zu finden und habe Malwarebytes und HitmanPro mal drüber laufen lassen.
Dabei sind bei HitmanPro nur Spuren aufgetaucht die ich alle gelöscht habe. Bei Malwarebytes gab es eine Datei, die ich auch gelöscht habe, jedoch ist beim Neustart, den ich machen MUSSTE mein PC hängengeblieben.

Mein avast Virenscanner hing auch dauerhaft bei 0%, daher habe ich das abgebrochen.

Also hier schonmal eine zip mit allen logfiles, wäre sonst zu lang geworden in einem Post.

Anhang 64877

Und hier die logfiles von Malwarebytes:

Logfile beim 1. Durchlauf:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Florid Bang :: STEFAN-PC [Administrator]

Schutz: Aktiviert

17.02.2014 11:31:18
mbam-log-2014-02-17 (11-31-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 451356
Laufzeit: 49 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Florid Bang\Desktop\Malwarebytes Anti Malware - CHIP-Downloader.exe (PUP.Optional.ChipXonio) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Logile 2:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Florid Bang :: STEFAN-PC [Administrator]

Schutz: Aktiviert

17.02.2014 13:31:15
mbam-log-2014-02-17 (13-31-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209711
Laufzeit: 2 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich hoffe jemand von euch kann mir sagen, ob mit meinem PC noch alles in Ordnung ist

Falls etwas fehlt versuche ich es so schnell es geht nachzureichen.

PS: Der PC-Name Florid Bang war ein genialer Streich der beiden unfassbar lustigen Kollegen, die meinen PC zusammengesetzt haben

schrauber · 17.02.2014, 18:16

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Esteban17 · 17.02.2014, 19:30

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Florid Bang (administrator) on STEFAN-PC on 17-02-2014 19:29:03
Running from C:\Users\Florid Bang\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Users\Florid Bang\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Florid Bang\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-17] (AVAST Software)
HKU\S-1-5-21-3834323448-1482072586-416973838-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Florid Bang\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3834323448-1482072586-416973838-1000\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3834323448-1482072586-416973838-1000\...\Run: [Amazon Cloud Player] - C:\Users\Florid Bang\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\S-1-5-21-3834323448-1482072586-416973838-1000\...\MountPoints2: {844f55cc-c3e9-11e2-b622-a9115d861119} - F:\pushinst.exe
HKU\S-1-5-21-3834323448-1482072586-416973838-1000\...\MountPoints2: {a935a33d-eacd-11e2-ab4a-902b34a355a3} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Florid Bang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D7C321BF957CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Florid Bang\AppData\Roaming\Mozilla\Firefox\Profiles\w4a7az2i.default
FF NetworkProxy: "ftp", "213.133.141.197"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "213.133.141.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "213.133.141.197"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "213.133.141.197"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Florid Bang\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Stealthy - C:\Users\Florid Bang\AppData\Roaming\Mozilla\Firefox\Profiles\w4a7az2i.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-09]
FF Extension: Adblock Plus - C:\Users\Florid Bang\AppData\Roaming\Mozilla\Firefox\Profiles\w4a7az2i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-17]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-23]
CHR Extension: (Google Drive) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-23]
CHR Extension: (YouTube) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-23]
CHR Extension: (Google-Suche) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-24]
CHR Extension: (Google Wallet) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Google Mail) - C:\Users\Florid Bang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-11-17]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-02] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-17] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-03-26] (Hauppauge, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-02-17] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-15] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131129.009\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131129.009\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 19:29 - 2014-02-17 19:29 - 00019218 _____ () C:\Users\Florid Bang\Desktop\FRST.txt
2014-02-17 17:17 - 2014-02-17 19:28 - 00000000 ____D () C:\Users\Florid Bang\Desktop\PC
2014-02-17 17:05 - 2014-02-17 17:05 - 00293520 _____ () C:\Windows\Minidump\021714-17893-01.dmp
2014-02-17 16:36 - 2014-02-17 19:29 - 00000000 ____D () C:\FRST
2014-02-17 16:35 - 2014-02-17 16:35 - 02152448 _____ (Farbar) C:\Users\Florid Bang\Desktop\FRST64.exe
2014-02-17 16:20 - 2014-02-17 16:20 - 00000000 _____ () C:\Users\Florid Bang\defogger_reenable
2014-02-17 13:29 - 2014-02-17 17:05 - 811103013 _____ () C:\Windows\MEMORY.DMP
2014-02-17 13:29 - 2014-02-17 13:29 - 00286752 _____ () C:\Windows\Minidump\021714-30498-01.dmp
2014-02-17 13:29 - 2014-02-17 13:29 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-17 13:28 - 2014-02-17 13:28 - 00001436 _____ () C:\Windows\system32\.crusader
2014-02-17 12:50 - 2014-02-17 18:00 - 00000336 _____ () C:\Windows\setupact.log
2014-02-17 12:50 - 2014-02-17 12:50 - 00000628 _____ () C:\Windows\PFRO.log
2014-02-17 12:50 - 2014-02-17 12:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 11:31 - 2014-02-17 13:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\Malwarebytes
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 11:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 10:38 - 2014-02-17 10:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-17 10:38 - 2014-02-17 10:38 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\AVAST Software
2014-02-17 10:37 - 2014-02-17 10:37 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 10:37 - 2014-02-17 10:37 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 10:37 - 2014-02-17 10:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-17 10:36 - 2014-02-17 10:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-17 09:51 - 2014-02-17 10:25 - 00000000 ____D () C:\Users\Florid Bang\AppData\Local\LogMeIn Rescue Applet
2014-02-16 15:49 - 2014-02-16 16:00 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\.minecraft
2014-02-16 15:45 - 2014-02-16 15:49 - 00000000 ____D () C:\Users\Florid Bang\Desktop\Bukkit
2014-02-15 12:05 - 2014-02-15 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:22 - 2014-02-15 11:22 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files\iPod
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-13 16:58 - 2014-02-13 16:58 - 01642443 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_katar.exe
2014-02-13 16:57 - 2014-02-13 17:01 - 57782557 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_originalnamen_europa.exe
2014-02-13 16:57 - 2014-02-13 16:59 - 28658119 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_deutschland.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 08073281 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_turkei.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 06478864 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_ukraine.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 04440426 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_ungarn.exe
2014-02-13 16:56 - 2014-02-13 17:07 - 158236608 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_datensatz_italien.exe
2014-02-13 16:54 - 2014-02-13 16:55 - 00000000 ____D () C:\Users\Florid Bang\Documents\FUSSBALL MANAGER 14
2014-02-13 16:50 - 2014-02-13 16:50 - 00001220 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2014-02-13 16:50 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-13 15:58 - 2014-02-13 16:05 - 85101001 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_bilder_deutschland.exe
2014-02-12 21:21 - 2014-02-12 21:21 - 00675988 _____ () C:\Users\Florid Bang\Desktop\Minecraft.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 02276799 _____ () C:\Users\Florid Bang\Desktop\mcpatcher-4.3.1_01.exe
2014-02-12 20:55 - 2014-02-12 20:56 - 00000000 ____D () C:\Users\Florid Bang\Desktop\Welt
2014-02-12 14:12 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 14:12 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 14:12 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 14:12 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 14:12 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 14:12 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 14:12 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 14:12 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 14:12 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 14:12 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 14:12 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 14:12 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 14:12 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 14:12 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 14:12 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 14:12 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 14:12 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 14:12 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 14:12 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 14:12 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 14:12 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 14:12 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 14:12 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 14:12 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 14:12 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 14:12 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 14:12 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 14:12 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 14:12 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 14:12 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 14:12 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 14:12 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 14:12 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 14:12 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 14:12 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 14:12 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 14:12 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 14:12 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 14:12 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 14:12 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 14:12 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 13:13 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 13:13 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 13:13 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 13:13 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 13:13 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 13:13 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 13:13 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 13:13 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 13:13 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 13:13 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 13:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 13:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 13:13 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 13:13 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 13:13 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 13:13 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 13:13 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 13:13 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 13:13 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 13:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 13:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 13:13 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 13:13 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 13:13 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 13:13 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 13:13 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 13:13 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 13:13 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 19:14 - 2014-02-12 00:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-07 12:48 - 2014-02-07 12:48 - 00004723 _____ () C:\Users\Florid Bang\AppData\Local\recently-used.xbel
2014-01-30 19:04 - 2014-01-30 19:49 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

