| |
| |||||||
Log-Analyse und Auswertung: Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2014, 16:00
| #1 |
 |  Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Hallo, folgendes Problem plagt mich seit 6 Uhr morgens: Starte ich den PC, Windows Vista 32 bit, erscheint der Desktophintergrund, Taskleiste und drei Symbole in der Tray. Dann kommt "Windows Explorer funktioniert nicht mehr" mit dem Hinweis, dass eine Lösung für das Problem gesucht wird, woraufhin die Meldung erscheint "Windows Explorer wird neu gestartet". Dann stürzt er gleich wieder ab, das geht dann 5 - 10 Mal so, woraufhin er den Explorer nicht mehr neu starten will sondern den Desktop anzeigt, ohne dass etwas anklickbar wäre. In den Taskmanager kommt man jedoch noch rein, beendet ich dort "explorer.exe" manuell, erscheint die Fehlermeldung: explorer.exe - Fehler in der Anwendung Die Ausnahme "unkoown software exception" (0x80000003) ist in der Anwendung an der STelle 0x628f96c0 aufgetreten. Klicken Sie auf "OK", um das Programm zu beenden. WinExplorer stürzt auch ab, wenn ich mich im Abgesicherten Modus einlogge, jedoch nicht, wenn ich in den Abgesicherten Modus mit Eingabeaufforderung gehe. Interessant finde ich, dass WinExplorer nicht abstürzt, wenn ich mich in ein zweites Benutzerkonto einlogge - dieses hat allerdings keine Admin-Rechte. Versucht habe ich bereits folgendes vergebens: - in msconfig alle Autostart-Dateien deaktivieren (außer Betriebssystem) und alle Syst - mit einer Ubuntu Live CD habe ich versucht, die explorer.exe in C:\Windwors mit einer "altne" (?) explorer.exe aus einem Ordner in C:\Windows\...\explorer.exe zu ersetzen - Sfc scannow Befehl mehrere Male ausgeführt - Reparaturoptionen mit der Boot-CD - Letzte Funktionierende Konfiguration - Systemwiederherstellung auf Dezember oder so (mittlerweile sehe ich im Wiederherstellungsmenü nur 4 Zeitpunkte, bis maximal 21.02.2014 zurück! Ich habe versucht, über die Eingabeaufforderung und mit Hilfe eines USB Sticks GMER und FRST zum Laufen zu bringen. Für defogger habe ich noch eine Logfile bekommen, Gmer und FRST bleiben aber hängen, während der Scan läuft. Noch eine Anmerkung: Habe Malwarebytes Anti-Maleware Quick Check drüber laufen lassen. Die explorer.exe, die ich im Windows-Ordner überschrieben habe, hatte ich auf dem Desktop zur Sicherheit mal gespeichert. Dort findet Malwarebytes etwas namens "Heuristics.Reserved.Word.Exploit". Leider lässt sich die log-file nicht speichern, immer dann hängt sich das Programm wie bei den anderen auf! Tausend Dank für die Hilfe im Voraus!!! FRST konnte ich nur im abgesicherten Modus mit Eingabeaufforderung ausführen, das Programm blieb ja im Hauptbenutzerkonto genauso wie Malwarebytes hängen. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:41 on 24/02/2014 (Florian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02
Ran by Florian (administrator) on FLORIAN-PC on 24-02-2014 14:07:42
Running from J:\
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-12-28] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1939334895-897515761-2617989973-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1939334895-897515761-2617989973-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Florian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1939334895-897515761-2617989973-1000\...\MountPoints2: {290950d7-1c36-11e2-ba36-00e04d627320} - I:\SETUP.EXE
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x690419F2E449CE01
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.161 83.169.184.225 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default
FF SelectedSearchEngine: dict.cc
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @spoon.net/Spoon Plugin 3.32 - C:\Program Files\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Extension: Nightly Tester Tools - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2014-01-03]
FF Extension: InvisibleHand - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2014-01-02]
FF Extension: Dict.cc Translation - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\searchdictcc@roughael.xpi [2014-01-02]
FF Extension: InstantFox - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\searchy@searchy.xpi [2014-01-02]
FF Extension: Google Translator for Firefox - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\translator@zoli.bod.xpi [2014-01-02]
FF Extension: Google Cache Tool - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi [2014-01-02]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-02]
FF Extension: Greasemonkey - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\t043bv75.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2013-12-11]
FF HKLM\...\Firefox\Extensions: [tunebite-firefox-surf-and-catch-extension@audials.com] - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
FF Extension: Tunebite Firefox Surf and Catch Plugin - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ []
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-31]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-31]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-12-28]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-12-28]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-12-28]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-12-28]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-12-28]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (NapsterLink) - C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-28]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-28]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-28]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-15]
CHR Extension: (ICE Quick Stream) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp [2011-10-23]
CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR Extension: (Anti-Banner) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-28]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-31]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
========================== Services (Whitelisted) =================
S2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-12-28] (Kaspersky Lab ZAO)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S4 gupdate1ca434fb413d182; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-02] (Google Inc.)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-11-05] (Copyright 2013 SAMSUNG)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [65024 2009-09-30] (tzuk)
==================== Drivers (Whitelisted) ====================
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-28] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-12-28] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-28] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-12-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-12-28] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-12-28] (Kaspersky Lab ZAO)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-12-28] (Kaspersky Lab ZAO)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-07-03] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-07-03] (RapidSolution Software AG)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [489984 2008-01-16] (Ralink Technology, Corp.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [116736 2009-09-30] (tzuk)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-12] (RapidSolution Software AG)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex)
S2 adfs; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-12-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-24 14:23 - 2009-04-11 07:27 - 02926592 _____ (Microsoft Corporation) C:\Users\Florian\Desktop\explorer.exe
2014-02-24 14:23 - 2006-11-02 10:45 - 02923520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-24 13:58 - 2014-02-24 13:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-24 13:55 - 2014-02-24 14:07 - 00000000 ____D () C:\FRST
2014-02-24 11:14 - 2014-02-24 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 21:02 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 21:02 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 21:02 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 21:02 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 21:02 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 21:02 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 21:02 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 21:02 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 21:02 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 21:02 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 21:02 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 21:02 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 21:02 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 21:02 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 21:02 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 21:02 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 20:00 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-21 20:44 - 2014-02-23 19:42 - 00000000 ____D () C:\Program Files\GUM79B1.tmp
2014-02-20 09:47 - 2014-02-20 09:53 - 00000000 ____D () C:\Users\Florian\Desktop\utmp
2014-02-14 12:25 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox(74)
==================== One Month Modified Files and Folders =======
2014-02-24 14:07 - 2014-02-24 13:55 - 00000000 ____D () C:\FRST
2014-02-24 14:03 - 2006-11-02 14:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 14:03 - 2006-11-02 13:47 - 00004080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 14:03 - 2006-11-02 13:47 - 00004080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 14:02 - 2009-10-20 07:33 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-24 14:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 14:02 - 2006-11-02 13:52 - 01228371 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 14:00 - 2006-11-02 11:33 - 01453952 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 13:58 - 2014-02-24 13:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-24 13:58 - 2012-10-22 17:55 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Dropbox
2014-02-24 13:56 - 2012-10-22 17:59 - 00000000 ___RD () C:\Users\Monika\Dropbox
2014-02-24 13:54 - 2011-12-28 13:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-24 13:54 - 2009-10-02 12:12 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 13:53 - 2010-08-18 14:21 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-02-24 13:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-24 13:31 - 2011-11-01 16:32 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Dropbox
2014-02-24 13:30 - 2011-11-01 17:13 - 00000000 ___RD () C:\Users\Florian\Documents\Dropbox
2014-02-24 13:29 - 2011-11-04 18:58 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-02-24 12:21 - 2010-03-21 17:13 - 00000000 ____D () C:\Windows\pss
2014-02-24 11:14 - 2014-02-24 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-24 10:50 - 2012-10-22 17:57 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-24 10:50 - 2009-10-02 12:12 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 10:45 - 2012-06-17 18:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 09:23 - 2009-10-01 16:25 - 00001356 _____ () C:\Users\Florian\AppData\Local\d3d9caps.dat
2014-02-23 21:22 - 2009-10-01 20:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-23 21:14 - 2013-08-08 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-23 21:05 - 2006-11-02 11:23 - 00000219 _____ () C:\Windows\win.ini
2014-02-23 20:26 - 2012-03-19 20:15 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001UA.job
2014-02-23 20:26 - 2012-03-19 20:15 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001Core.job
2014-02-23 19:46 - 2012-05-12 00:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 19:46 - 2011-05-15 23:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 19:42 - 2014-02-21 20:44 - 00000000 ____D () C:\Program Files\GUM79B1.tmp
2014-02-23 19:41 - 2010-03-03 01:35 - 00000000 ____D () C:\Users\Monika
2014-02-23 19:41 - 2009-10-01 16:25 - 00000000 ____D () C:\Users\Florian
2014-02-23 19:41 - 2006-11-02 11:22 - 63176704 _____ () C:\Windows\system32\config\software_previous
2014-02-23 19:41 - 2006-11-02 11:22 - 45088768 _____ () C:\Windows\system32\config\components_previous
2014-02-23 19:41 - 2006-11-02 11:22 - 126615552 _____ () C:\Windows\system32\config\system_previous
2014-02-23 19:41 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-23 19:41 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-23 19:41 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-23 19:40 - 2011-11-11 14:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Akamai
2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-21 20:31 - 2014-01-02 22:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 20:31 - 2013-12-11 14:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 20:31 - 2012-07-21 14:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Spotify
2014-02-21 20:31 - 2010-12-03 01:19 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-02-21 20:31 - 2009-10-01 19:43 - 00000000 ____D () C:\Users\Florian\AppData\Local\MediaMonkey
2014-02-21 10:24 - 2013-12-16 19:19 - 04323291 _____ () C:\Users\Florian\Desktop\IMG_1508.MOV
2014-02-20 09:53 - 2014-02-20 09:47 - 00000000 ____D () C:\Users\Florian\Desktop\utmp
2014-02-20 09:53 - 2011-12-12 23:07 - 00000600 _____ () C:\Users\Florian\PUTTY.RND
2014-02-14 13:20 - 2013-10-01 18:14 - 00000000 ____D () C:\Users\Florian\Desktop\Uni
2014-02-14 12:26 - 2014-02-14 12:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox(74)
2014-02-13 12:22 - 2012-07-21 14:59 - 00000000 ____D () C:\Users\Florian\AppData\Local\Spotify
2014-02-10 17:04 - 2009-10-01 18:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-10 16:39 - 2008-12-24 23:33 - 00000000 ____D () C:\Users\Florian\Documents\Meine Scans
2014-02-10 14:15 - 2011-11-01 16:34 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-10 14:09 - 2009-10-01 16:26 - 00101224 _____ () C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-07 19:49 - 2008-02-23 05:18 - 00000000 ___HD () C:\Users\Florian\Documents\Turbo Lister
2014-02-05 09:58 - 2014-02-23 21:02 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-23 21:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-23 21:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-23 21:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-23 21:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-23 21:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-23 21:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-23 21:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-23 21:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-23 21:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-23 21:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-23 21:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-23 21:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-23 21:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-23 21:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-23 21:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Files to move or delete:
====================
C:\Users\Florian\AppData\Roaming\desktop.ini
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Florian\AppData\Local\Temp\ose00000.exe
C:\Users\Florian\AppData\Local\Temp\SamsungAPInstaller_1382458371839.exe
C:\Users\Florian\AppData\Local\Temp\SamsungAPInstaller_1384803161297.exe
C:\Users\Monika\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2014-02-24 14:23] - [2006-11-02 10:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-24 14:01
==================== End Of Log ============================
|
|
24.02.2014, 16:26
| #2 |
| /// the machine /// TB-Ausbilder    | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Hi,
__________________bitte in das andere Konto einloggen, einen neuen Benutzer mit Adminrechten anlegen. Dort rein und nochmal testen.
__________________ |
|
24.02.2014, 18:36
| #3 |
| | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Vielen Dank für die schnelle Antwort!