2014-02-17 19:29 - 2014-02-17 19:29 - 00019218 _____ () C:\Users\Florid Bang\Desktop\FRST.txt
2014-02-17 19:29 - 2014-02-17 16:36 - 00000000 ____D () C:\FRST
2014-02-17 19:28 - 2014-02-17 17:17 - 00000000 ____D () C:\Users\Florid Bang\Desktop\PC
2014-02-17 19:25 - 2013-05-24 21:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 18:43 - 2013-05-23 19:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 18:07 - 2013-05-24 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-02-17 18:07 - 2013-05-24 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-17 18:07 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 18:07 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 18:00 - 2014-02-17 12:50 - 00000336 _____ () C:\Windows\setupact.log
2014-02-17 18:00 - 2013-07-12 11:12 - 00000000 ____D () C:\Users\Florid Bang\AppData\Local\HTC MediaHub
2014-02-17 18:00 - 2013-05-24 21:54 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 18:00 - 2013-05-23 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-17 18:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 17:17 - 2013-05-23 21:50 - 01501348 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 17:05 - 2014-02-17 17:05 - 00293520 _____ () C:\Windows\Minidump\021714-17893-01.dmp
2014-02-17 17:05 - 2014-02-17 13:29 - 811103013 _____ () C:\Windows\MEMORY.DMP
2014-02-17 17:05 - 2013-09-30 13:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-17 16:35 - 2014-02-17 16:35 - 02152448 _____ (Farbar) C:\Users\Florid Bang\Desktop\FRST64.exe
2014-02-17 16:20 - 2014-02-17 16:20 - 00000000 _____ () C:\Users\Florid Bang\defogger_reenable
2014-02-17 16:20 - 2013-05-23 21:50 - 00000000 ____D () C:\Users\Florid Bang
2014-02-17 13:29 - 2014-02-17 13:29 - 00286752 _____ () C:\Windows\Minidump\021714-30498-01.dmp
2014-02-17 13:29 - 2014-02-17 13:29 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-17 13:28 - 2014-02-17 13:28 - 00001436 _____ () C:\Windows\system32\.crusader
2014-02-17 13:28 - 2014-02-17 11:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 13:28 - 2011-04-12 08:43 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 13:28 - 2011-04-12 08:43 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 13:28 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 12:50 - 2014-02-17 12:50 - 00000628 _____ () C:\Windows\PFRO.log
2014-02-17 12:50 - 2014-02-17 12:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 11:40 - 2013-05-23 16:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-17 11:39 - 2013-11-15 23:51 - 00000000 ____D () C:\Users\Florid Bang\AppData\Local\CrashDumps
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\Malwarebytes
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 11:29 - 2014-02-17 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 10:38 - 2014-02-17 10:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-17 10:38 - 2014-02-17 10:38 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\AVAST Software
2014-02-17 10:37 - 2014-02-17 10:37 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 10:37 - 2014-02-17 10:37 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-17 10:37 - 2014-02-17 10:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 10:37 - 2014-02-17 10:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-17 10:36 - 2014-02-17 10:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-17 10:25 - 2014-02-17 09:51 - 00000000 ____D () C:\Users\Florid Bang\AppData\Local\LogMeIn Rescue Applet
2014-02-17 01:06 - 2013-05-23 16:51 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\Skype
2014-02-17 00:20 - 2013-05-24 21:54 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 00:20 - 2013-05-24 21:54 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 16:00 - 2014-02-16 15:49 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\.minecraft
2014-02-16 15:49 - 2014-02-16 15:45 - 00000000 ____D () C:\Users\Florid Bang\Desktop\Bukkit
2014-02-16 10:45 - 2013-05-23 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 01:16 - 2013-08-15 12:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 01:15 - 2013-05-23 17:43 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 12:05 - 2014-02-15 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:22 - 2014-02-15 11:22 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files\iPod
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-15 11:20 - 2013-05-23 16:54 - 00000000 ____D () C:\ProgramData\Apple
2014-02-14 18:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 17:07 - 2014-02-13 16:56 - 158236608 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_datensatz_italien.exe
2014-02-13 17:01 - 2014-02-13 16:57 - 57782557 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_originalnamen_europa.exe
2014-02-13 16:59 - 2014-02-13 16:57 - 28658119 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_deutschland.exe
2014-02-13 16:58 - 2014-02-13 16:58 - 01642443 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_katar.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 08073281 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_turkei.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 06478864 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_ukraine.exe
2014-02-13 16:57 - 2014-02-13 16:57 - 04440426 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_database_ungarn.exe
2014-02-13 16:55 - 2014-02-13 16:54 - 00000000 ____D () C:\Users\Florid Bang\Documents\FUSSBALL MANAGER 14
2014-02-13 16:50 - 2014-02-13 16:50 - 00001220 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2014-02-13 16:05 - 2014-02-13 15:58 - 85101001 _____ (FM-Arena) C:\Users\Florid Bang\Downloads\fm14_bilder_deutschland.exe
2014-02-13 15:57 - 2013-05-24 10:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-12 22:17 - 2013-05-23 19:01 - 00000000 ____D () C:\Users\Florid Bang\Desktop\Sonstiges
2014-02-12 21:21 - 2014-02-12 21:21 - 00675988 _____ () C:\Users\Florid Bang\Desktop\Minecraft.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 02276799 _____ () C:\Users\Florid Bang\Desktop\mcpatcher-4.3.1_01.exe
2014-02-12 20:56 - 2014-02-12 20:55 - 00000000 ____D () C:\Users\Florid Bang\Desktop\Welt
2014-02-12 14:19 - 2013-05-23 16:18 - 01589442 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 00:20 - 2013-12-03 17:18 - 00002031 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-02-12 00:19 - 2013-07-12 11:09 - 00000000 ____D () C:\Users\Florid Bang\AppData\Local\Downloaded Installations
2014-02-12 00:13 - 2014-02-10 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-07 12:52 - 2013-05-24 10:35 - 00000000 ____D () C:\Users\Florid Bang\.gimp-2.8
2014-02-07 12:48 - 2014-02-07 12:48 - 00004723 _____ () C:\Users\Florid Bang\AppData\Local\recently-used.xbel
2014-02-07 12:25 - 2013-07-21 23:24 - 00000000 ____D () C:\Users\Florid Bang\Desktop\WWE Themesongs
2014-02-06 13:16 - 2014-02-12 14:12 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 14:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 14:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 14:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 14:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 14:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 14:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 14:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 14:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 14:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 14:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 14:12 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 14:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 14:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 14:12 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 14:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 14:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 14:12 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 14:12 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 14:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 14:12 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 14:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 14:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 14:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 14:12 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 14:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 14:12 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 14:12 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 14:12 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 14:12 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 14:12 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 14:12 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 14:12 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 14:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 14:12 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 14:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 17:43 - 2013-05-23 19:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:43 - 2013-05-23 19:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 17:43 - 2013-05-23 19:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 20:21 - 2013-05-24 21:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-30 20:33 - 2013-05-23 20:01 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\vlc
2014-01-30 19:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Users\Florid Bang\AppData\Roaming\dvdcss
2014-01-26 18:31 - 2013-05-23 22:43 - 00000000 ____D () C:\Windows\Panther
2014-01-22 10:00 - 2013-08-19 21:06 - 00140800 ___SH () C:\Users\Florid Bang\Documents\Thumbs.db

Some content of TEMP:
====================
C:\Users\Florid Bang\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-b2918jnks.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 12:42