__________________ Ich konnte keinen neuen Benutzer erstellen im anderen Account. Habe aber dann über cmd das Administratorenkonto aktiviert, ich hoffe, dass das auch reicht. Hier tritt übrigens der Fehler auch nicht auf, sondern anscheinend nur in meinem persönlichen Benutzerkonto! Hier also die Logfiles: FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02 Ran by Administrator (administrator) on FLORIAN-PC on 24-02-2014 17:24:02 Running from C:\Users\Administrator\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-12-28] (Kaspersky Lab ZAO) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1939334895-897515761-2617989973-1002\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1939334895-897515761-2617989973-500\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File) ==================== Internet (Whitelisted) ==================== BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 83.169.184.161 83.169.184.225 192.168.0.1 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24] CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-02-24] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-02-24] CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-02-24] CHR Extension: (Virtuelle Tastatur) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-02-24] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-02-24] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24] CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24] CHR Extension: (Anti-Banner) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-02-24] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-31] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ========================== Services (Whitelisted) ================= R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-12-28] (Kaspersky Lab ZAO) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.) S4 gupdate1ca434fb413d182; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-02] (Google Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-11-05] (Copyright 2013 SAMSUNG) S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [65024 2009-09-30] (tzuk) ==================== Drivers (Whitelisted) ==================== S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-22] (DT Soft Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-28] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-12-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-12-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-12-28] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-12-28] (Kaspersky Lab ZAO) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-12-28] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-24] (Malwarebytes Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-07-03] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-07-03] (RapidSolution Software AG) R3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [489984 2008-01-16] (Ralink Technology, Corp.) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [116736 2009-09-30] (tzuk) S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG) S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-12] (RapidSolution Software AG) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex) S2 adfs; No ImagePath S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-12-28] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-24 17:24 - 2014-02-24 17:25 - 00013545 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-02-24 17:23 - 2014-02-24 17:23 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log 2014-02-24 17:23 - 2014-02-24 17:23 - 00000000 _____ () C:\Users\Administrator\defogger_reenable 2014-02-24 17:21 - 2014-02-24 17:22 - 01144320 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2014-02-24 17:21 - 2014-02-24 17:21 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe 2014-02-24 17:21 - 2014-02-24 17:21 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe 2014-02-24 17:19 - 2014-02-24 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-02-24 17:18 - 2014-02-24 17:18 - 00101224 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 17:17 - 2014-02-24 17:19 - 00001963 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk 2014-02-24 17:17 - 2014-02-24 17:17 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-24 17:17 - 2014-02-24 17:17 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-02-24 17:16 - 2014-02-24 17:16 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-02-24 17:15 - 2014-02-24 17:23 - 00000000 ____D () C:\Users\Administrator 2014-02-24 17:15 - 2014-02-24 17:15 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-02-24 17:15 - 2010-08-22 23:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-02-24 17:15 - 2009-10-05 03:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-24 17:15 - 2009-10-05 03:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-24 17:15 - 2009-10-01 22:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help 2014-02-24 15:41 - 2014-02-24 15:41 - 00000000 _____ () C:\Users\Florian\defogger_reenable 2014-02-24 14:33 - 2014-02-24 14:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-24 14:25 - 2014-02-24 14:25 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-24 14:25 - 2014-02-24 14:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-02-24 14:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-24 14:23 - 2009-04-11 07:27 - 02926592 _____ (Microsoft Corporation) C:\Users\Florian\Desktop\explorer.exe 2014-02-24 14:23 - 2006-11-02 10:45 - 02923520 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2014-02-24 13:58 - 2014-02-24 13:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300 (1).exe 2014-02-24 13:55 - 2014-02-24 15:43 - 00000000 ____D () C:\FRST 2014-02-24 11:14 - 2014-02-24 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-23 21:02 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-23 21:02 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-23 21:02 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-23 21:02 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-23 21:02 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-23 21:02 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-23 21:02 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-23 21:02 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-23 21:02 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-23 21:02 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-23 21:02 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-23 21:02 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-23 21:02 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-23 21:02 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-23 21:02 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-23 21:02 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-23 20:00 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-21 20:44 - 2014-02-23 19:42 - 00000000 ____D () C:\Program Files\GUM79B1.tmp 2014-02-20 09:47 - 2014-02-20 09:53 - 00000000 ____D () C:\Users\Florian\Desktop\utmp 2014-02-14 12:25 - 2014-02-14 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox(74) ==================== One Month Modified Files and Folders ======= 2014-02-24 17:25 - 2014-02-24 17:24 - 00013545 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-02-24 17:23 - 2014-02-24 17:23 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log 2014-02-24 17:23 - 2014-02-24 17:23 - 00000000 _____ () C:\Users\Administrator\defogger_reenable 2014-02-24 17:23 - 2014-02-24 17:15 - 00000000 ____D () C:\Users\Administrator 2014-02-24 17:22 - 2014-02-24 17:21 - 01144320 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2014-02-24 17:21 - 2014-02-24 17:21 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe 2014-02-24 17:21 - 2014-02-24 17:21 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe 2014-02-24 17:21 - 2006-11-02 11:33 - 01453952 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-24 17:20 - 2006-11-02 13:52 - 01268142 _____ () C:\Windows\WindowsUpdate.log 2014-02-24 17:19 - 2014-02-24 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-02-24 17:19 - 2014-02-24 17:17 - 00001963 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk 2014-02-24 17:18 - 2014-02-24 17:18 - 00101224 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 17:18 - 2011-12-28 13:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-24 17:17 - 2014-02-24 17:17 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-24 17:17 - 2014-02-24 17:17 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-02-24 17:17 - 2006-11-02 11:23 - 00000240 _____ () C:\Windows\win.ini 2014-02-24 17:16 - 2014-02-24 17:16 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-02-24 17:15 - 2014-02-24 17:15 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-24 17:15 - 2014-02-24 17:15 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-02-24 17:15 - 2010-08-18 14:21 - 00000000 ____D () C:\Program Files\Common Files\Akamai 2014-02-24 17:15 - 2009-10-02 12:12 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-24 17:15 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-24 17:15 - 2006-11-02 13:47 - 00004080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-24 17:15 - 2006-11-02 13:47 - 00004080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-24 17:08 - 2009-10-20 07:33 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-02-24 17:08 - 2006-11-02 14:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-24 16:57 - 2012-10-22 17:55 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Dropbox 2014-02-24 16:56 - 2012-10-22 17:59 - 00000000 ___RD () C:\Users\Monika\Dropbox 2014-02-24 15:56 - 2011-11-04 18:58 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps 2014-02-24 15:49 - 2009-10-02 12:12 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-24 15:45 - 2012-06-17 18:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-24 15:43 - 2014-02-24 13:55 - 00000000 ____D () C:\FRST 2014-02-24 15:41 - 2014-02-24 15:41 - 00000000 _____ () C:\Users\Florian\defogger_reenable 2014-02-24 15:41 - 2009-10-01 16:25 - 00000000 ____D () C:\Users\Florian 2014-02-24 14:51 - 2014-02-24 14:33 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-24 14:45 - 2011-11-01 16:32 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Dropbox 2014-02-24 14:26 - 2012-03-19 20:15 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001UA.job 2014-02-24 14:25 - 2014-02-24 14:25 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-24 14:25 - 2014-02-24 14:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-02-24 14:14 - 2011-11-01 17:13 - 00000000 ___RD () C:\Users\Florian\Documents\Dropbox 2014-02-24 13:58 - 2014-02-24 13:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300 (1).exe 2014-02-24 13:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-24 12:21 - 2010-03-21 17:13 - 00000000 ____D () C:\Windows\pss 2014-02-24 11:14 - 2014-02-24 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Monika\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-24 10:50 - 2012-10-22 17:57 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-24 09:23 - 2009-10-01 16:25 - 00001356 _____ () C:\Users\Florian\AppData\Local\d3d9caps.dat 2014-02-23 21:22 - 2009-10-01 20:13 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-23 21:14 - 2013-08-08 19:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-23 20:26 - 2012-03-19 20:15 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001Core.job 2014-02-23 19:46 - 2012-05-12 00:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-23 19:46 - 2011-05-15 23:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-23 19:42 - 2014-02-21 20:44 - 00000000 ____D () C:\Program Files\GUM79B1.tmp 2014-02-23 19:41 - 2010-03-03 01:35 - 00000000 ____D () C:\Users\Monika 2014-02-23 19:41 - 2006-11-02 11:22 - 63176704 _____ () C:\Windows\system32\config\software_previous 2014-02-23 19:41 - 2006-11-02 11:22 - 45088768 _____ () C:\Windows\system32\config\components_previous 2014-02-23 19:41 - 2006-11-02 11:22 - 126615552 _____ () C:\Windows\system32\config\system_previous 2014-02-23 19:41 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2014-02-23 19:41 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-02-23 19:41 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-02-23 19:40 - 2011-11-11 14:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Akamai 2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-02-23 19:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-02-21 20:31 - 2014-01-02 22:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-21 20:31 - 2013-12-11 14:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-21 20:31 - 2012-07-21 14:58 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Spotify 2014-02-21 20:31 - 2010-12-03 01:19 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc 2014-02-21 20:31 - 2009-10-01 19:43 - 00000000 ____D () C:\Users\Florian\AppData\Local\MediaMonkey 2014-02-21 10:24 - 2013-12-16 19:19 - 04323291 _____ () C:\Users\Florian\Desktop\IMG_1508.MOV 2014-02-20 09:53 - 2014-02-20 09:47 - 00000000 ____D () C:\Users\Florian\Desktop\utmp 2014-02-20 09:53 - 2011-12-12 23:07 - 00000600 _____ () C:\Users\Florian\PUTTY.RND 2014-02-14 13:20 - 2013-10-01 18:14 - 00000000 ____D () C:\Users\Florian\Desktop\Uni 2014-02-14 12:26 - 2014-02-14 12:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox(74) 2014-02-13 12:22 - 2012-07-21 14:59 - 00000000 ____D () C:\Users\Florian\AppData\Local\Spotify 2014-02-10 17:04 - 2009-10-01 18:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-10 16:39 - 2008-12-24 23:33 - 00000000 ____D () C:\Users\Florian\Documents\Meine Scans 2014-02-10 14:15 - 2011-11-01 16:34 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-10 14:09 - 2009-10-01 16:26 - 00101224 _____ () C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-07 19:49 - 2008-02-23 05:18 - 00000000 ___HD () C:\Users\Florian\Documents\Turbo Lister 2014-02-05 09:58 - 2014-02-23 21:02 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-23 21:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-23 21:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-23 21:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-23 21:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-23 21:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-23 21:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-23 21:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-23 21:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-23 21:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-23 21:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-23 21:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-23 21:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-23 21:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-23 21:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-23 21:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-04 19:09 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete: ==================== C:\Users\Florian\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\Florian\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe C:\Users\Florian\AppData\Local\Temp\ose00000.exe C:\Users\Florian\AppData\Local\Temp\SamsungAPInstaller_1382458371839.exe C:\Users\Florian\AppData\Local\Temp\SamsungAPInstaller_1384803161297.exe C:\Users\Monika\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2014-02-24 14:23] - [2006-11-02 10:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-24 17:21 ==================== End Of Log ============================ --- --- --- FRST - Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014 02
Ran by Administrator at 2014-02-24 17:26:02
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advanced PDF Password Recovery (HKLM\...\{6A2B148A-5D96-40D2-8450-692713BB7457}) (Version: 5.05.97.1109 - Elcomsoft Co. Ltd.)
AirPlus XtremeG DWL-G122 (HKLM\...\{2B7E4354-0492-460A-BDB1-1F59EE141025}) (Version: 1.0.30 - D-Link)
Akamai NetSession Interface Service (HKLM\...\Akamai) (Version: - )
AllShare Framework DMS (HKLM\...\{FFCA6A43-2111-4DD0-9A26-D81F7DD20960}) (Version: 1.3.21 - Samsung)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM\...\{6A419FA3-4550-4F2E-AFEB-6B4AD5E281AA}) (Version: 9.1.28500.0 - RapidSolution Software AG)
Audials (HKLM\...\{E7D93321-D301-46D1-A56A-2AD87A281CD8}) (Version: 8.0.26909.900 - RapidSolution Software AG)
Audials TV (HKLM\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AudibleManager (HKLM\...\AudibleManager) (Version: 36040267.-2.2003529766.2003528780 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{9A50DD86-B02B-4264-8D7A-10F8A25FC043}) (Version: 0.7.37 - Kovid Goyal)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
Citavi 2.5 (HKLM\...\Citavi) (Version: 2.5.2.0 - Academic Software Zurich)
Corel WinDVD 2010 (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.536 - Corel Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.0.0.86 - DivX, Inc. )
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular 13.0.0.8086p) (Version: 13.0.0.8086p - Landesfinanzdirektion Thüringen)
EndNote X4 (HKLM\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 460 Series Toolbox (HKLM\...\{80B2BC9F-0AAC-4D25-9B78-B2C92907081E}) (Version: 1.00.0000 - Ihr Firmenname)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Scanjet G2710 9.0 (HKLM\...\{F4158BB4-98FA-4ad5-A0FE-3913A0714A44}) (Version: 9.0 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
hpg2710 (Version: 9.0.0.0 - Ihr Firmenname) Hidden
hpg2710QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
HydraIRC (HKLM\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
ICQ Status Checker 1.7 (HKLM\...\{9E012857-0B5E-40A0-A36A-36751966A79B}_is1) (Version: - murb.com)
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
IZArc 3.81 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 3.81 Build 1550 - Ivan Zahariev)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LimeWire 5.3.6 (HKLM\...\LimeWire) (Version: 5.3.6 - Lime Wire, LLC)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM\...\mIRC) (Version: 7.19 - mIRC Co. Ltd.)
MKV Player 2.0.1 (HKLM\...\MKV Player_is1) (Version: - )
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Mp3tag v2.48 (HKLM\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BackItUp (Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp 12 Essentials (HKLM\...\{0E3368AC-FB29-4C5E-938E-FA11C12D035E}) (Version: 12.0.01200 - Nero AG)
Nero BackItUp Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 12.0.4000 - Nero AG)
Nero ControlCenter (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20900 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (HKLM\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Nero RescueAgent (Version: 12.0.9000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (Version: 12.0.0001 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}) (Version: 7.1.27.0 - Nokia)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5721 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PartyCasino (HKLM\...\PartyCasino) (Version: 11 - PartyGaming)
PartyPoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
PC Connectivity Solution (HKLM\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 3.5.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Viewer (HKLM\...\{5754AB15-F61B-4B9B-91AA-E286F55CFA8B}) (Version: 2.0.57.0 - Tracker Software Products Ltd.)
PixiePack Codec Pack (HKLM\...\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}) (Version: 1.0.100.0 - None)
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recorder (HKLM\...\ST6UNST #1) (Version: - )
RssBandit (HKLM\...\{3CBE6C15-21D4-4F88-AB52-72446A6C6429}) (Version: 1.9.1003 - rssbandit.org)
Samsung Link 1.7.0.1311052230 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1311052230 - Copyright 2013 SAMSUNG)
Sandboxie 3.40 (HKLM\...\Sandboxie) (Version: - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Shareaza 2.5.3.0 (HKLM\...\Shareaza_is1) (Version: 2.5.3.0 - Shareaza Development Team)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.83.104095 - SugarSync, Inc.)
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Tunebite (HKLM\...\{C72C0263-D19D-49DF-A642-EFD14A4E2F45}) (Version: 6.0.26006.600 - RapidSolution Software AG)
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Restore Points =========================
21-02-2014 19:50:00 Windows Update
22-02-2014 02:00:43 Windows Update
23-02-2014 18:02:09 Geplanter Prüfpunkt
23-02-2014 18:59:19 Windows Update
23-02-2014 20:00:41 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {09178A2F-C484-48D2-97E0-2F26A587FD86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-02] (Google Inc.)
Task: {094A59A7-47D7-4008-8DD9-242D01F2E7D6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1939334895-897515761-2617989973-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {13908982-ABED-405F-BC22-5A8D6A9892E8} - System32\Tasks\Florian Nero LIVEBackup 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E46FE23-DE2A-4131-983F-9BA632D8FBC5} - System32\Tasks\Florian 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {2716BF70-2FFB-4C31-B169-2A6A9307947B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1939334895-897515761-2617989973-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {2A8047EF-6264-4D33-928B-837CAD025AEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1939334895-897515761-2617989973-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47AA9312-F6EC-48FE-8933-CB89E51F6550} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {5181F310-6ABF-4457-87D0-30D5A2AD00EC} - System32\Tasks\RealCreateProcessScheduledTask16854223S-1-5-21-1939334895-897515761-2617989973-1000 => c:\program files\real\realplayer\update\realsched.exe [2012-10-15] (RealNetworks, Inc.)
Task: {76689902-1D35-4BF0-80DE-03CF2DEC8EDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-02] (Google Inc.)
Task: {874082A9-A041-4463-BA29-AAB8F6A81D5C} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A6B7EDAD-00E3-4CC0-BECB-B64C0C3A7195} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {ABB747DA-ACEE-484C-9A77-EF7B12E624B9} - System32\Tasks\Florian Nero LIVEBackup Merge 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {AE8856E2-A1F8-4F7E-ACF4-09FE93B638C7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AF7F9F4B-2F6F-4D71-9F6A-22C7B69005F4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001Core => C:\Users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B2B4A467-681B-4418-9B43-CEAD03FB861A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D30E404C-B1EC-41B4-B9A1-9782AC78EEBF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001UA => C:\Users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {DC17186C-0812-466C-87A3-A2AC9ABBA1B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1939334895-897515761-2617989973-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2009-10-01] ()
Task: {F6A3CC99-C43C-4EF5-8494-56C667BB4EF3} - System32\Tasks\AdobeAAMUpdater-1.0-Florian-PC-Florian => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001Core.job => C:\Users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1939334895-897515761-2617989973-1001UA.job => C:\Users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MTR_test1.job => ?
==================== Loaded Modules (whitelisted) =============
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-17 12:08 - 2009-11-17 12:08 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2012-03-23 13:25 - 2012-03-23 13:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-10-17 04:03 - 2013-11-05 22:30 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-10-17 04:05 - 2013-10-17 04:05 - 00541696 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-17 04:03 - 2013-11-05 22:30 - 00987648 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-17 04:03 - 2013-11-05 22:30 - 01025024 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-10-11 15:23 - 2013-10-11 15:23 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\JNIInterface.dll
2013-10-11 15:24 - 2013-10-11 15:24 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ASFAPI.dll
2013-10-11 15:26 - 2013-10-11 15:26 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\MediaDB.dll
2013-10-01 09:11 - 2013-10-01 09:11 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ContentDirectoryPresenter.dll
2013-10-11 15:26 - 2013-10-11 15:26 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-10-17 04:03 - 2013-11-05 22:30 - 00035328 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-10-01 17:24 - 2007-06-02 20:41 - 00617472 _____ () C:\Program Files\IZArc\IZArcCM.dll
2008-05-02 05:15 - 2008-05-02 05:15 - 00010240 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\Users\Florian\Desktop\IMG_1508.MOV:TOC.WMV
AlternateDataStreams: C:\Users\Florian\Desktop\Jackass.3.5.avi:TOC.WMV
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate1ca434fb413d182 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWRTOOLBOX => C:\Program Files\HP\HP Deskjet 460 Series\Toolbox\HPWRTBX.exe "-i"
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc
MSCONFIG\startupreg: Spotify => "C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Florian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SugarSync => "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: {85460959-B1A8-367F-3FC2-384166C53E59} => C:\Users\Florian\AppData\Roaming\Mupolo\meci.exe
==================== Faulty Device Manager Devices =============
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2014 05:10:16 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (02/24/2014 03:56:05 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x00012298,
Prozess-ID 0x9808, Anwendungsstartzeit Gmer-19357.exe0.
Error: (02/24/2014 03:46:47 PM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 8d9c
Anfangszeit: 01cf316ea993a914
Zeitpunkt der Beendigung: 16
Error: (02/24/2014 03:40:33 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 2070
Anfangszeit: 01cf316777c8f904
Zeitpunkt der Beendigung: 16
Error: (02/24/2014 02:51:04 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 2e38
Anfangszeit: 01cf3164f911ae64
Zeitpunkt der Beendigung: 62
Error: (02/24/2014 02:12:18 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16386, Zeitstempel 0x4549b091, fehlerhaftes Modul QuickTime.qts, Version 7.73.80.64, Zeitstempel 0x50890e53, Ausnahmecode 0x80000003, Fehleroffset 0x001c96c0,
Prozess-ID 0x830, Anwendungsstartzeit Explorer.EXE0.
Error: (02/24/2014 02:12:04 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16386, Zeitstempel 0x4549b091, fehlerhaftes Modul QuickTime.qts, Version 7.73.80.64, Zeitstempel 0x50890e53, Ausnahmecode 0x80000003, Fehleroffset 0x001c96c0,
Prozess-ID 0xfe4, Anwendungsstartzeit Explorer.EXE0.
Error: (02/24/2014 02:11:50 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16386, Zeitstempel 0x4549b091, fehlerhaftes Modul QuickTime.qts, Version 7.73.80.64, Zeitstempel 0x50890e53, Ausnahmecode 0x80000003, Fehleroffset 0x001c96c0,
Prozess-ID 0xb28, Anwendungsstartzeit Explorer.EXE0.
Error: (02/24/2014 01:29:06 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16386, Zeitstempel 0x4549b091, fehlerhaftes Modul QuickTime.qts, Version 7.73.80.64, Zeitstempel 0x50890e53, Ausnahmecode 0x80000003, Fehleroffset 0x001c96c0,
Prozess-ID 0x15e4, Anwendungsstartzeit Explorer.EXE0.
Error: (02/24/2014 01:28:29 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16386, Zeitstempel 0x4549b091, fehlerhaftes Modul QuickTime.qts, Version 7.73.80.64, Zeitstempel 0x50890e53, Ausnahmecode 0x80000003, Fehleroffset 0x001c96c0,
Prozess-ID 0x55c, Anwendungsstartzeit Explorer.EXE0.