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Florid Bang at 2014-02-17 16:38:15
Running from C:\Users\Florid Bang\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU Version: 2.1.0.381 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
AVM FRITZ!WLAN (x32 Version: 1.2.0.0 - AVM Berlin)
Batman™: Arkham Origins (x32 Version:  - WB Games Montreal)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.01 - Piriform)
CPUID CPU-Z 1.64.0 (Version:  - )
Die Sims™ 3 (x32 Version: 1.63.4 - Electronic Arts)
Die Sims™ 3 Late Night (x32 Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38 - Electronic Arts)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0 - MAGIX AG)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 14 (x32 Version: 1.0.0.0 - Electronic Arts)
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Photosmart 5520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (x32 Version: 27.0.0 - Hewlett Packard)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (x32 Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (x32 Version: 2.4.36.0 - HTC)
IPTInstaller (x32 Version: 4.0.8 - HTC)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
LIMBO (x32 Version:  - Playdead)
MAGIX Video deluxe 17 Plus Sonderedition (x32 Version: 10.0.12.2 - MAGIX AG)
MAGIX Video deluxe 17 Plus Sonderedition (x32 Version: 10.0.12.2 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 320.18 (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.18 (Version: 320.18 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.18 (Version: 320.18 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.18 (Version: 320.18 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001 - GIGABYTE)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Rockstar Games Social Club (x32 Version: 1.1.0.6 - Rockstar Games)
Saints Row IV (x32 Version:  - Deep Silver Volition)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TeamViewer 8 (x32 Version: 8.0.18051 - TeamViewer)
TechPowerUp GPU-Z (x32 Version:  - TechPowerUp)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VIA Plattform-Geräte-Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)

==================== Restore Points  =========================

16-02-2014 00:15:40 Windows Update
17-02-2014 09:37:20 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {33AE1A10-C094-4D5C-816E-5BF52D4C42CE} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {5863A146-66FB-4090-94EF-71AFB1E8D040} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {7A2F9D4A-D4F4-4A0D-9DCE-D678D4B80F91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {802318B1-8943-4B00-B941-AE5D93A38F03} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {95D1E1A5-43D9-4E5E-BCDB-42537CF07A4A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {CF060EB9-918D-4A59-9B51-77053E2131A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {D78EDEFB-5847-4D08-8889-E42395AE951F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {DB5271C8-3F53-41E6-9597-E742BB62AC54} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {DF841ED0-C336-4E4A-92D3-13881B1627D9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {FA0C19EB-3F38-43DF-89F9-961161A34444} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Florid Bang\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-12-03 16:54 - 2013-11-24 18:56 - 03139072 _____ () C:\Users\Florid Bang\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-05-23 21:54 - 2012-05-11 08:46 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-23 21:54 - 2012-05-11 08:46 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-01-26 11:55 - 2014-01-26 11:55 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-02-17 10:41 - 2014-02-17 09:23 - 02180608 _____ () C:\Program Files\AVAST Software\Avast\defs\14021700\algo.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-17 10:37 - 2014-02-17 10:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-14 21:30 - 2013-11-14 21:30 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-14 21:33 - 2013-11-14 21:33 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-14 21:34 - 2013-11-14 21:34 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-07-02 00:30 - 2013-07-02 10:36 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-16 11:16 - 2012-05-30 15:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2014-02-15 12:05 - 2014-02-15 12:05 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-10 19:14 - 2014-02-10 19:14 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-10 19:14 - 2014-02-10 19:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-10 19:14 - 2014-02-10 19:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 04:00:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (02/17/2014 03:57:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2014 01:35:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x784
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (02/17/2014 01:34:28 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (02/17/2014 01:34:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (02/17/2014 01:34:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/17/2014 01:34:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/17/2014 01:31:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2014 01:22:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2014 00:54:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x748
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3


System errors:
=============
Error: (02/17/2014 01:35:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/17/2014 01:29:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.

Error: (02/17/2014 01:29:37 PM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880033788e8, 0xfffff88003378140)C:\Windows\MEMORY.DMP021714-30498-01

Error: (02/17/2014 01:29:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎17.‎02.‎2014 um 13:28:09 unerwartet heruntergefahren.

Error: (02/17/2014 00:54:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/17/2014 00:50:35 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎17.‎02.‎2014 um 12:48:57 unerwartet heruntergefahren.

Error: (02/17/2014 00:36:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.

Error: (02/17/2014 00:36:09 PM) (Source: Service Control Manager) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/17/2014 11:00:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.

Error: (02/17/2014 10:59:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8173.24 MB
Available physical RAM: 5963.48 MB
Total Pagefile: 16344.66 MB
Available Pagefile: 13996.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:794 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D4964B1E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Hoffe es hilft dir!

schrauber · 18.02.2014, 13:07

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Esteban17 · 18.02.2014, 14:48

Hi, hier die Logs:

mbar hat nichts gefunden:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Florid Bang :: STEFAN-PC [administrator]

18.02.2014 14:37:51
mbar-log-2014-02-18 (14-37-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 236276
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDSS Killer hat 3 Dateien gefunden:

Code:

ATTFilter

14:32:33.0200 6348  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:32:34.0691 6348  ============================================================
14:32:34.0691 6348  Current date / time: 2014/02/18 14:32:34.0691
14:32:34.0691 6348  SystemInfo:
14:32:34.0692 6348  
14:32:34.0692 6348  OS Version: 6.1.7601 ServicePack: 1.0
14:32:34.0692 6348  Product type: Workstation
14:32:34.0692 6348  ComputerName: STEFAN-PC
14:32:34.0692 6348  UserName: Florid Bang
14:32:34.0692 6348  Windows directory: C:\Windows
14:32:34.0692 6348  System windows directory: C:\Windows
14:32:34.0692 6348  Running under WOW64
14:32:34.0692 6348  Processor architecture: Intel x64
14:32:34.0692 6348  Number of processors: 6
14:32:34.0692 6348  Page size: 0x1000
14:32:34.0692 6348  Boot type: Normal boot
14:32:34.0692 6348  ============================================================
14:32:35.0829 6348  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:32:35.0838 6348  ============================================================
14:32:35.0838 6348  \Device\Harddisk0\DR0:
14:32:35.0838 6348  MBR partitions:
14:32:35.0839 6348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:32:35.0839 6348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:32:35.0839 6348  ============================================================
14:32:35.0846 6348  C: <-> \Device\Harddisk0\DR0\Partition2
14:32:35.0846 6348  ============================================================
14:32:35.0846 6348  Initialize success
14:32:35.0846 6348  ============================================================
14:32:57.0731 5400  ============================================================
14:32:57.0731 5400  Scan started
14:32:57.0731 5400  Mode: Manual; SigCheck; TDLFS; 
14:32:57.0731 5400  ============================================================
14:32:58.0183 5400  ================ Scan system memory ========================
14:32:58.0183 5400  System memory - ok
14:32:58.0184 5400  ================ Scan services =============================
14:32:58.0275 5400  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
14:32:58.0403 5400  1394ohci - ok
14:32:58.0445 5400  ACDaemon - ok
14:32:58.0463 5400  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:32:58.0493 5400  ACPI - ok
14:32:58.0503 5400  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:32:58.0541 5400  AcpiPmi - ok
14:32:58.0582 5400  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:32:58.0599 5400  AdobeARMservice - ok
14:32:58.0650 5400  [ C8C6C0D659734FDBF63F6F421A5416BC ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:32:58.0668 5400  AdobeFlashPlayerUpdateSvc - ok
14:32:58.0686 5400  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:32:58.0711 5400  adp94xx - ok
14:32:58.0726 5400  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:32:58.0741 5400  adpahci - ok
14:32:58.0750 5400  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:32:58.0763 5400  adpu320 - ok
14:32:58.0782 5400  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:32:58.0811 5400  AeLookupSvc - ok
14:32:58.0830 5400  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
14:32:58.0864 5400  Afc - ok
14:32:58.0894 5400  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
14:32:58.0921 5400  AFD - ok
14:32:58.0930 5400  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:32:58.0942 5400  agp440 - ok
14:32:58.0950 5400  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:32:58.0967 5400  ALG - ok
14:32:58.0985 5400  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:32:58.0996 5400  aliide - ok
14:32:59.0037 5400  AMD FUEL Service - ok
14:32:59.0049 5400  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:32:59.0079 5400  amdide - ok
14:32:59.0089 5400  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
14:32:59.0100 5400  amdiox64 - ok
14:32:59.0113 5400  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:32:59.0136 5400  AmdK8 - ok
14:32:59.0155 5400  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:32:59.0176 5400  AmdPPM - ok
14:32:59.0189 5400  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:32:59.0202 5400  amdsata - ok
14:32:59.0213 5400  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:32:59.0226 5400  amdsbs - ok
14:32:59.0237 5400  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:32:59.0247 5400  amdxata - ok
14:32:59.0250 5400  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:32:59.0260 5400  AODDriver4.1 - ok
14:32:59.0274 5400  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:32:59.0311 5400  AppID - ok
14:32:59.0321 5400  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:32:59.0348 5400  AppIDSvc - ok
14:32:59.0367 5400  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:32:59.0384 5400  Appinfo - ok
14:32:59.0417 5400  [ F518545E5B7623AD49ABE7F8776EFA46 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:32:59.0441 5400  Apple Mobile Device - ok
14:32:59.0457 5400  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
14:32:59.0469 5400  AppleCharger - ok
14:32:59.0479 5400  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
14:32:59.0490 5400  AppleChargerSrv - ok
14:32:59.0501 5400  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:32:59.0513 5400  arc - ok
14:32:59.0523 5400  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:32:59.0536 5400  arcsas - ok
14:32:59.0577 5400  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:32:59.0587 5400  aspnet_state - ok
14:32:59.0625 5400  [ 0ACC3F49015E628590CA4372322EB46B ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:32:59.0653 5400  aswMonFlt - ok
14:32:59.0666 5400  [ 679712B7A353EE665B9301592164A172 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:32:59.0679 5400  aswRdr - ok
14:32:59.0687 5400  [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:32:59.0698 5400  aswRvrt - ok
14:32:59.0739 5400  [ 43599E630DFC30AD4E6A2B4B269EB1C0 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:32:59.0781 5400  aswSnx - ok
14:32:59.0795 5400  [ F22DE5F5BA8ADA0A861441B624B51EB5 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:32:59.0810 5400  aswSP - ok
14:32:59.0827 5400  [ FD3EA14ADF6216BDF4030DB2EFD43D96 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
14:32:59.0839 5400  aswStm - ok
14:32:59.0855 5400  [ 90399625F341AB76BA4B85A5E860EB1F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:32:59.0868 5400  aswVmm - ok
14:32:59.0888 5400  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:32:59.0929 5400  AsyncMac - ok
14:32:59.0949 5400  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:32:59.0959 5400  atapi - ok
14:32:59.0970 5400  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:33:00.0012 5400  AudioEndpointBuilder - ok
14:33:00.0019 5400  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:33:00.0048 5400  AudioSrv - ok
14:33:00.0085 5400  [ CC42F104172B4A62793083D380867317 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:33:00.0095 5400  avast! Antivirus - ok
14:33:00.0110 5400  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
14:33:00.0121 5400  avmeject - ok
14:33:00.0131 5400  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:33:00.0153 5400  AxInstSV - ok
14:33:00.0169 5400  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:33:00.0197 5400  b06bdrv - ok
14:33:00.0212 5400  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:33:00.0236 5400  b57nd60a - ok
14:33:00.0254 5400  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:33:00.0284 5400  BDESVC - ok
14:33:00.0290 5400  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:33:00.0318 5400  Beep - ok
14:33:00.0342 5400  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:33:00.0366 5400  BFE - ok
14:33:00.0520 5400  [ CB1B72BDCCF77B8F2104CF068FD2355C ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131114.001\BHDrvx64.sys
14:33:00.0576 5400  BHDrvx64 - ok
14:33:00.0597 5400  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:33:00.0640 5400  BITS - ok
14:33:00.0655 5400  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:33:00.0679 5400  blbdrive - ok
14:33:00.0702 5400  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:33:00.0716 5400  Bonjour Service - ok
14:33:00.0735 5400  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:33:00.0757 5400  bowser - ok
14:33:00.0764 5400  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:33:00.0797 5400  BrFiltLo - ok
14:33:00.0807 5400  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:33:00.0822 5400  BrFiltUp - ok
14:33:00.0843 5400  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:33:00.0862 5400  Browser - ok
14:33:00.0874 5400  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:33:00.0934 5400  Brserid - ok
14:33:00.0941 5400  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:33:00.0965 5400  BrSerWdm - ok
14:33:00.0987 5400  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:33:01.0010 5400  BrUsbMdm - ok
14:33:01.0019 5400  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:33:01.0040 5400  BrUsbSer - ok
14:33:01.0043 5400  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:33:01.0063 5400  BTHMODEM - ok
14:33:01.0082 5400  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:33:01.0110 5400  bthserv - ok
14:33:01.0177 5400  [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys
14:33:01.0199 5400  ccSet_NIS - ok
14:33:01.0216 5400  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:33:01.0247 5400  cdfs - ok
14:33:01.0255 5400  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:33:01.0268 5400  cdrom - ok
14:33:01.0276 5400  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:33:01.0304 5400  CertPropSvc - ok
14:33:01.0307 5400  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:33:01.0321 5400  circlass - ok
14:33:01.0329 5400  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:33:01.0344 5400  CLFS - ok
14:33:01.0376 5400  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:33:01.0387 5400  clr_optimization_v2.0.50727_32 - ok
14:33:01.0420 5400  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:33:01.0448 5400  clr_optimization_v2.0.50727_64 - ok
14:33:01.0496 5400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:33:01.0517 5400  clr_optimization_v4.0.30319_32 - ok
14:33:01.0525 5400  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:33:01.0539 5400  clr_optimization_v4.0.30319_64 - ok
14:33:01.0554 5400  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:33:01.0591 5400  CmBatt - ok
14:33:01.0615 5400  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:33:01.0629 5400  cmdide - ok