System errors:
=============
Error: (02/24/2014 05:23:53 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FLO-VAIO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DC7FDB4E-6D32-40F0-AECA-123204F0A-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/24/2014 05:22:43 PM) (Source: Service Control Manager) (User: )
Description: 30000NVIDIA Display Driver Service
Error: (02/24/2014 05:22:43 PM) (Source: DCOM) (User: )
Description: 1053NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
Error: (02/24/2014 05:16:50 PM) (Source: Service Control Manager) (User: )
Description: adfs%%2
Error: (02/24/2014 05:16:50 PM) (Source: Service Control Manager) (User: )
Description: 30000NVIDIA Display Driver Service
Error: (02/24/2014 05:11:04 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/24/2014 05:11:04 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/24/2014 05:11:04 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/24/2014 05:11:04 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/24/2014 05:11:04 PM) (Source: Service Control Manager) (User: )
Description: AFD
DfsC
KLIF
KLIM6
kltdi
kneps
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
Microsoft Office Sessions:
=========================
Error: (02/24/2014 05:10:16 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (02/24/2014 03:56:05 PM) (Source: Application Error)(User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298980801cf316ff3df81f4
Error: (02/24/2014 03:46:47 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.10.28d9c01cf316ea993a91416
Error: (02/24/2014 03:40:33 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1207001cf316777c8f90416
Error: (02/24/2014 02:51:04 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.12e3801cf3164f911ae6462
Error: (02/24/2014 02:12:18 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.163864549b091QuickTime.qts7.73.80.6450890e5380000003001c96c083001cf316208a672f4
Error: (02/24/2014 02:12:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.163864549b091QuickTime.qts7.73.80.6450890e5380000003001c96c0fe401cf3161fffe52d4
Error: (02/24/2014 02:11:50 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.163864549b091QuickTime.qts7.73.80.6450890e5380000003001c96c0b2801cf3161f22222e4
Error: (02/24/2014 01:29:06 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.163864549b091QuickTime.qts7.73.80.6450890e5380000003001c96c015e401cf315c003a03a4
Error: (02/24/2014 01:28:29 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.163864549b091QuickTime.qts7.73.80.6450890e5380000003001c96c055c01cf315bdf0eece4
CodeIntegrity Errors:
===================================
Date: 2014-02-24 17:25:06.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:06.367
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:05.836
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:05.306
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:04.744
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:04.229
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:03.699
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:03.169
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:02.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-24 17:25:02.077
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 1917.82 MB
Available physical RAM: 850.56 MB
Total Pagefile: 4085.97 MB
Available Pagefile: 2832.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:153.38 GB) (Free:10.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (BOOT) (Fixed) (Total:125.46 GB) (Free:75.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (BACKUP) (Fixed) (Total:97.65 GB) (Free:12.79 GB) NTFS
Drive g: (RECOVER) (Fixed) (Total:9.76 GB) (Free:2.64 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 153 GB) (Disk ID: 60296029)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 226F226E)
Partition 1: (Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=OF Extended)
==================== End Of Log ============================
GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-24 18:29:36
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 ExcelStor_Technology_J8160S rev.P22OAB3A 153,39GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdiyfob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x97CBF700]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x97C72C1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x97C72F62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x97C733A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x97C5B29C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x97C728F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x97C5B814]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x97C5B6FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x97C72DC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x97CC2590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x97C5B934]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x97CC1A24]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x97C72E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x97CC156E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x97C5B2E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x97CBF842]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x97CBF4AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x97CC2388]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x97C7105C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x97C5B8AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x97C5B78A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x97CC1116]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x97CC283C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x97C5B9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x97CC1780]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x97C5BA54]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x97C7126A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x97CC223C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x97C7318C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x97C7301A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x97C730D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x97C731FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x97CC1F66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x97C72A82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x97CC20C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x97C5BAF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x97CBF5B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x97CC12B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x97CC1E0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x97C5BB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x97CC1416]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x97CC1920]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x97CC29A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x97CC26CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x97CC1C64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x97CC16C8]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 119 886E1764 4 Bytes [00, F7, CB, 97] {ADD BH, DH; RETF ; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 886E1788 8 Bytes [1A, 2C, C7, 97, 62, 2F, C7, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 886E17CC 4 Bytes [A8, 33, C7, 97]
.text ntkrnlpa.exe!KeSetEvent + 1A9 886E17F4 4 Bytes [9C, B2, C5, 97] {PUSHF ; MOV DL, 0xc5; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1C1 886E180C 4 Bytes [F4, 28, C7, 97] {HLT ; SUB BH, AL; XCHG EDI, EAX}
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
|
25.02.2014, 17:19
| #4 |
| /// the machine /// TB-Ausbilder | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) In diesem neu angelegten Adminkonto dann eben jetzt ein neues Konto für dich anlegen, mit ADminrechten. Aus deinem alten Konto-Ordner persönliche Dinge sichern, dann das alte Konto löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.02.2014, 19:41
| #5 |
| | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Nur eine Frage: sollte man nicht herausfinden, woher dieser Fehler kommt? Bei dem AdminKonto fängt der WinExplorer jetzt auch schon an zu spinnen, wenn ich Ordner mit Bildern aufrufe. So fings ursprünglich nämlich auch an... Da hieß es gestern: Windows Explorer hat einen benutzerdefinierten Haltepunkt gefunden. Ich will keine Umstände bereiten, aber ich bin mir halt nur nicht sicher ob das Problem jetzt gelöst ist  Danke Dir für die Hilfe!! |
|
26.02.2014, 14:35
| #6 |
| /// the machine /// TB-Ausbilder | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Das ist ja was andres. Ich ging davon aus is läuft im neuen Account fehlerfrei Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) |
|
28.02.2014, 20:19
| #7 |
| | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Sorry für die verspätete Antwort, ich war leider nicht am Rechner. Dann sehen wir mal weiter: Malwarebytes Anti-Rootkid Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.28.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: FLORIAN-PC [administrator]
28.02.2014 19:37:38
mbar-log-2014-02-28 (19-37-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320216
Time elapsed: 31 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSS Killer: Code:
ATTFilter 20:11:53.0164 0x5e68 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
20:12:05.0332 0x5e68 ============================================================
20:12:05.0332 0x5e68 Current date / time: 2014/02/28 20:12:05.0332
20:12:05.0332 0x5e68 SystemInfo:
20:12:05.0332 0x5e68
20:12:05.0332 0x5e68 OS Version: 6.0.6002 ServicePack: 2.0
20:12:05.0332 0x5e68 Product type: Workstation
20:12:05.0332 0x5e68 ComputerName: FLORIAN-PC
20:12:05.0332 0x5e68 UserName: Administrator
20:12:05.0332 0x5e68 Windows directory: C:\Windows
20:12:05.0332 0x5e68 System windows directory: C:\Windows
20:12:05.0332 0x5e68 Processor architecture: Intel x86
20:12:05.0332 0x5e68 Number of processors: 2
20:12:05.0332 0x5e68 Page size: 0x1000
20:12:05.0332 0x5e68 Boot type: Normal boot
20:12:05.0332 0x5e68 ============================================================
20:12:09.0185 0x5e68 KLMD registered as C:\Windows\system32\drivers\66207670.sys
20:12:10.0028 0x5e68 System UUID: {750E89EC-AECD-E3C0-7F38-BCB302D9ED30}
20:12:11.0401 0x5e68 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:12:17.0765 0x5e68 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:12:17.0765 0x5e68 ============================================================
20:12:17.0765 0x5e68 \Device\Harddisk0\DR0:
20:12:17.0781 0x5e68 MBR partitions:
20:12:17.0781 0x5e68 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
20:12:17.0781 0x5e68 \Device\Harddisk1\DR1:
20:12:17.0781 0x5e68 MBR partitions:
20:12:17.0781 0x5e68 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFAEC73B
20:12:17.0797 0x5e68 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFAEC7B9, BlocksNum 0xC34F28D
20:12:17.0812 0x5e68 \Device\Harddisk1\DR1\Partition3: MBR, Type 0xB, StartLBA 0x1BE3BA85, BlocksNum 0x1388AFC
20:12:17.0812 0x5e68 ============================================================
20:12:17.0953 0x5e68 C: <-> \Device\Harddisk0\DR0\Partition1
20:12:17.0984 0x5e68 E: <-> \Device\Harddisk1\DR1\Partition1
20:12:18.0483 0x5e68 F: <-> \Device\Harddisk1\DR1\Partition2
20:12:18.0483 0x5e68 G: <-> \Device\Harddisk1\DR1\Partition3
20:12:19.0029 0x5e68 ============================================================
20:12:19.0029 0x5e68 Initialize success
20:12:19.0029 0x5e68 ============================================================
20:12:46.0516 0x5ee4 ============================================================
20:12:46.0516 0x5ee4 Scan started
20:12:46.0516 0x5ee4 Mode: Manual; SigCheck; TDLFS;
20:12:46.0516 0x5ee4 ============================================================
20:12:46.0516 0x5ee4 KSN ping started
20:13:00.0338 0x5ee4 KSN ping finished: true
20:13:02.0132 0x5ee4 ================ Scan system memory ========================
20:13:02.0132 0x5ee4 System memory - ok
20:13:02.0132 0x5ee4 ================ Scan services =============================
20:13:02.0740 0x5ee4 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:13:02.0927 0x5ee4 ACPI - ok
20:13:02.0959 0x5ee4 adfs - ok
20:13:03.0115 0x5ee4 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:13:03.0130 0x5ee4 AdobeARMservice - ok
20:13:03.0302 0x5ee4 [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:13:03.0317 0x5ee4 AdobeFlashPlayerUpdateSvc - ok
20:13:03.0411 0x5ee4 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:13:03.0489 0x5ee4 adp94xx - ok
20:13:03.0551 0x5ee4 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:13:03.0614 0x5ee4 adpahci - ok
20:13:03.0645 0x5ee4 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:13:03.0723 0x5ee4 adpu160m - ok
20:13:03.0770 0x5ee4 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:13:03.0801 0x5ee4 adpu320 - ok
20:13:03.0848 0x5ee4 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:13:04.0051 0x5ee4 AeLookupSvc - ok
20:13:04.0082 0x5ee4 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