14:33:01.0660 5400  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:33:01.0715 5400  CNG - ok
14:33:01.0734 5400  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:33:01.0747 5400  Compbatt - ok
14:33:01.0759 5400  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:33:01.0777 5400  CompositeBus - ok
14:33:01.0780 5400  COMSysApp - ok
14:33:01.0791 5400  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:33:01.0802 5400  crcdisk - ok
14:33:01.0823 5400  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:33:01.0840 5400  CryptSvc - ok
14:33:01.0862 5400  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:33:01.0900 5400  DcomLaunch - ok
14:33:01.0929 5400  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:33:01.0992 5400  defragsvc - ok
14:33:02.0003 5400  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:33:02.0036 5400  DfsC - ok
14:33:02.0045 5400  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:33:02.0069 5400  Dhcp - ok
14:33:02.0077 5400  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:33:02.0103 5400  discache - ok
14:33:02.0123 5400  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:33:02.0134 5400  Disk - ok
14:33:02.0147 5400  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:33:02.0183 5400  Dnscache - ok
14:33:02.0195 5400  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:33:02.0225 5400  dot3svc - ok
14:33:02.0233 5400  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:33:02.0271 5400  DPS - ok
14:33:02.0296 5400  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:33:02.0313 5400  drmkaud - ok
14:33:02.0341 5400  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:33:02.0364 5400  DXGKrnl - ok
14:33:02.0374 5400  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:33:02.0403 5400  EapHost - ok
14:33:02.0444 5400  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:33:02.0506 5400  ebdrv - ok
14:33:02.0550 5400  [ 1B7AA375F711F66D5FF2B855F9EC987F ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:33:02.0565 5400  eeCtrl - ok
14:33:02.0587 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
14:33:02.0609 5400  EFS - ok
14:33:02.0634 5400  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:33:02.0657 5400  ehRecvr - ok
14:33:02.0669 5400  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:33:02.0690 5400  ehSched - ok
14:33:02.0706 5400  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:33:02.0722 5400  elxstor - ok
14:33:02.0770 5400  [ 7230C8B80DDE1F0524C353240B78CC0E ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:33:02.0799 5400  EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - warning
14:33:02.0799 5400  EraserUtilRebootDrv - detected UnsignedFile.Multi.Generic (1)
14:33:02.0815 5400  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:33:02.0844 5400  ErrDev - ok
14:33:02.0866 5400  [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
14:33:02.0891 5400  EtronHub3 - ok
14:33:02.0901 5400  [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
14:33:02.0915 5400  EtronXHCI - ok
14:33:02.0930 5400  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:33:02.0970 5400  EventSystem - ok
14:33:02.0994 5400  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:33:03.0023 5400  exfat - ok
14:33:03.0048 5400  Fabs - ok
14:33:03.0065 5400  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:33:03.0095 5400  fastfat - ok
14:33:03.0120 5400  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:33:03.0154 5400  Fax - ok
14:33:03.0161 5400  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:33:03.0174 5400  fdc - ok
14:33:03.0181 5400  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:33:03.0218 5400  fdPHost - ok
14:33:03.0228 5400  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:33:03.0255 5400  FDResPub - ok
14:33:03.0264 5400  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:33:03.0275 5400  FileInfo - ok
14:33:03.0283 5400  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:33:03.0309 5400  Filetrace - ok
14:33:03.0347 5400  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:33:03.0389 5400  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:33:03.0389 5400  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:33:03.0393 5400  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:33:03.0404 5400  flpydisk - ok
14:33:03.0413 5400  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:33:03.0427 5400  FltMgr - ok
14:33:03.0478 5400  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:33:03.0523 5400  FontCache - ok
14:33:03.0551 5400  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:33:03.0578 5400  FontCache3.0.0.0 - ok
14:33:03.0588 5400  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:33:03.0600 5400  FsDepends - ok
14:33:03.0616 5400  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:33:03.0628 5400  Fs_Rec - ok
14:33:03.0650 5400  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:33:03.0667 5400  fvevol - ok
14:33:03.0697 5400  [ 8A3DB33B2FA1D0CAF7A70256E00EB996 ] fwlanusb5       C:\Windows\system32\DRIVERS\fwlanusb5.sys
14:33:03.0728 5400  fwlanusb5 - ok
14:33:03.0747 5400  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:33:03.0759 5400  gagp30kx - ok
14:33:03.0769 5400  gdrv - ok
14:33:03.0793 5400  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:33:03.0818 5400  GEARAspiWDM - ok
14:33:03.0837 5400  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:33:03.0883 5400  gpsvc - ok
14:33:03.0906 5400  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:33:03.0916 5400  gupdate - ok
14:33:03.0919 5400  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:33:03.0928 5400  gupdatem - ok
14:33:03.0931 5400  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:33:03.0958 5400  hcw85cir - ok
14:33:03.0985 5400  [ 06B60A20C7843DA78F28CD77A58548C9 ] hcwhdpvr        C:\Windows\system32\DRIVERS\hcwhdpvr.sys
14:33:03.0997 5400  hcwhdpvr - ok
14:33:04.0010 5400  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:33:04.0034 5400  HdAudAddService - ok
14:33:04.0049 5400  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:33:04.0072 5400  HDAudBus - ok
14:33:04.0086 5400  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:33:04.0099 5400  HidBatt - ok
14:33:04.0112 5400  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:33:04.0130 5400  HidBth - ok
14:33:04.0139 5400  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:33:04.0153 5400  HidIr - ok
14:33:04.0165 5400  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:33:04.0193 5400  hidserv - ok
14:33:04.0210 5400  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:33:04.0223 5400  HidUsb - ok
14:33:04.0242 5400  [ FCE2251FE4464DCAA2F4684F19A8EE9B ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
14:33:04.0253 5400  hitmanpro37 - ok
14:33:04.0259 5400  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:33:04.0297 5400  hkmsvc - ok
14:33:04.0307 5400  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:33:04.0331 5400  HomeGroupListener - ok
14:33:04.0351 5400  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:33:04.0374 5400  HomeGroupProvider - ok
14:33:04.0387 5400  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:33:04.0399 5400  HpSAMD - ok
14:33:04.0424 5400  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
14:33:04.0457 5400  HTCAND64 - ok
14:33:04.0501 5400  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
14:33:04.0511 5400  HTCMonitorService - ok
14:33:04.0532 5400  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
14:33:04.0543 5400  htcnprot - ok
14:33:04.0569 5400  [ 7C7C986776D00E575BFBDE5DCBDC615D ] HtcVCom32       C:\Windows\system32\DRIVERS\HtcVComV64.sys
14:33:04.0605 5400  HtcVCom32 - ok
14:33:04.0622 5400  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:33:04.0663 5400  HTTP - ok
14:33:04.0674 5400  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:33:04.0683 5400  hwpolicy - ok
14:33:04.0698 5400  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:33:04.0711 5400  i8042prt - ok
14:33:04.0737 5400  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:33:04.0785 5400  iaStorV - ok
14:33:04.0874 5400  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:33:04.0938 5400  idsvc - ok
14:33:05.0003 5400  [ B96F641291378569E8525383FAA183EB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131128.001\IDSvia64.sys
14:33:05.0032 5400  IDSVia64 - ok
14:33:05.0035 5400  IEEtwCollectorService - ok
14:33:05.0055 5400  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:33:05.0069 5400  iirsp - ok
14:33:05.0106 5400  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:33:05.0127 5400  IKEEXT - ok
14:33:05.0149 5400  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:33:05.0160 5400  intelide - ok
14:33:05.0171 5400  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:33:05.0192 5400  intelppm - ok
14:33:05.0211 5400  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:33:05.0247 5400  IPBusEnum - ok
14:33:05.0261 5400  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:33:05.0289 5400  IpFilterDriver - ok
14:33:05.0313 5400  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:33:05.0335 5400  iphlpsvc - ok
14:33:05.0349 5400  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:33:05.0374 5400  IPMIDRV - ok
14:33:05.0387 5400  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:33:05.0422 5400  IPNAT - ok
14:33:05.0454 5400  [ 7E4F8065367AE5BA387262D57B868DF5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:33:05.0470 5400  iPod Service - ok
14:33:05.0475 5400  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:33:05.0496 5400  IRENUM - ok
14:33:05.0507 5400  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:33:05.0518 5400  isapnp - ok
14:33:05.0527 5400  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:33:05.0541 5400  iScsiPrt - ok
14:33:05.0557 5400  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:33:05.0569 5400  kbdclass - ok
14:33:05.0578 5400  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:33:05.0599 5400  kbdhid - ok
14:33:05.0612 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
14:33:05.0624 5400  KeyIso - ok
14:33:05.0630 5400  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:33:05.0641 5400  KSecDD - ok
14:33:05.0650 5400  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:33:05.0662 5400  KSecPkg - ok
14:33:05.0674 5400  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:33:05.0700 5400  ksthunk - ok