20:13:04.0160 0x5ee4 AFD - ok
20:13:04.0207 0x5ee4 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:13:04.0300 0x5ee4 agp440 - ok
20:13:04.0347 0x5ee4 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:13:04.0378 0x5ee4 aic78xx - ok
20:13:04.0643 0x5ee4 [ BBE9054FDADC8D49D29C5DA4FB84A803, 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF ] Akamai c:\program files\common files\akamai/netsession_win_8fa3539.dll
20:13:04.0643 0x5ee4 Suspicious file ( Hidden ): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803, sha256: 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF
20:13:04.0659 0x5ee4 Akamai - detected HiddenFile.Multi.Generic ( 1 )
20:13:04.0753 0x5ee4 Akamai ( HiddenFile.Multi.Generic ) - warning
20:13:04.0753 0x5ee4 Force sending object to P2P due to detect: c:\program files\common files\akamai/netsession_win_8fa3539.dll
20:13:08.0715 0x5ee4 Object send P2P result: true
20:13:11.0227 0x5ee4 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:13:11.0336 0x5ee4 ALG - ok
20:13:11.0336 0x5ee4 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
20:13:11.0351 0x5ee4 aliide - ok
20:13:11.0414 0x5ee4 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:13:11.0429 0x5ee4 amdagp - ok
20:13:11.0445 0x5ee4 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
20:13:11.0461 0x5ee4 amdide - ok
20:13:11.0539 0x5ee4 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:13:11.0788 0x5ee4 AmdK7 - ok
20:13:11.0835 0x5ee4 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:13:11.0897 0x5ee4 AmdK8 - ok
20:13:11.0929 0x5ee4 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
20:13:12.0038 0x5ee4 Appinfo - ok
20:13:12.0131 0x5ee4 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:13:12.0147 0x5ee4 Apple Mobile Device - ok
20:13:12.0194 0x5ee4 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
20:13:12.0225 0x5ee4 arc - ok
20:13:12.0241 0x5ee4 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:13:12.0256 0x5ee4 arcsas - ok
20:13:12.0287 0x5ee4 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:13:12.0350 0x5ee4 AsyncMac - ok
20:13:12.0365 0x5ee4 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:13:12.0397 0x5ee4 atapi - ok
20:13:12.0443 0x5ee4 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:13:12.0553 0x5ee4 AudioEndpointBuilder - ok
20:13:12.0631 0x5ee4 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:13:12.0662 0x5ee4 Audiosrv - ok
20:13:12.0958 0x5ee4 [ 15D2DB9BFA8E833ED31FAB2BB088FDDA, 6198C0A5DA01DA146A9A054C3C882A1DBF9BA84466EBFDDA1C1062EF36F9B34B ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:13:13.0036 0x5ee4 AVP - ok
20:13:13.0099 0x5ee4 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:13:13.0192 0x5ee4 Beep - ok
20:13:13.0301 0x5ee4 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:13:13.0535 0x5ee4 BFE - ok
20:13:13.0754 0x5ee4 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:13:13.0863 0x5ee4 BITS - ok
20:13:13.0879 0x5ee4 blbdrive - ok
20:13:13.0972 0x5ee4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:13:14.0019 0x5ee4 Bonjour Service - ok
20:13:14.0066 0x5ee4 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:13:14.0191 0x5ee4 bowser - ok
20:13:14.0284 0x5ee4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:13:14.0471 0x5ee4 BrFiltLo - ok
20:13:14.0518 0x5ee4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:13:14.0596 0x5ee4 BrFiltUp - ok
20:13:14.0659 0x5ee4 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:13:14.0877 0x5ee4 Browser - ok
20:13:14.0939 0x5ee4 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:13:15.0158 0x5ee4 Brserid - ok
20:13:15.0205 0x5ee4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:13:15.0251 0x5ee4 BrSerWdm - ok
20:13:15.0283 0x5ee4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:13:15.0361 0x5ee4 BrUsbMdm - ok
20:13:15.0376 0x5ee4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:13:15.0454 0x5ee4 BrUsbSer - ok
20:13:15.0517 0x5ee4 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:13:15.0610 0x5ee4 BTHMODEM - ok
20:13:15.0641 0x5ee4 [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ C:\Windows\System32\bthserv.dll
20:13:15.0704 0x5ee4 BthServ - ok
20:13:15.0891 0x5ee4 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:13:16.0000 0x5ee4 cdfs - ok
20:13:16.0078 0x5ee4 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:13:16.0141 0x5ee4 cdrom - ok
20:13:16.0219 0x5ee4 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:13:16.0281 0x5ee4 CertPropSvc - ok
20:13:16.0343 0x5ee4 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
20:13:16.0421 0x5ee4 circlass - ok
20:13:16.0499 0x5ee4 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:13:16.0515 0x5ee4 CLFS - ok
20:13:16.0640 0x5ee4 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:16.0655 0x5ee4 clr_optimization_v2.0.50727_32 - ok
20:13:16.0765 0x5ee4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:16.0952 0x5ee4 clr_optimization_v4.0.30319_32 - ok
20:13:17.0061 0x5ee4 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:13:17.0123 0x5ee4 cmdide - ok
20:13:17.0201 0x5ee4 [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:13:17.0248 0x5ee4 Compbatt - ok
20:13:17.0248 0x5ee4 COMSysApp - ok
20:13:17.0373 0x5ee4 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:13:17.0404 0x5ee4 crcdisk - ok
20:13:17.0435 0x5ee4 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:13:17.0529 0x5ee4 Crusoe - ok
20:13:17.0638 0x5ee4 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:13:17.0716 0x5ee4 CryptSvc - ok
20:13:17.0732 0x5ee4 [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
20:13:17.0794 0x5ee4 CVirtA - ok
20:13:18.0247 0x5ee4 [ D4A26B0926171DC4F969955D157D1311, 22E954B0E2F0A0D0CAEFBA8BADA5AA8CE4F7AECB64A2AA75A2E031C3E405A1FF ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:13:18.0668 0x5ee4 CVPND - ok
20:13:18.0715 0x5ee4 [ C23025AC5AE45A105D63BD6E2408EDD4, 4457628A9DF3DCF3B160D2804198D8664FD76D93ACC2D23B4161D04FE2D37442 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
20:13:18.0746 0x5ee4 CVPNDRVA - detected UnsignedFile.Multi.Generic ( 1 )
20:13:18.0746 0x5ee4 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:13:21.0335 0x5ee4 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:13:21.0460 0x5ee4 DcomLaunch - ok
20:13:21.0538 0x5ee4 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:13:21.0616 0x5ee4 DfsC - ok
20:13:21.0835 0x5ee4 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:13:22.0505 0x5ee4 DFSR - ok
20:13:22.0568 0x5ee4 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:13:22.0630 0x5ee4 Dhcp - ok
20:13:22.0677 0x5ee4 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:13:22.0693 0x5ee4 disk - ok
20:13:22.0802 0x5ee4 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
20:13:22.0817 0x5ee4 DNE - ok
20:13:22.0911 0x5ee4 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:13:22.0973 0x5ee4 Dnscache - ok
20:13:23.0036 0x5ee4 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:13:23.0098 0x5ee4 dot3svc - ok
20:13:23.0176 0x5ee4 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:13:23.0239 0x5ee4 DPS - ok
20:13:23.0317 0x5ee4 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:13:23.0395 0x5ee4 drmkaud - ok
20:13:23.0457 0x5ee4 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:13:23.0551 0x5ee4 dtsoftbus01 - ok
20:13:23.0691 0x5ee4 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:13:23.0738 0x5ee4 DXGKrnl - ok
20:13:23.0785 0x5ee4 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:13:23.0878 0x5ee4 E1G60 - ok
20:13:23.0925 0x5ee4 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:13:23.0972 0x5ee4 EapHost - ok
20:13:24.0034 0x5ee4 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:13:24.0050 0x5ee4 Ecache - ok
20:13:24.0237 0x5ee4 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:13:24.0393 0x5ee4 ehRecvr - ok
20:13:24.0455 0x5ee4 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:13:24.0518 0x5ee4 ehSched - ok
20:13:24.0533 0x5ee4 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:13:24.0565 0x5ee4 ehstart - ok
20:13:24.0643 0x5ee4 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:13:24.0689 0x5ee4 elxstor - ok
20:13:24.0783 0x5ee4 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:13:25.0064 0x5ee4 EMDMgmt - ok
20:13:25.0189 0x5ee4 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:13:25.0282 0x5ee4 EventSystem - ok
20:13:25.0423 0x5ee4 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:13:25.0469 0x5ee4 exfat - ok
20:13:25.0532 0x5ee4 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:13:25.0579 0x5ee4 fastfat - ok
20:13:25.0610 0x5ee4 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:13:25.0657 0x5ee4 fdc - ok
20:13:25.0719 0x5ee4 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:13:25.0750 0x5ee4 fdPHost - ok
20:13:25.0797 0x5ee4 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:13:25.0859 0x5ee4 FDResPub - ok
20:13:25.0906 0x5ee4 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:13:25.0922 0x5ee4 FileInfo - ok
20:13:25.0969 0x5ee4 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:13:26.0015 0x5ee4 Filetrace - ok
20:13:26.0047 0x5ee4 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:26.0093 0x5ee4 flpydisk - ok
20:13:26.0125 0x5ee4 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:13:26.0156 0x5ee4 FltMgr - ok
20:13:26.0281 0x5ee4 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:13:26.0421 0x5ee4 FontCache - ok
20:13:26.0515 0x5ee4 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:26.0530 0x5ee4 FontCache3.0.0.0 - ok
20:13:26.0608 0x5ee4 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:13:26.0655 0x5ee4 Fs_Rec - ok
20:13:26.0702 0x5ee4 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:13:26.0717 0x5ee4 gagp30kx - ok
20:13:26.0795 0x5ee4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:13:26.0811 0x5ee4 GEARAspiWDM - ok
20:13:26.0873 0x5ee4 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:13:26.0936 0x5ee4 gpsvc - ok
20:13:26.0998 0x5ee4 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1ca434fb413d182 C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:27.0029 0x5ee4 gupdate1ca434fb413d182 - ok
20:13:27.0045 0x5ee4 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:27.0061 0x5ee4 gupdatem - ok
20:13:27.0092 0x5ee4 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:13:27.0139 0x5ee4 HdAudAddService - ok
20:13:27.0217 0x5ee4 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:27.0279 0x5ee4 HDAudBus - ok
20:13:27.0310 0x5ee4 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:13:27.0388 0x5ee4 HidBth - ok
20:13:27.0419 0x5ee4 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
20:13:27.0560 0x5ee4 HidIr - ok
20:13:27.0607 0x5ee4 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:13:27.0638 0x5ee4 hidserv - ok
20:13:27.0653 0x5ee4 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:13:27.0716 0x5ee4 HidUsb - ok
20:13:27.0763 0x5ee4 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:13:27.0841 0x5ee4 hkmsvc - ok
20:13:27.0872 0x5ee4 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:13:27.0887 0x5ee4 HpCISSs - ok
20:13:28.0028 0x5ee4 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:13:28.0059 0x5ee4 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
20:13:28.0059 0x5ee4 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:13:28.0059 0x5ee4 Force sending object to P2P due to detect: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:13:34.0408 0x5ee4 Object send P2P result: true
20:13:36.0967 0x5ee4 [ CBD09ED9CF6822177EE85AEA4D8816A2, 369897B4609B3FE55F9A82F19E38116E2E6527E349D48A956607EDED71F664D2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:13:37.0029 0x5ee4 HTCAND32 - ok
20:13:37.0076 0x5ee4 [ 52395A94C127C0266D1C0F3CCE8A4345, A5477CD488291C0F31DBF104E67E5FB41D45ADC85ABFD03059FF27BCCF07CFD8 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
20:13:37.0107 0x5ee4 htcnprot - ok
20:13:37.0169 0x5ee4 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:13:37.0294 0x5ee4 HTTP - ok
20:13:37.0388 0x5ee4 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:13:37.0403 0x5ee4 i2omp - ok
20:13:37.0466 0x5ee4 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:13:37.0559 0x5ee4 i8042prt - ok
20:13:37.0606 0x5ee4 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:13:37.0622 0x5ee4 iaStorV - ok
20:13:37.0949 0x5ee4 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:38.0059 0x5ee4 idsvc - ok
20:13:38.0074 0x5ee4 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:13:38.0090 0x5ee4 iirsp - ok
20:13:38.0152 0x5ee4 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
20:13:38.0215 0x5ee4 IKEEXT - ok
20:13:38.0261 0x5ee4 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
20:13:38.0293 0x5ee4 intelide - ok
20:13:38.0324 0x5ee4 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:13:38.0511 0x5ee4 intelppm - ok
20:13:38.0605 0x5ee4 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:13:38.0636 0x5ee4 IPBusEnum - ok
20:13:38.0698 0x5ee4 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:38.0792 0x5ee4 IpFilterDriver - ok
20:13:38.0932 0x5ee4 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:13:38.0995 0x5ee4 iphlpsvc - ok
20:13:39.0010 0x5ee4 IpInIp - ok
20:13:39.0088 0x5ee4 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:13:39.0135 0x5ee4 IPMIDRV - ok
20:13:39.0182 0x5ee4 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:13:39.0244 0x5ee4 IPNAT - ok
20:13:39.0353 0x5ee4 [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:13:39.0431 0x5ee4 iPod Service - ok
20:13:39.0478 0x5ee4 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:13:39.0541 0x5ee4 IRENUM - ok
20:13:39.0603 0x5ee4 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:13:39.0619 0x5ee4 isapnp - ok
20:13:39.0681 0x5ee4 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:39.0712 0x5ee4 iScsiPrt - ok
20:13:39.0759 0x5ee4 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:13:39.0775 0x5ee4 iteatapi - ok
20:13:39.0806 0x5ee4 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:13:39.0821 0x5ee4 iteraid - ok
20:13:39.0868 0x5ee4 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:39.0915 0x5ee4 kbdclass - ok
20:13:40.0040 0x5ee4 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:40.0087 0x5ee4 kbdhid - ok
20:13:40.0133 0x5ee4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:13:40.0196 0x5ee4 KeyIso - ok
20:13:40.0243 0x5ee4 [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:13:40.0274 0x5ee4 kl1 - ok
20:13:40.0383 0x5ee4 [ 8C547EB6709BF41E0625EFCDF13C63CE, ECD36806745748D110964C8D332D5FED235C5423885A6E33C733568AEC15FD80 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:13:40.0445 0x5ee4 KLIF - ok
20:13:40.0492 0x5ee4 [ 039FB019C92A16A54FE527D93B0CFB96, 080897B377511FD2439EB651086390CD72B822E8222C79AB0569FAFAA14BA0AE ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:13:40.0508 0x5ee4 KLIM6 - ok
20:13:40.0555 0x5ee4 [ 249A266AF74ADE44AE8424E78D145E09, 2D83543DFD9E3C1060E231D776E1755E2041CFD0245139C2041D560956165C0E ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:13:40.0555 0x5ee4 klkbdflt - ok
20:13:40.0601 0x5ee4 [ 035724BA6D5676B76FD3AFB66AB4F1E3, 81B30112B96DD3E7250420EEFF2ACECD424A2BE155E83C44434321CEA7DBE117 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:13:40.0648 0x5ee4 klmouflt - ok
20:13:40.0679 0x5ee4 [ 8FD802F86D4AB3FB329B8E51517BFF2A, 321750DC0C664FE5580C855D7B70AC74753DDD881F0C4482A2B4505BB2D88345 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
20:13:40.0695 0x5ee4 kltdi - ok
20:13:40.0726 0x5ee4 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A, 573681387B27FB2C8DC6612474B9BB8631F6CD3CED29AEBF91992606875724D2 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:13:40.0757 0x5ee4 KMWDFILTER - ok
20:13:40.0804 0x5ee4 [ 8F932DF10408BCABA2FCF6163C843F8E, 26BB4E2A2562CF6C687EC9F61C7B3C80992C1D57C47BBAEA8ED2AB6643A91C0E ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:13:40.0820 0x5ee4 kneps - ok
20:13:40.0960 0x5ee4 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:13:41.0038 0x5ee4 KSecDD - ok
20:13:41.0116 0x5ee4 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:13:41.0163 0x5ee4 KtmRm - ok
20:13:41.0210 0x5ee4 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:13:41.0257 0x5ee4 LanmanServer - ok
20:13:41.0366 0x5ee4 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:13:41.0444 0x5ee4 LanmanWorkstation - ok
20:13:41.0475 0x5ee4 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:13:41.0537 0x5ee4 lltdio - ok
20:13:41.0943 0x5ee4 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:13:42.0083 0x5ee4 lltdsvc - ok
20:13:42.0286 0x5ee4 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:13:42.0427 0x5ee4 lmhosts - ok
20:13:42.0520 0x5ee4 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:13:42.0536 0x5ee4 LSI_FC - ok
20:13:42.0645 0x5ee4 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:13:42.0661 0x5ee4 LSI_SAS - ok
20:13:42.0707 0x5ee4 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:13:42.0723 0x5ee4 LSI_SCSI - ok
20:13:42.0817 0x5ee4 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:13:42.0895 0x5ee4 luafv - ok
20:13:43.0097 0x5ee4 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:13:43.0097 0x5ee4 MBAMProtector - ok
20:13:43.0519 0x5ee4 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:13:43.0550 0x5ee4 MBAMScheduler - ok
20:13:43.0706 0x5ee4 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
20:13:43.0815 0x5ee4 MBAMService - ok
20:13:43.0955 0x5ee4 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:13:43.0987 0x5ee4 Mcx2Svc - ok
20:13:44.0111 0x5ee4 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
20:13:44.0127 0x5ee4 megasas - ok
20:13:44.0345 0x5ee4 Microsoft SharePoint Workspace Audit Service - ok
20:13:44.0470 0x5ee4 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:13:44.0548 0x5ee4 MMCSS - ok
20:13:44.0673 0x5ee4 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:13:44.0813 0x5ee4 Modem - ok
20:13:44.0876 0x5ee4 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:13:44.0923 0x5ee4 monitor - ok
20:13:44.0969 0x5ee4 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:13:44.0974 0x5ee4 mouclass - ok
20:13:45.0010 0x5ee4 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:13:45.0085 0x5ee4 mouhid - ok
20:13:45.0133 0x5ee4 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:13:45.0158 0x5ee4 MountMgr - ok
20:13:45.0286 0x5ee4 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:13:45.0308 0x5ee4 MozillaMaintenance - ok
20:13:45.0382 0x5ee4 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
20:13:45.0401 0x5ee4 mpio - ok
20:13:45.0658 0x5ee4 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:13:45.0699 0x5ee4 mpsdrv - ok
20:13:45.0774 0x5ee4 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:13:45.0868 0x5ee4 MpsSvc - ok
20:13:45.0991 0x5ee4 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:13:46.0003 0x5ee4 Mraid35x - ok
20:13:46.0082 0x5ee4 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:13:46.0141 0x5ee4 MRxDAV - ok
20:13:46.0192 0x5ee4 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:46.0255 0x5ee4 mrxsmb - ok
20:13:46.0316 0x5ee4 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:46.0369 0x5ee4 mrxsmb10 - ok
20:13:46.0401 0x5ee4 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:46.0423 0x5ee4 mrxsmb20 - ok
20:13:46.0470 0x5ee4 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
20:13:46.0484 0x5ee4 msahci - ok
20:13:46.0502 0x5ee4 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:13:46.0518 0x5ee4 msdsm - ok
20:13:46.0559 0x5ee4 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:13:46.0612 0x5ee4 MSDTC - ok
20:13:46.0672 0x5ee4 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:13:46.0702 0x5ee4 Msfs - ok
20:13:46.0734 0x5ee4 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:13:46.0751 0x5ee4 msisadrv - ok
20:13:46.0814 0x5ee4 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:13:46.0852 0x5ee4 MSiSCSI - ok
20:13:46.0863 0x5ee4 msiserver - ok
20:13:46.0921 0x5ee4 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:13:47.0020 0x5ee4 MSKSSRV - ok
20:13:47.0079 0x5ee4 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:47.0130 0x5ee4 MSPCLOCK - ok
20:13:47.0200 0x5ee4 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:13:47.0245 0x5ee4 MSPQM - ok
20:13:47.0353 0x5ee4 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:13:47.0387 0x5ee4 MsRPC - ok
20:13:47.0418 0x5ee4 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:47.0431 0x5ee4 mssmbios - ok
20:13:47.0479 0x5ee4 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:13:47.0520 0x5ee4 MSTEE - ok
20:13:47.0585 0x5ee4 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:13:47.0598 0x5ee4 Mup - ok
20:13:47.0767 0x5ee4 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:13:47.0841 0x5ee4 napagent - ok
20:13:47.0967 0x5ee4 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:13:48.0007 0x5ee4 NativeWifiP - ok
20:13:48.0335 0x5ee4 [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
20:13:48.0553 0x5ee4 NAUpdate - ok
20:13:48.0739 0x5ee4 [ A178053A100978162F44E2BBD76BD526, 173DCF3268E818501B9C9ED6400125E4945E7C1BF0DA9D9C3071075C92AA2F5F ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
20:13:48.0758 0x5ee4 NBVol - ok
20:13:48.0847 0x5ee4 [ DB41D560DCF0879FB6092CFF0DAA3785, FDC4CE2BA5573A18B9A8DB5654BF11600E59866120A277D7CA920F38F27E8302 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
20:13:48.0858 0x5ee4 NBVolUp - ok
20:13:49.0183 0x5ee4 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:13:49.0323 0x5ee4 NDIS - ok
20:13:49.0457 0x5ee4 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:49.0746 0x5ee4 NdisTapi - ok
20:13:49.0903 0x5ee4 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:49.0951 0x5ee4 Ndisuio - ok
20:13:49.0988 0x5ee4 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:50.0030 0x5ee4 NdisWan - ok
20:13:50.0079 0x5ee4 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:13:50.0134 0x5ee4 NDProxy - ok
20:13:50.0225 0x5ee4 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:13:50.0280 0x5ee4 NetBIOS - ok
20:13:50.0347 0x5ee4 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:13:50.0401 0x5ee4 netbt - ok
20:13:50.0428 0x5ee4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:13:50.0452 0x5ee4 Netlogon - ok
20:13:50.0562 0x5ee4 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:13:50.0683 0x5ee4 Netman - ok
20:13:50.0782 0x5ee4 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:13:50.0849 0x5ee4 netprofm - ok
20:13:50.0881 0x5ee4 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:13:50.0896 0x5ee4 NetTcpPortSharing - ok
20:13:50.0944 0x5ee4 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:13:50.0957 0x5ee4 nfrd960 - ok
20:13:51.0025 0x5ee4 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
20:13:51.0087 0x5ee4 NlaSvc - ok
20:13:51.0128 0x5ee4 [ 28E36E677849174C910FAAEAD3E60E9E, 615BD1DC07A657F388965555C62471E3F687001F2252E0326D684807991EC307 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
20:13:51.0322 0x5ee4 nmwcd - ok
20:13:51.0357 0x5ee4 [ 3823DEB17F9F6775DE0187A98FA0536D, 58E65D1F1ACBCF78AC513B55C545ECFB796BD19C2B04372331F1DA6000EDC8DF ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
20:13:51.0408 0x5ee4 nmwcdc - ok
20:13:51.0457 0x5ee4 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:13:51.0514 0x5ee4 Npfs - ok
20:13:51.0544 0x5ee4 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:13:51.0647 0x5ee4 nsi - ok
20:13:51.0712 0x5ee4 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:13:51.0756 0x5ee4 nsiproxy - ok
20:13:52.0009 0x5ee4 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:13:52.0297 0x5ee4 Ntfs - ok
20:13:52.0367 0x5ee4 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:13:52.0421 0x5ee4 ntrigdigi - ok
20:13:52.0493 0x5ee4 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:13:52.0542 0x5ee4 Null - ok
20:13:52.0868 0x5ee4 [ D668632606D1CEBF0B6EC64C1DF7ED6F, 3409D6D7318902CAAED5AEEEA4C293BA809017BCCADC538938942380C52B923F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:13:53.0044 0x5ee4 NVENETFD - ok
20:13:55.0983 0x5ee4 [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E, 88FA632754A20025F03FE0970C93F572055919F53C8A50E5DB6CF1EF7B00B7FD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:14:03.0428 0x5ee4 nvlddmkm - ok
20:14:03.0471 0x5ee4 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:14:03.0490 0x5ee4 nvraid - ok
20:14:03.0526 0x5ee4 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:14:03.0542 0x5ee4 nvstor - ok
20:14:03.0611 0x5ee4 [ C612FBECB3E1585E21C6EECF09680B54, E68AF033E8F4E4AB0FA8B69C58107C6D38680FAFAACDA6D88DBEE0C2909316A5 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:14:03.0742 0x5ee4 nvsvc - detected UnsignedFile.Multi.Generic ( 1 )
20:14:03.0742 0x5ee4 nvsvc ( UnsignedFile.Multi.Generic ) - warning
20:14:17.0582 0x5ee4 [ 0629259E3AF6BB0534FCECA208973404, E5DDA62D5D21D5D11A711BBFC5B839B59E336997C0C9A32A0B04AC9FBB6472D4 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:14:17.0767 0x5ee4 nvUpdatusService - ok
20:14:17.0855 0x5ee4 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:14:17.0870 0x5ee4 nv_agp - ok
20:14:17.0878 0x5ee4 NwlnkFlt - ok
20:14:17.0887 0x5ee4 NwlnkFwd - ok
20:14:17.0967 0x5ee4 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:14:18.0017 0x5ee4 ohci1394 - ok
20:14:18.0149 0x5ee4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:14:18.0164 0x5ee4 ose - ok
20:14:18.0581 0x5ee4 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:14:18.0816 0x5ee4 osppsvc - ok
20:14:18.0935 0x5ee4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:14:19.0047 0x5ee4 p2pimsvc - ok
20:14:19.0126 0x5ee4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:14:19.0467 0x5ee4 p2psvc - ok
20:14:19.0573 0x5ee4 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:14:19.0752 0x5ee4 Parport - ok
20:14:19.0829 0x5ee4 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:14:19.0843 0x5ee4 partmgr - ok
20:14:19.0915 0x5ee4 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:14:19.0963 0x5ee4 Parvdm - ok