14:33:05.0717 5400  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:33:05.0753 5400  KtmRm - ok
14:33:05.0781 5400  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:33:05.0814 5400  LanmanServer - ok
14:33:05.0825 5400  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:33:05.0853 5400  LanmanWorkstation - ok
14:33:05.0863 5400  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:33:05.0900 5400  lltdio - ok
14:33:05.0913 5400  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:33:05.0952 5400  lltdsvc - ok
14:33:05.0960 5400  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:33:05.0994 5400  lmhosts - ok
14:33:06.0017 5400  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:33:06.0029 5400  LSI_FC - ok
14:33:06.0037 5400  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:33:06.0049 5400  LSI_SAS - ok
14:33:06.0055 5400  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:33:06.0067 5400  LSI_SAS2 - ok
14:33:06.0078 5400  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:33:06.0090 5400  LSI_SCSI - ok
14:33:06.0102 5400  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:33:06.0130 5400  luafv - ok
14:33:06.0169 5400  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:33:06.0194 5400  MBAMProtector - ok
14:33:06.0230 5400  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:33:06.0250 5400  MBAMScheduler - ok
14:33:06.0274 5400  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:33:06.0290 5400  MBAMService - ok
14:33:06.0305 5400  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:33:06.0319 5400  Mcx2Svc - ok
14:33:06.0328 5400  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:33:06.0339 5400  megasas - ok
14:33:06.0352 5400  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:33:06.0366 5400  MegaSR - ok
14:33:06.0376 5400  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:33:06.0414 5400  MMCSS - ok
14:33:06.0429 5400  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:33:06.0456 5400  Modem - ok
14:33:06.0461 5400  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:33:06.0482 5400  monitor - ok
14:33:06.0493 5400  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:33:06.0505 5400  mouclass - ok
14:33:06.0516 5400  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:33:06.0529 5400  mouhid - ok
14:33:06.0548 5400  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:33:06.0560 5400  mountmgr - ok
14:33:06.0600 5400  [ 338037EFA0E8E8699B2667D57B751574 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:33:06.0611 5400  MozillaMaintenance - ok
14:33:06.0625 5400  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:33:06.0637 5400  mpio - ok
14:33:06.0652 5400  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:33:06.0679 5400  mpsdrv - ok
14:33:06.0693 5400  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:33:06.0728 5400  MpsSvc - ok
14:33:06.0764 5400  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:33:06.0802 5400  MRxDAV - ok
14:33:06.0826 5400  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:33:06.0849 5400  mrxsmb - ok
14:33:06.0859 5400  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:33:06.0883 5400  mrxsmb10 - ok
14:33:06.0895 5400  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:33:06.0908 5400  mrxsmb20 - ok
14:33:06.0922 5400  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:33:06.0933 5400  msahci - ok
14:33:06.0946 5400  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:33:06.0959 5400  msdsm - ok
14:33:06.0970 5400  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:33:06.0985 5400  MSDTC - ok
14:33:06.0995 5400  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:33:07.0031 5400  Msfs - ok
14:33:07.0044 5400  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:33:07.0072 5400  mshidkmdf - ok
14:33:07.0078 5400  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:33:07.0088 5400  msisadrv - ok
14:33:07.0102 5400  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:33:07.0136 5400  MSiSCSI - ok
14:33:07.0138 5400  msiserver - ok
14:33:07.0156 5400  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:33:07.0200 5400  MSKSSRV - ok
14:33:07.0212 5400  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:33:07.0245 5400  MSPCLOCK - ok
14:33:07.0252 5400  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:33:07.0278 5400  MSPQM - ok
14:33:07.0289 5400  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:33:07.0309 5400  MsRPC - ok
14:33:07.0318 5400  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:33:07.0329 5400  mssmbios - ok
14:33:07.0331 5400  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:33:07.0358 5400  MSTEE - ok
14:33:07.0373 5400  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:33:07.0385 5400  MTConfig - ok
14:33:07.0394 5400  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:33:07.0405 5400  Mup - ok
14:33:07.0428 5400  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:33:07.0468 5400  napagent - ok
14:33:07.0484 5400  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:33:07.0510 5400  NativeWifiP - ok
14:33:07.0583 5400  [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131129.009\ENG64.SYS
14:33:07.0612 5400  NAVENG - ok
14:33:07.0661 5400  [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131129.009\EX64.SYS
14:33:07.0710 5400  NAVEX15 - ok
14:33:07.0741 5400  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:33:07.0763 5400  NDIS - ok
14:33:07.0773 5400  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:33:07.0800 5400  NdisCap - ok
14:33:07.0807 5400  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:33:07.0834 5400  NdisTapi - ok
14:33:07.0850 5400  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:33:07.0877 5400  Ndisuio - ok
14:33:07.0884 5400  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:33:07.0916 5400  NdisWan - ok
14:33:07.0925 5400  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:33:07.0951 5400  NDProxy - ok
14:33:07.0955 5400  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:33:07.0988 5400  NetBIOS - ok
14:33:08.0000 5400  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:33:08.0029 5400  NetBT - ok
14:33:08.0037 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
14:33:08.0049 5400  Netlogon - ok
14:33:08.0064 5400  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:33:08.0096 5400  Netman - ok
14:33:08.0119 5400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:33:08.0129 5400  NetMsmqActivator - ok
14:33:08.0132 5400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:33:08.0142 5400  NetPipeActivator - ok
14:33:08.0149 5400  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:33:08.0191 5400  netprofm - ok
14:33:08.0194 5400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:33:08.0204 5400  NetTcpActivator - ok
14:33:08.0207 5400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:33:08.0217 5400  NetTcpPortSharing - ok
14:33:08.0236 5400  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:33:08.0247 5400  nfrd960 - ok
14:33:08.0345 5400  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
14:33:08.0367 5400  NIS - ok
14:33:08.0390 5400  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:33:08.0414 5400  NlaSvc - ok
14:33:08.0430 5400  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:33:08.0459 5400  Npfs - ok
14:33:08.0467 5400  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:33:08.0496 5400  nsi - ok
14:33:08.0499 5400  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:33:08.0531 5400  nsiproxy - ok
14:33:08.0564 5400  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:33:08.0601 5400  Ntfs - ok
14:33:08.0609 5400  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:33:08.0646 5400  Null - ok
14:33:08.0661 5400  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:33:08.0673 5400  NVHDA - ok
14:33:08.0825 5400  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:33:09.0036 5400  nvlddmkm - ok
14:33:09.0060 5400  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:33:09.0073 5400  nvraid - ok
14:33:09.0081 5400  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:33:09.0093 5400  nvstor - ok
14:33:09.0109 5400  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:33:09.0131 5400  nvsvc - ok
14:33:09.0147 5400  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:33:09.0160 5400  nv_agp - ok
14:33:09.0205 5400  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:33:09.0230 5400  odserv - ok
14:33:09.0239 5400  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:33:09.0267 5400  ohci1394 - ok
14:33:09.0278 5400  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:33:09.0291 5400  ose - ok
14:33:09.0305 5400  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:33:09.0335 5400  p2pimsvc - ok
14:33:09.0351 5400  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:33:09.0367 5400  p2psvc - ok
14:33:09.0381 5400  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:33:09.0399 5400  Parport - ok
14:33:09.0418 5400  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:33:09.0430 5400  partmgr - ok
14:33:09.0464 5400  [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
14:33:09.0479 5400  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
14:33:09.0479 5400  PassThru Service - detected UnsignedFile.Multi.Generic (1)
14:33:09.0497 5400  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:33:09.0526 5400  PcaSvc - ok
14:33:09.0537 5400  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:33:09.0550 5400  pci - ok
14:33:09.0568 5400  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:33:09.0578 5400  pciide - ok
14:33:09.0594 5400  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:33:09.0608 5400  pcmcia - ok
14:33:09.0622 5400  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:33:09.0634 5400  pcw - ok
14:33:09.0659 5400  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:33:09.0700 5400  PEAUTH - ok
14:33:09.0745 5400  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:33:09.0765 5400  PerfHost - ok
14:33:09.0793 5400  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:33:09.0845 5400  pla - ok
14:33:09.0875 5400  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:33:09.0898 5400  PlugPlay - ok
14:33:09.0934 5400  PnkBstrA - ok
14:33:09.0942 5400  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:33:09.0973 5400  PNRPAutoReg - ok
14:33:09.0980 5400  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:33:09.0995 5400  PNRPsvc - ok
14:33:10.0004 5400  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:33:10.0047 5400  PolicyAgent - ok
14:33:10.0064 5400  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:33:10.0095 5400  Power - ok
14:33:10.0104 5400  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:33:10.0131 5400  PptpMiniport - ok
14:33:10.0142 5400  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:33:10.0156 5400  Processor - ok
14:33:10.0172 5400  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:33:10.0199 5400  ProfSvc - ok
14:33:10.0211 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
14:33:10.0224 5400  ProtectedStorage - ok
14:33:10.0235 5400  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:33:10.0271 5400  Psched - ok
14:33:10.0299 5400  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:33:10.0336 5400  ql2300 - ok
14:33:10.0349 5400  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:33:10.0361 5400  ql40xx - ok
14:33:10.0376 5400  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:33:10.0395 5400  QWAVE - ok
14:33:10.0406 5400  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:33:10.0422 5400  QWAVEdrv - ok
14:33:10.0429 5400  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:33:10.0457 5400  RasAcd - ok
14:33:10.0472 5400  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:33:10.0499 5400  RasAgileVpn - ok
14:33:10.0509 5400  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:33:10.0539 5400  RasAuto - ok
14:33:10.0547 5400  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:33:10.0581 5400  Rasl2tp - ok
14:33:10.0596 5400  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:33:10.0627 5400  RasMan - ok
14:33:10.0633 5400  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:33:10.0667 5400  RasPppoe - ok
14:33:10.0681 5400  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:33:10.0710 5400  RasSstp - ok
14:33:10.0720 5400  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:33:10.0748 5400  rdbss - ok
14:33:10.0761 5400  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:33:10.0775 5400  rdpbus - ok
14:33:10.0782 5400  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:33:10.0808 5400  RDPCDD - ok
14:33:10.0822 5400  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:33:10.0860 5400  RDPENCDD - ok
14:33:10.0869 5400  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:33:10.0900 5400  RDPREFMP - ok
14:33:10.0919 5400  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:33:10.0939 5400  RDPWD - ok
14:33:10.0952 5400  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:33:10.0965 5400  rdyboost - ok
14:33:10.0976 5400  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:33:11.0009 5400  RemoteAccess - ok
14:33:11.0022 5400  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:33:11.0061 5400  RemoteRegistry - ok
14:33:11.0067 5400  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:33:11.0102 5400  RpcEptMapper - ok
14:33:11.0121 5400  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:33:11.0136 5400  RpcLocator - ok
14:33:11.0153 5400  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:33:11.0184 5400  RpcSs - ok
14:33:11.0197 5400  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:33:11.0226 5400  rspndr - ok
14:33:11.0254 5400  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:33:11.0271 5400  RTL8167 - ok
14:33:11.0274 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
14:33:11.0286 5400  SamSs - ok
14:33:11.0301 5400  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:33:11.0312 5400  sbp2port - ok
14:33:11.0328 5400  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:33:11.0359 5400  SCardSvr - ok
14:33:11.0365 5400  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:33:11.0402 5400  scfilter - ok
14:33:11.0418 5400  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:33:11.0456 5400  Schedule - ok
14:33:11.0476 5400  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:33:11.0501 5400  SCPolicySvc - ok
14:33:11.0514 5400  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:33:11.0533 5400  SDRSVC - ok
14:33:11.0536 5400  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:33:11.0566 5400  secdrv - ok
14:33:11.0574 5400  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:33:11.0602 5400  seclogon - ok
14:33:11.0618 5400  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:33:11.0656 5400  SENS - ok
14:33:11.0660 5400  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:33:11.0681 5400  SensrSvc - ok
14:33:11.0691 5400  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:33:11.0703 5400  Serenum - ok
14:33:11.0713 5400  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:33:11.0735 5400  Serial - ok
14:33:11.0756 5400  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:33:11.0793 5400  sermouse - ok
14:33:11.0814 5400  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:33:11.0848 5400  SessionEnv - ok
14:33:11.0860 5400  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:33:11.0875 5400  sffdisk - ok
14:33:11.0890 5400  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:33:11.0914 5400  sffp_mmc - ok
14:33:11.0925 5400  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:33:11.0944 5400  sffp_sd - ok
14:33:11.0955 5400  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:33:11.0968 5400  sfloppy - ok
14:33:11.0988 5400  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:33:12.0019 5400  SharedAccess - ok
14:33:12.0034 5400  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:33:12.0065 5400  ShellHWDetection - ok
14:33:12.0080 5400  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:33:12.0092 5400  SiSRaid2 - ok
14:33:12.0102 5400  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:33:12.0114 5400  SiSRaid4 - ok
14:33:12.0136 5400  [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:33:12.0149 5400  SkypeUpdate - ok
14:33:12.0159 5400  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:33:12.0198 5400  Smb - ok
14:33:12.0204 5400  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:33:12.0222 5400  SNMPTRAP - ok
14:33:12.0229 5400  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:33:12.0240 5400  spldr - ok
14:33:12.0258 5400  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:33:12.0280 5400  Spooler - ok
14:33:12.0321 5400  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:33:12.0402 5400  sppsvc - ok
14:33:12.0410 5400  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:33:12.0444 5400  sppuinotify - ok
14:33:12.0512 5400  [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
14:33:12.0555 5400  SRTSP - ok
14:33:12.0571 5400  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
14:33:12.0583 5400  SRTSPX - ok
14:33:12.0608 5400  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:33:12.0625 5400  srv - ok
14:33:12.0640 5400  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:33:12.0661 5400  srv2 - ok
14:33:12.0675 5400  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:33:12.0688 5400  srvnet - ok
14:33:12.0706 5400  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:33:12.0739 5400  SSDPSRV - ok
14:33:12.0748 5400  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:33:12.0781 5400  SstpSvc - ok
14:33:12.0807 5400  [ C3D855CC0A8E5E373FDFCF4F743C5C9D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:33:12.0822 5400  Steam Client Service - ok
14:33:12.0881 5400  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:33:12.0915 5400  Stereo Service - ok
14:33:12.0929 5400  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:33:12.0946 5400  stexstor - ok
14:33:12.0974 5400  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:33:13.0002 5400  StillCam - ok
14:33:13.0026 5400  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:33:13.0059 5400  stisvc - ok
14:33:13.0068 5400  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:33:13.0085 5400  swenum - ok
14:33:13.0102 5400  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:33:13.0136 5400  swprv - ok
14:33:13.0157 5400  [ 52DC0048D667757A8A2E4C87182890AC ] SymDS           C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS
14:33:13.0173 5400  SymDS - ok
14:33:13.0184 5400  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
14:33:13.0215 5400  SymEFA - ok
14:33:13.0250 5400  [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:33:13.0262 5400  SymEvent - ok
14:33:13.0266 5400  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS
14:33:13.0278 5400  SymIRON - ok
14:33:13.0285 5400  [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS         C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
14:33:13.0301 5400  SymNetS - ok
14:33:13.0347 5400  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:33:13.0402 5400  SysMain - ok
14:33:13.0417 5400  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:33:13.0436 5400  TabletInputService - ok
14:33:13.0447 5400  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:33:13.0478 5400  TapiSrv - ok
14:33:13.0487 5400  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:33:13.0515 5400  TBS - ok
14:33:13.0553 5400  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:33:13.0599 5400  Tcpip - ok
14:33:13.0628 5400  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:33:13.0657 5400  TCPIP6 - ok
14:33:13.0678 5400  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:33:13.0690 5400  tcpipreg - ok
14:33:13.0703 5400  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:33:13.0739 5400  TDPIPE - ok
14:33:13.0751 5400  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:33:13.0766 5400  TDTCP - ok
14:33:13.0776 5400  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:33:13.0804 5400  tdx - ok
14:33:13.0880 5400  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
14:33:13.0933 5400  TeamViewer8 - ok
14:33:13.0941 5400  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:33:13.0953 5400  TermDD - ok
14:33:13.0966 5400  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:33:14.0000 5400  TermService - ok
14:33:14.0003 5400  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:33:14.0020 5400  Themes - ok
14:33:14.0032 5400  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:33:14.0060 5400  THREADORDER - ok
14:33:14.0069 5400  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:33:14.0107 5400  TrkWks - ok
14:33:14.0137 5400  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:33:14.0184 5400  TrustedInstaller - ok
14:33:14.0209 5400  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:33:14.0226 5400  tssecsrv - ok
14:33:14.0251 5400  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:33:14.0285 5400  TsUsbFlt - ok