20:14:20.0154 0x5ee4 [ AFADA8B97BE3C9398DC6C770409C3544, 670451D08AD1534D424D7D6B9BD7D2C71F526313FE2DD34B1F277D7CD403F39B ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:14:20.0242 0x5ee4 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
20:14:20.0242 0x5ee4 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:14:20.0242 0x5ee4 Force sending object to P2P due to detect: C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:14:28.0935 0x5ee4 Object send P2P result: true
20:14:31.0392 0x5ee4 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:14:31.0448 0x5ee4 PcaSvc - ok
20:14:31.0495 0x5ee4 [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:14:31.0576 0x5ee4 pccsmcfd - ok
20:14:31.0619 0x5ee4 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:14:31.0640 0x5ee4 pci - ok
20:14:31.0675 0x5ee4 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
20:14:31.0688 0x5ee4 pciide - ok
20:14:31.0863 0x5ee4 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:14:31.0882 0x5ee4 pcmcia - ok
20:14:31.0952 0x5ee4 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:14:32.0057 0x5ee4 PEAUTH - ok
20:14:32.0286 0x5ee4 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:14:32.0567 0x5ee4 pla - ok
20:14:32.0645 0x5ee4 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:14:32.0687 0x5ee4 PlugPlay - ok
20:14:32.0859 0x5ee4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:14:32.0905 0x5ee4 PNRPAutoReg - ok
20:14:32.0933 0x5ee4 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:14:32.0995 0x5ee4 PNRPsvc - ok
20:14:33.0127 0x5ee4 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:14:33.0228 0x5ee4 PolicyAgent - ok
20:14:33.0303 0x5ee4 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:14:33.0339 0x5ee4 PptpMiniport - ok
20:14:33.0384 0x5ee4 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
20:14:33.0456 0x5ee4 Processor - ok
20:14:33.0503 0x5ee4 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
20:14:33.0548 0x5ee4 ProfSvc - ok
20:14:33.0578 0x5ee4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:14:33.0599 0x5ee4 ProtectedStorage - ok
20:14:33.0629 0x5ee4 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:14:33.0654 0x5ee4 PSched - ok
20:14:33.0715 0x5ee4 [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:14:33.0733 0x5ee4 PSI_SVC_2 - ok
20:14:33.0917 0x5ee4 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:14:33.0930 0x5ee4 PxHelp20 - ok
20:14:33.0991 0x5ee4 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:14:34.0056 0x5ee4 ql2300 - ok
20:14:34.0094 0x5ee4 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:14:34.0119 0x5ee4 ql40xx - ok
20:14:34.0190 0x5ee4 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:14:34.0238 0x5ee4 QWAVE - ok
20:14:34.0278 0x5ee4 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:14:34.0299 0x5ee4 QWAVEdrv - ok
20:14:34.0385 0x5ee4 [ 8F97D374AD1857E1EED85A79F29A1D3D, 4B2D1DBB60C0890E3CB497F534D8DE74952AF8774579B62B0F4ED14912CA583C ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:14:34.0420 0x5ee4 RapiMgr - ok
20:14:34.0461 0x5ee4 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:14:34.0538 0x5ee4 RasAcd - ok
20:14:34.0581 0x5ee4 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:14:34.0633 0x5ee4 RasAuto - ok
20:14:34.0684 0x5ee4 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:14:34.0732 0x5ee4 Rasl2tp - ok
20:14:34.0773 0x5ee4 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:14:34.0838 0x5ee4 RasMan - ok
20:14:34.0901 0x5ee4 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:14:34.0954 0x5ee4 RasPppoe - ok
20:14:34.0978 0x5ee4 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:14:35.0010 0x5ee4 RasSstp - ok
20:14:35.0061 0x5ee4 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:14:35.0108 0x5ee4 rdbss - ok
20:14:35.0156 0x5ee4 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:14:35.0204 0x5ee4 RDPCDD - ok
20:14:35.0298 0x5ee4 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:14:35.0404 0x5ee4 rdpdr - ok
20:14:35.0439 0x5ee4 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:14:35.0497 0x5ee4 RDPENCDD - ok
20:14:35.0549 0x5ee4 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:14:35.0602 0x5ee4 RDPWD - ok
20:14:35.0642 0x5ee4 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
20:14:35.0674 0x5ee4 regi - ok
20:14:35.0707 0x5ee4 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:14:35.0758 0x5ee4 RemoteAccess - ok
20:14:35.0801 0x5ee4 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:14:35.0831 0x5ee4 RemoteRegistry - ok
20:14:35.0892 0x5ee4 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:14:36.0078 0x5ee4 RpcLocator - ok
20:14:36.0120 0x5ee4 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:14:36.0187 0x5ee4 RpcSs - ok
20:14:36.0247 0x5ee4 [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
20:14:36.0260 0x5ee4 RRNetCap - ok
20:14:36.0318 0x5ee4 [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
20:14:36.0329 0x5ee4 RRNetCapMP - ok
20:14:36.0362 0x5ee4 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:14:36.0395 0x5ee4 rspndr - ok
20:14:36.0605 0x5ee4 [ 0AB8D9D7C5AC81FC736D7C208F737570, FA54821C2241F86DE90075B90FBDF7CF5340933754076112DCE6B9720E60CDA6 ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
20:14:36.0843 0x5ee4 RT73 - ok
20:14:36.0886 0x5ee4 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
20:14:36.0909 0x5ee4 SamSs - ok
20:14:37.0237 0x5ee4 [ 0D5AE23121FD128B39CBBCAEDA498207, A2299D58812B8593CD782CA3185C7EC24FA60D90565E1415591118A40B31C408 ] Samsung Link Service C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
20:14:37.0302 0x5ee4 Samsung Link Service - ok
20:14:37.0431 0x5ee4 [ D5223BB45782B35407148A47255497C7, 3E4E4D1C5497697A58D43600DEAF555A11D8442E1D466AA2293F737C41541938 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
20:14:37.0454 0x5ee4 SbieDrv - detected UnsignedFile.Multi.Generic ( 1 )
20:14:37.0454 0x5ee4 SbieDrv ( UnsignedFile.Multi.Generic ) - warning
20:14:39.0911 0x5ee4 [ DE88A8D417BB530003D84FCE6774C0F6, 7C8BBA901EAFFCE2A3E1914F5C8B57908D184DE086B743B22C10BB83C61AEA39 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
20:14:39.0920 0x5ee4 SbieSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:14:39.0920 0x5ee4 SbieSvc ( UnsignedFile.Multi.Generic ) - warning
20:14:42.0363 0x5ee4 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:14:42.0379 0x5ee4 sbp2port - ok
20:14:42.0405 0x5ee4 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:14:42.0450 0x5ee4 SCardSvr - ok
20:14:42.0497 0x5ee4 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
20:14:42.0683 0x5ee4 Schedule - ok
20:14:42.0724 0x5ee4 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
20:14:42.0756 0x5ee4 SCPolicySvc - ok
20:14:42.0857 0x5ee4 [ 5C56F715F11DFB160BBF4CB747564866, 7D0EA8190EE0295F38735D3A7EDBDC5DF13BB00C3F466AA33DB5FA80C18DC314 ] scramby C:\Windows\system32\drivers\scramby.sys
20:14:42.0883 0x5ee4 scramby - ok
20:14:42.0921 0x5ee4 [ CCB29ACF557F7172367647B30FD21DBE, AF06D24A6908F9933597F436B743BBCCCE63618E2C715A4DF4C054039F1C0341 ] scramby_out C:\Windows\system32\drivers\scramby_out.sys
20:14:42.0931 0x5ee4 scramby_out - ok
20:14:42.0984 0x5ee4 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:14:43.0039 0x5ee4 SDRSVC - ok
20:14:43.0087 0x5ee4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:14:43.0144 0x5ee4 secdrv - ok
20:14:43.0194 0x5ee4 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
20:14:43.0243 0x5ee4 seclogon - ok
20:14:43.0281 0x5ee4 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
20:14:43.0333 0x5ee4 SENS - ok
20:14:43.0381 0x5ee4 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:14:43.0424 0x5ee4 Serenum - ok
20:14:43.0454 0x5ee4 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:14:43.0524 0x5ee4 Serial - ok
20:14:43.0560 0x5ee4 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:14:43.0608 0x5ee4 sermouse - ok
20:14:43.0941 0x5ee4 [ 5BF59C6BC737BAAF541168E5CB2EC1D9, D792C95C54B9B7A5386EA75318DEF064000F3EDC48845D8EC152A4A6DB931734 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:14:44.0021 0x5ee4 ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
20:14:44.0021 0x5ee4 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:14:46.0514 0x5ee4 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
20:14:46.0573 0x5ee4 SessionEnv - ok
20:14:46.0640 0x5ee4 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:14:46.0725 0x5ee4 sffdisk - ok
20:14:46.0747 0x5ee4 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:14:46.0824 0x5ee4 sffp_mmc - ok
20:14:46.0847 0x5ee4 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:14:46.0913 0x5ee4 sffp_sd - ok
20:14:46.0937 0x5ee4 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:14:46.0996 0x5ee4 sfloppy - ok
20:14:47.0044 0x5ee4 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:14:47.0096 0x5ee4 SharedAccess - ok
20:14:47.0153 0x5ee4 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:14:47.0194 0x5ee4 ShellHWDetection - ok
20:14:47.0228 0x5ee4 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:14:47.0244 0x5ee4 sisagp - ok
20:14:47.0259 0x5ee4 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:14:47.0274 0x5ee4 SiSRaid2 - ok
20:14:47.0287 0x5ee4 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:14:47.0304 0x5ee4 SiSRaid4 - ok
20:14:47.0624 0x5ee4 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
20:14:48.0639 0x5ee4 slsvc - ok
20:14:48.0874 0x5ee4 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:14:48.0930 0x5ee4 SLUINotify - ok
20:14:48.0991 0x5ee4 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:14:49.0047 0x5ee4 Smb - ok
20:14:49.0103 0x5ee4 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:14:49.0145 0x5ee4 SNMPTRAP - ok
20:14:49.0183 0x5ee4 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
20:14:49.0198 0x5ee4 spldr - ok
20:14:49.0257 0x5ee4 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
20:14:49.0328 0x5ee4 Spooler - ok
20:14:49.0425 0x5ee4 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
20:14:49.0479 0x5ee4 srv - ok
20:14:49.0523 0x5ee4 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:14:49.0576 0x5ee4 srv2 - ok
20:14:49.0613 0x5ee4 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:14:49.0647 0x5ee4 srvnet - ok
20:14:49.0681 0x5ee4 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:14:49.0742 0x5ee4 SSDPSRV - ok
20:14:49.0786 0x5ee4 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:14:49.0852 0x5ee4 SstpSvc - ok
20:14:50.0020 0x5ee4 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
20:14:50.0238 0x5ee4 stisvc - ok
20:14:50.0266 0x5ee4 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:14:50.0281 0x5ee4 swenum - ok
20:14:50.0468 0x5ee4 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:14:50.0575 0x5ee4 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:14:50.0575 0x5ee4 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:14:53.0058 0x5ee4 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
20:14:53.0103 0x5ee4 swprv - ok
20:14:53.0158 0x5ee4 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:14:53.0184 0x5ee4 Symc8xx - ok
20:14:53.0218 0x5ee4 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:14:53.0232 0x5ee4 Sym_hi - ok
20:14:53.0268 0x5ee4 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:14:53.0281 0x5ee4 Sym_u3 - ok
20:14:53.0385 0x5ee4 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
20:14:53.0457 0x5ee4 SysMain - ok
20:14:53.0499 0x5ee4 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:14:53.0531 0x5ee4 TabletInputService - ok
20:14:53.0597 0x5ee4 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:14:53.0639 0x5ee4 TapiSrv - ok
20:14:53.0687 0x5ee4 [ 77BD6143C6DCE0A1BF7B5571BED860DC, B628CBA8FF127506C26B2E599A1588255CFD733721B7425D944306E2059C71BA ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
20:14:53.0703 0x5ee4 tbhsd - ok
20:14:53.0760 0x5ee4 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
20:14:53.0807 0x5ee4 TBS - ok
20:14:53.0885 0x5ee4 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:14:53.0989 0x5ee4 Tcpip - ok
20:14:54.0030 0x5ee4 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:14:54.0100 0x5ee4 Tcpip6 - ok
20:14:54.0163 0x5ee4 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:14:54.0251 0x5ee4 tcpipreg - ok
20:14:54.0311 0x5ee4 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:14:54.0344 0x5ee4 TDPIPE - ok
20:14:54.0390 0x5ee4 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:14:54.0474 0x5ee4 TDTCP - ok
20:14:54.0563 0x5ee4 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:14:54.0604 0x5ee4 tdx - ok
20:14:55.0569 0x5ee4 [ 775A7C4B689C0F112A12AD62064E57D1, C9E9B0F89AEA660CA80F8CC1C9E7116E199B267700265BB47640B0A9341C52FF ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
20:14:55.0829 0x5ee4 TeamViewer8 - ok
20:14:55.0866 0x5ee4 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:14:55.0883 0x5ee4 TermDD - ok
20:14:55.0940 0x5ee4 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
20:14:56.0048 0x5ee4 TermService - ok
20:14:56.0087 0x5ee4 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
20:14:56.0117 0x5ee4 Themes - ok
20:14:56.0158 0x5ee4 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
20:14:56.0201 0x5ee4 THREADORDER - ok
20:14:56.0252 0x5ee4 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
20:14:56.0305 0x5ee4 TrkWks - ok
20:14:56.0397 0x5ee4 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:14:56.0439 0x5ee4 TrustedInstaller - ok
20:14:56.0607 0x5ee4 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:14:56.0683 0x5ee4 tssecsrv - ok
20:14:56.0753 0x5ee4 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:14:56.0795 0x5ee4 tunmp - ok
20:14:56.0821 0x5ee4 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:14:56.0850 0x5ee4 tunnel - ok
20:14:56.0881 0x5ee4 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:14:56.0897 0x5ee4 uagp35 - ok
20:14:56.0946 0x5ee4 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:14:56.0980 0x5ee4 udfs - ok
20:14:57.0043 0x5ee4 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:14:57.0078 0x5ee4 UI0Detect - ok
20:14:57.0128 0x5ee4 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:14:57.0143 0x5ee4 uliagpkx - ok
20:14:57.0186 0x5ee4 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:14:57.0208 0x5ee4 uliahci - ok
20:14:57.0273 0x5ee4 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:14:57.0324 0x5ee4 UlSata - ok
20:14:57.0346 0x5ee4 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:14:57.0364 0x5ee4 ulsata2 - ok
20:14:57.0413 0x5ee4 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:14:57.0469 0x5ee4 umbus - ok
20:14:57.0502 0x5ee4 [ 4847639D852763EE39415C929470F672, 75CF9471BA3EA54E5BE66CD7612DA134B3370D7C3FBA8B2682093C03A0AD87B5 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
20:14:57.0529 0x5ee4 UnlockerDriver5 - detected UnsignedFile.Multi.Generic ( 1 )
20:14:57.0529 0x5ee4 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
20:14:59.0995 0x5ee4 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
20:15:00.0054 0x5ee4 upnphost - ok
20:15:00.0079 0x5ee4 [ B1B8BEE26227DAD9835019201552CB05, 992DBB8C81CCAB16B864F4FAC012558BE52ABD38D3F54F587F1B1001EC0F6C07 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
20:15:00.0138 0x5ee4 upperdev - ok
20:15:00.0170 0x5ee4 [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:15:00.0231 0x5ee4 USBAAPL - ok
20:15:00.0282 0x5ee4 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:15:00.0330 0x5ee4 usbccgp - ok
20:15:00.0377 0x5ee4 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:15:00.0464 0x5ee4 usbcir - ok
20:15:00.0495 0x5ee4 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:15:00.0514 0x5ee4 usbehci - ok
20:15:00.0559 0x5ee4 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:15:00.0609 0x5ee4 usbhub - ok
20:15:00.0638 0x5ee4 [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:15:00.0655 0x5ee4 usbohci - ok
20:15:00.0694 0x5ee4 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:15:00.0750 0x5ee4 usbprint - ok
20:15:00.0795 0x5ee4 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:15:00.0820 0x5ee4 usbscan - ok
20:15:00.0880 0x5ee4 [ 8E6C378A885D6FFDA8F05E8D27B95C0E, 351F20B1CB510F7B6B9321EB6C7A97446EF963A89F19F7E7A9CF41381B4B19FF ] usbser C:\Windows\system32\drivers\usbser.sys
20:15:00.0965 0x5ee4 usbser - ok
20:15:01.0025 0x5ee4 [ 98E1FF1D732C6C7200B6C59D4FF8C1C3, 3DD0532C9C9BABD355718E3D1B9B1A024F00B9F2C2BD584BD2AF167783D9B8AC ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
20:15:01.0071 0x5ee4 UsbserFilt - ok
20:15:01.0109 0x5ee4 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:15:01.0145 0x5ee4 USBSTOR - ok
20:15:01.0213 0x5ee4 [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:15:01.0289 0x5ee4 usbuhci - ok
20:15:01.0323 0x5ee4 [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:15:01.0345 0x5ee4 usb_rndisx - ok
20:15:01.0373 0x5ee4 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
20:15:01.0399 0x5ee4 UxSms - ok
20:15:01.0421 0x5ee4 [ B2ABAB4CA46BAD182E27763DC19C780F, D581C2EAD3CEE2FEE8A1B6B0A4088518E78DC63FF38CB3CABA3F9CDC1367D9A9 ] VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
20:15:01.0467 0x5ee4 VCSVADHWSer - ok
20:15:01.0508 0x5ee4 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
20:15:01.0560 0x5ee4 vds - ok
20:15:01.0595 0x5ee4 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:15:01.0655 0x5ee4 vga - ok
20:15:01.0698 0x5ee4 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:15:01.0743 0x5ee4 VgaSave - ok
20:15:01.0763 0x5ee4 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:15:01.0779 0x5ee4 viaagp - ok
20:15:01.0800 0x5ee4 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:15:01.0874 0x5ee4 ViaC7 - ok
20:15:01.0894 0x5ee4 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys
20:15:01.0908 0x5ee4 viaide - ok
20:15:01.0942 0x5ee4 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:15:01.0972 0x5ee4 volmgr - ok
20:15:02.0051 0x5ee4 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:15:02.0078 0x5ee4 volmgrx - ok
20:15:02.0112 0x5ee4 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:15:02.0147 0x5ee4 volsnap - ok
20:15:02.0211 0x5ee4 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:15:02.0227 0x5ee4 vsmraid - ok
20:15:02.0385 0x5ee4 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
20:15:02.0493 0x5ee4 VSS - ok
20:15:02.0539 0x5ee4 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
20:15:02.0638 0x5ee4 W32Time - ok
20:15:02.0662 0x5ee4 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:15:02.0731 0x5ee4 WacomPen - ok
20:15:02.0770 0x5ee4 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:15:02.0818 0x5ee4 Wanarp - ok
20:15:02.0826 0x5ee4 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:15:02.0854 0x5ee4 Wanarpv6 - ok
20:15:02.0936 0x5ee4 [ 59E19BD13C3BDB857646B9E436BA27F7, CC84C607E15F5F29D93510387D5486BAF320BDAF79026A0BECE0D242F7B1DF3E ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:15:02.0993 0x5ee4 WcesComm - ok
20:15:03.0080 0x5ee4 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:15:03.0181 0x5ee4 wcncsvc - ok
20:15:03.0248 0x5ee4 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:15:03.0298 0x5ee4 WcsPlugInService - ok
20:15:03.0337 0x5ee4 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
20:15:03.0356 0x5ee4 Wd - ok
20:15:03.0413 0x5ee4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:15:03.0462 0x5ee4 Wdf01000 - ok
20:15:03.0498 0x5ee4 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:15:03.0561 0x5ee4 WdiServiceHost - ok
20:15:03.0570 0x5ee4 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:15:03.0608 0x5ee4 WdiSystemHost - ok
20:15:03.0658 0x5ee4 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
20:15:03.0689 0x5ee4 WebClient - ok
20:15:03.0749 0x5ee4 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:15:03.0815 0x5ee4 Wecsvc - ok
20:15:03.0855 0x5ee4 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:15:03.0897 0x5ee4 wercplsupport - ok
20:15:03.0913 0x5ee4 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
20:15:03.0972 0x5ee4 WerSvc - ok
20:15:04.0114 0x5ee4 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:15:04.0139 0x5ee4 WinDefend - ok
20:15:04.0148 0x5ee4 WinHttpAutoProxySvc - ok
20:15:04.0251 0x5ee4 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:15:04.0290 0x5ee4 Winmgmt - ok
20:15:04.0386 0x5ee4 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
20:15:04.0545 0x5ee4 WinRM - ok
20:15:04.0647 0x5ee4 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:15:04.0673 0x5ee4 WinUSB - ok
20:15:04.0737 0x5ee4 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:15:04.0812 0x5ee4 Wlansvc - ok
20:15:05.0003 0x5ee4 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:15:05.0230 0x5ee4 wlidsvc - ok
20:15:05.0292 0x5ee4 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:15:05.0351 0x5ee4 WmiAcpi - ok
20:15:05.0410 0x5ee4 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:15:05.0439 0x5ee4 wmiApSrv - ok
20:15:05.0634 0x5ee4 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:15:05.0824 0x5ee4 WMPNetworkSvc - ok
20:15:05.0953 0x5ee4 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:15:06.0010 0x5ee4 WPCSvc - ok
20:15:06.0036 0x5ee4 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:15:06.0077 0x5ee4 WPDBusEnum - ok
20:15:06.0152 0x5ee4 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:15:06.0168 0x5ee4 WpdUsb - ok
20:15:06.0355 0x5ee4 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:15:06.0455 0x5ee4 WPFFontCache_v0400 - ok
20:15:06.0555 0x5ee4 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:15:06.0662 0x5ee4 ws2ifsl - ok
20:15:06.0713 0x5ee4 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
20:15:06.0755 0x5ee4 wscsvc - ok
20:15:06.0764 0x5ee4 WSearch - ok
20:15:06.0959 0x5ee4 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:15:07.0689 0x5ee4 wuauserv - ok
20:15:07.0791 0x5ee4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:15:07.0874 0x5ee4 WudfPf - ok
20:15:07.0915 0x5ee4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:15:07.0959 0x5ee4 WUDFRd - ok
20:15:07.0998 0x5ee4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:15:08.0030 0x5ee4 wudfsvc - ok
20:15:08.0087 0x5ee4 ================ Scan global ===============================
20:15:08.0163 0x5ee4 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:15:08.0275 0x5ee4 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:15:08.0328 0x5ee4 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:15:08.0442 0x5ee4 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:15:08.0457 0x5ee4 [ Global ] - ok
20:15:08.0458 0x5ee4 ================ Scan MBR ==================================
20:15:08.0488 0x5ee4 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:15:09.0176 0x5ee4 \Device\Harddisk0\DR0 - ok
20:15:09.0197 0x5ee4 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
20:15:10.0030 0x5ee4 \Device\Harddisk1\DR1 - ok
20:15:10.0049 0x5ee4 ================ Scan VBR ==================================
20:15:10.0069 0x5ee4 [ 0DECE963E3EF1F68656E5CEE9D73FBD6 ] \Device\Harddisk0\DR0\Partition1
20:15:10.0094 0x5ee4 \Device\Harddisk0\DR0\Partition1 - ok
20:15:10.0104 0x5ee4 [ 1186471E2679E0FB38DC3966D4EAEF84 ] \Device\Harddisk1\DR1\Partition1
20:15:10.0150 0x5ee4 \Device\Harddisk1\DR1\Partition1 - ok
20:15:10.0158 0x5ee4 [ E783026680AB0DFAE0646315B2705D31 ] \Device\Harddisk1\DR1\Partition2
20:15:10.0160 0x5ee4 \Device\Harddisk1\DR1\Partition2 - ok
20:15:10.0184 0x5ee4 [ 1943AD90E5B0B94391EFD0254A0F293B ] \Device\Harddisk1\DR1\Partition3
20:15:10.0185 0x5ee4 \Device\Harddisk1\DR1\Partition3 - ok
20:15:10.0396 0x5ee4 AV detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x40000 ( disabled : updated )
20:15:10.0421 0x5ee4 FW detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x40010 ( disabled )
20:15:10.0439 0x5ee4 Win FW state via NFP2: disabled
20:15:12.0875 0x5ee4 ============================================================
20:15:12.0875 0x5ee4 Scan finished
20:15:12.0875 0x5ee4 ============================================================
20:15:12.0899 0x5e64 Detected object count: 10
20:15:12.0899 0x5e64 Actual detected object count: 10
20:16:40.0600 0x5e64 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:16:40.0600 0x5e64 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:16:40.0604 0x5e64 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0604 0x5e64 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0607 0x5e64 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0607 0x5e64 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0616 0x5e64 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0616 0x5e64 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0617 0x5e64 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0617 0x5e64 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0623 0x5e64 SbieDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0623 0x5e64 SbieDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0630 0x5e64 SbieSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0631 0x5e64 SbieSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0633 0x5e64 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0633 0x5e64 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0636 0x5e64 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0637 0x5e64 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:40.0641 0x5e64 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:40.0645 0x5e64 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.03.2014, 14:33
| #8 |
| /// the machine /// TB-Ausbilder | Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) Auch sauber. Vista Scheibe zur Hand? Dann machen wir ne Rep-Installation.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Vista: Windows Explorer stürzt nacht Start ab (Dauerschleife) |
| akamai, avp, bonjour, downloader, ebanking, explorer funktioniert nicht, flash player, funktioniert nicht mehr, helper, home, homepage, hängen, hängt, kaspersky, live cd, logfile, maximal, mozilla, problem, programm, registry, scan, security, software, starten, svchost.exe, taskmanager, tastatur, tracker, vista, windows |
Linear-Darstellung