14:33:14.0298 5400  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:33:14.0314 5400  TsUsbGD - ok
14:33:14.0333 5400  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:33:14.0371 5400  tunnel - ok
14:33:14.0382 5400  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:33:14.0394 5400  uagp35 - ok
14:33:14.0408 5400  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:33:14.0456 5400  udfs - ok
14:33:14.0473 5400  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:33:14.0497 5400  UI0Detect - ok
14:33:14.0500 5400  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:33:14.0511 5400  uliagpkx - ok
14:33:14.0518 5400  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:33:14.0534 5400  umbus - ok
14:33:14.0546 5400  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:33:14.0567 5400  UmPass - ok
14:33:14.0585 5400  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:33:14.0619 5400  upnphost - ok
14:33:14.0660 5400  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:33:14.0708 5400  usbaudio - ok
14:33:14.0728 5400  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:33:14.0753 5400  usbccgp - ok
14:33:14.0767 5400  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:33:14.0793 5400  usbcir - ok
14:33:14.0813 5400  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:33:14.0838 5400  usbehci - ok
14:33:14.0859 5400  [ 5AE9C87A1ED4B243942B3FDDD902134B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:33:14.0871 5400  usbfilter - ok
14:33:14.0903 5400  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:33:14.0929 5400  usbhub - ok
14:33:14.0959 5400  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:33:14.0973 5400  usbohci - ok
14:33:14.0982 5400  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:33:15.0007 5400  usbprint - ok
14:33:15.0026 5400  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:33:15.0059 5400  USBSTOR - ok
14:33:15.0084 5400  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:33:15.0108 5400  usbuhci - ok
14:33:15.0130 5400  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
14:33:15.0156 5400  usb_rndisx - ok
14:33:15.0163 5400  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:33:15.0218 5400  UxSms - ok
14:33:15.0229 5400  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
14:33:15.0241 5400  VaultSvc - ok
14:33:15.0263 5400  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:33:15.0275 5400  vdrvroot - ok
14:33:15.0286 5400  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:33:15.0328 5400  vds - ok
14:33:15.0341 5400  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:33:15.0356 5400  vga - ok
14:33:15.0364 5400  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:33:15.0395 5400  VgaSave - ok
14:33:15.0407 5400  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:33:15.0421 5400  vhdmp - ok
14:33:15.0466 5400  [ E066AA9C9866C2001372486A6841108C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
14:33:15.0515 5400  VIAHdAudAddService - ok
14:33:15.0536 5400  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:33:15.0548 5400  viaide - ok
14:33:15.0557 5400  [ 1236737C7993FB462610E1A0AA92C40B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
14:33:15.0568 5400  VIAKaraokeService - ok
14:33:15.0578 5400  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:33:15.0590 5400  volmgr - ok
14:33:15.0605 5400  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:33:15.0629 5400  volmgrx - ok
14:33:15.0682 5400  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:33:15.0750 5400  volsnap - ok
14:33:15.0815 5400  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:33:15.0840 5400  vsmraid - ok
14:33:15.0867 5400  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:33:15.0943 5400  VSS - ok
14:33:15.0958 5400  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:33:15.0980 5400  vwifibus - ok
14:33:15.0987 5400  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:33:16.0003 5400  vwififlt - ok
14:33:16.0024 5400  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:33:16.0057 5400  W32Time - ok
14:33:16.0067 5400  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:33:16.0079 5400  WacomPen - ok
14:33:16.0093 5400  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:33:16.0124 5400  WANARP - ok
14:33:16.0127 5400  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:33:16.0153 5400  Wanarpv6 - ok
14:33:16.0174 5400  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:33:16.0227 5400  wbengine - ok
14:33:16.0243 5400  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:33:16.0262 5400  WbioSrvc - ok
14:33:16.0277 5400  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:33:16.0298 5400  wcncsvc - ok
14:33:16.0314 5400  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:33:16.0345 5400  WcsPlugInService - ok
14:33:16.0352 5400  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:33:16.0364 5400  Wd - ok
14:33:16.0401 5400  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:33:16.0423 5400  Wdf01000 - ok
14:33:16.0515 5400  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:33:16.0601 5400  WdiServiceHost - ok
14:33:16.0605 5400  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:33:16.0623 5400  WdiSystemHost - ok
14:33:16.0632 5400  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
14:33:16.0652 5400  WebClient - ok
14:33:16.0670 5400  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:33:16.0705 5400  Wecsvc - ok
14:33:16.0716 5400  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:33:16.0745 5400  wercplsupport - ok
14:33:16.0750 5400  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:33:16.0779 5400  WerSvc - ok
14:33:16.0791 5400  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:33:16.0817 5400  WfpLwf - ok
14:33:16.0832 5400  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:33:16.0843 5400  WIMMount - ok
14:33:16.0863 5400  WinDefend - ok
14:33:16.0878 5400  WinHttpAutoProxySvc - ok
14:33:16.0916 5400  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:33:16.0968 5400  Winmgmt - ok
14:33:16.0994 5400  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:33:17.0051 5400  WinRM - ok
14:33:17.0093 5400  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:33:17.0108 5400  WinUsb - ok
14:33:17.0130 5400  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:33:17.0164 5400  Wlansvc - ok
14:33:17.0174 5400  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:33:17.0186 5400  WmiAcpi - ok
14:33:17.0199 5400  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:33:17.0217 5400  wmiApSrv - ok
14:33:17.0225 5400  WMPNetworkSvc - ok
14:33:17.0232 5400  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:33:17.0252 5400  WPCSvc - ok
14:33:17.0262 5400  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:33:17.0277 5400  WPDBusEnum - ok
14:33:17.0285 5400  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:33:17.0322 5400  ws2ifsl - ok
14:33:17.0335 5400  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:33:17.0365 5400  wscsvc - ok
14:33:17.0368 5400  WSearch - ok
14:33:17.0408 5400  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:33:17.0467 5400  wuauserv - ok
14:33:17.0485 5400  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:33:17.0504 5400  WudfPf - ok
14:33:17.0519 5400  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:33:17.0543 5400  WUDFRd - ok
14:33:17.0563 5400  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:33:17.0588 5400  wudfsvc - ok
14:33:17.0604 5400  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:33:17.0628 5400  WwanSvc - ok
14:33:17.0666 5400  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:33:17.0678 5400  xusb21 - ok
14:33:17.0695 5400  ================ Scan global ===============================
14:33:17.0700 5400  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:33:17.0721 5400  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:33:17.0727 5400  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:33:17.0742 5400  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:33:17.0754 5400  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:33:17.0758 5400  [Global] - ok
14:33:17.0759 5400  ================ Scan MBR ==================================
14:33:17.0770 5400  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:33:18.0096 5400  \Device\Harddisk0\DR0 - ok
14:33:18.0097 5400  ================ Scan VBR ==================================
14:33:18.0125 5400  [ 2089826E937922095DCA1EBB21EA8A91 ] \Device\Harddisk0\DR0\Partition1
14:33:18.0128 5400  \Device\Harddisk0\DR0\Partition1 - ok
14:33:18.0141 5400  [ 01976F2D84ECBF149858A11C41BD849F ] \Device\Harddisk0\DR0\Partition2
14:33:18.0144 5400  \Device\Harddisk0\DR0\Partition2 - ok
14:33:18.0145 5400  ============================================================
14:33:18.0145 5400  Scan finished
14:33:18.0145 5400  ============================================================
14:33:18.0161 5224  Detected object count: 3
14:33:18.0161 5224  Actual detected object count: 3
14:33:39.0062 5224  EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:33:39.0063 5224  EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:33:39.0065 5224  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:33:39.0065 5224  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:33:39.0068 5224  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:33:39.0068 5224  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:34:21.0314 5088  Deinitialize success

schrauber · 19.02.2014, 15:14

Sieht gut aus

Esteban17 · 19.02.2014, 16:35

heißt das, alles in Ordnung? Also nicht formatieren etc.?

JAWOOOOOLL!

schrauber · 20.02.2014, 14:11

Jap

Esteban17 · 20.02.2014, 15:19

Dann danke ich dir für deine Hilfe!

Kann geschlossen werden

schrauber · 21.02.2014, 11:01

Gern Geschehen

19.02.2014, 15:14	#6
schrauber /// the machine /// TB-Ausbilder	Trojaner nach "Anruf von Microsoft Service Center"? Sieht gut aus __________________ --> Trojaner nach "Anruf von Microsoft Service Center"?

20.02.2014, 14:11	#8
schrauber /// the machine /// TB-Ausbilder	Trojaner nach "Anruf von Microsoft Service Center"? Jap __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.02.2014, 11:01	#10
schrauber /// the machine /// TB-Ausbilder	Trojaner nach "Anruf von Microsoft Service Center"? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojaner nach "Anruf von Microsoft Service Center"?

Plagegeister aller Art und deren Bekämpfung: Trojaner nach "Anruf von Microsoft Service Center"?