| |
| |||||||
Log-Analyse und Auswertung: Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.05.2014, 18:37
| #1 |
| |  Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Hallo Trojaner  Als ich Heute Morgen meinen Laptop (HP G62, Windows 7, 64bit, Kaspersky 2014) angemacht und mich angemeldet hab, kam folgende Meldung "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten." Hab erstmal gedacht, ok, dann lass ichn halt neu starten, die Meldung kam aber jedes mal wieder, auch ohne mich anzumelden hat er neugestartet (aber ohne richtiges herunterfahren, der Laptop geht einfach aus und startet dann wieder). Abgesicherte Modus geht noch, aber der ist ja wohl auch keine Dauerlösung . Hab dann erstmal Kaspersky durchlaufen lassen, hat aber nichts gefunden...Anschließend hab ich diverse antimalware Programme durchlaufen lassen (Google ), hat aber alles nichts gebracht. Bevor ich jetzt auf die Werkeinstellungen zurücksetze wollte ich dann doch mal hier nachfragen. also hier mal die gewünschten Logs, falls noch was fehlt, bzw noch was zusätzlich mit rein soll, einfach fragen, am besten noch mit kurzer erklärung FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01 Ran by Paul Roters (administrator) on PAULROTERS-HP on 25-05-2014 18:46:01 Running from C:\Users\Paul Roters\Desktop\Trojanboard Platform: Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (OldTimer Tools) C:\Users\Paul Roters\Desktop\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe [243544 2010-04-13] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company) HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default FF NewTab: user_pref("browser.newtab.url", ""); FF SearchEngineOrder.1: Search Gol FF Homepage: about:home FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: YouTube High Definition - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-03-15] FF Extension: Web Developer - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-04-20] FF Extension: Adblock Plus - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-03] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010-10-12] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-25] ==================== Services (Whitelisted) ================= S2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S4 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S4 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( ) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-28] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-25] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-19] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-20] (Kaspersky Lab ZAO) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-05-21] (Duplex Secure Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-25 18:45 - 2014-05-25 18:46 - 00000000 ____D () C:\FRST 2014-05-25 18:44 - 2014-05-25 18:46 - 00000000 ____D () C:\Users\Paul Roters\Desktop\Trojanboard 2014-05-25 18:44 - 2014-05-25 18:45 - 00099616 _____ () C:\Users\Paul Roters\Desktop\Extras.Txt 2014-05-25 18:44 - 2014-05-25 18:44 - 00103256 _____ () C:\Users\Paul Roters\Desktop\OTL.Txt 2014-05-25 18:40 - 2014-05-25 18:40 - 00602112 _____ (OldTimer Tools) C:\Users\Paul Roters\Desktop\OTL.exe 2014-05-25 18:27 - 2014-05-25 18:27 - 00026795 _____ () C:\ComboFix.txt 2014-05-25 17:52 - 2014-05-25 17:52 - 00860104 _____ () C:\Users\Paul Roters\Desktop\401539_intl_x64_zip.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 02347384 _____ (ESET) C:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-25 17:31 - 2014-05-25 17:32 - 231785784 _____ (Emsisoft GmbH ) C:\Users\Paul Roters\Desktop\EmsisoftAntiMalwareSetup.exe 2014-05-25 17:10 - 2014-05-25 17:14 - 00000000 ____D () C:\AdwCleaner 2014-05-25 17:09 - 2014-05-25 17:09 - 01326389 _____ () C:\Users\Paul Roters\Desktop\adwcleaner_3.210.exe 2014-05-25 16:52 - 2014-05-25 16:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-25 16:52 - 2014-05-25 16:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-25 16:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-25 16:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-25 16:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-25 16:51 - 2014-05-25 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul Roters\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-25 16:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-25 16:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-25 16:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-25 16:28 - 2014-05-25 18:27 - 00000000 ____D () C:\Qoobox 2014-05-25 16:27 - 2014-05-25 18:12 - 00000000 ____D () C:\Windows\erdnt 2014-05-25 16:26 - 2014-05-25 16:26 - 05200426 ____R (Swearware) C:\Users\Paul Roters\Desktop\ComboFix.exe 2014-05-24 23:07 - 2014-05-24 23:07 - 00000000 _____ () C:\Windows\SysWOW64\sho9BD8.tmp 2014-05-16 16:53 - 2014-05-16 16:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-16 16:53 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\Program Files\iTunes 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-16 16:52 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iPod 2014-05-11 13:18 - 2014-05-11 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 22:48 - 2014-05-07 22:48 - 00013768 _____ () C:\Users\Paul Roters\Downloads\HanDOUt.odt 2014-05-07 22:25 - 2014-05-07 23:07 - 00027472 _____ () C:\Users\Paul Roters\Downloads\englisch handout.odt 2014-05-06 20:05 - 2014-05-06 20:05 - 00001010 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse 2014-05-06 19:59 - 2014-05-06 19:59 - 00689946 _____ (Remote Mouse ) C:\Users\Paul Roters\Downloads\RemoteMouse.exe 2014-05-05 20:11 - 2014-05-07 20:15 - 34468898 _____ () C:\Users\Paul Roters\Desktop\Englisch.odp 2014-05-02 23:52 - 2014-05-02 23:52 - 00000000 _____ () C:\Windows\SysWOW64\sho4E96.tmp 2014-04-29 08:59 - 2014-05-05 19:08 - 11812058 _____ () C:\Users\Paul Roters\Desktop\caribbean culture.odp 2014-04-29 08:22 - 2011-02-19 08:37 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-04-28 19:35 - 2014-04-28 19:35 - 03822704 _____ () C:\Users\Paul Roters\Downloads\battlelog-web-plugins_2.3.2_133.exe 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ____D () C:\Users\Paul Roters\AppData\Local\Skype 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= 2014-05-25 23:17 - 2013-03-25 04:35 - 00000000 ____D () C:\ProgramData\Recovery 2014-05-25 18:46 - 2014-05-25 18:45 - 00000000 ____D () C:\FRST 2014-05-25 18:46 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Paul Roters\Desktop\Trojanboard 2014-05-25 18:45 - 2014-05-25 18:44 - 00099616 _____ () C:\Users\Paul Roters\Desktop\Extras.Txt 2014-05-25 18:45 - 2013-04-20 20:39 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\NetSpeedMonitor 2014-05-25 18:44 - 2014-05-25 18:44 - 00103256 _____ () C:\Users\Paul Roters\Desktop\OTL.Txt 2014-05-25 18:40 - 2014-05-25 18:40 - 00602112 _____ (OldTimer Tools) C:\Users\Paul Roters\Desktop\OTL.exe 2014-05-25 18:32 - 2010-10-12 12:03 - 01483822 _____ () C:\Windows\WindowsUpdate.log 2014-05-25 18:27 - 2014-05-25 18:27 - 00026795 _____ () C:\ComboFix.txt 2014-05-25 18:27 - 2014-05-25 16:28 - 00000000 ____D () C:\Qoobox 2014-05-25 18:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-25 18:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-25 18:20 - 2009-07-14 06:51 - 00102372 _____ () C:\Windows\setupact.log 2014-05-25 18:15 - 2013-03-24 19:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-25 18:13 - 2013-03-24 18:37 - 00234682 _____ () C:\Windows\PFRO.log 2014-05-25 18:12 - 2014-05-25 16:27 - 00000000 ____D () C:\Windows\erdnt 2014-05-25 17:52 - 2014-05-25 17:52 - 00860104 _____ () C:\Users\Paul Roters\Desktop\401539_intl_x64_zip.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 02347384 _____ (ESET) C:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-25 17:32 - 2014-05-25 17:31 - 231785784 _____ (Emsisoft GmbH ) C:\Users\Paul Roters\Desktop\EmsisoftAntiMalwareSetup.exe 2014-05-25 17:14 - 2014-05-25 17:10 - 00000000 ____D () C:\AdwCleaner 2014-05-25 17:09 - 2014-05-25 17:09 - 01326389 _____ () C:\Users\Paul Roters\Desktop\adwcleaner_3.210.exe 2014-05-25 16:52 - 2014-05-25 16:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-25 16:52 - 2014-05-25 16:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-25 16:51 - 2014-05-25 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul Roters\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-25 16:26 - 2014-05-25 16:26 - 05200426 ____R (Swearware) C:\Users\Paul Roters\Desktop\ComboFix.exe 2014-05-25 16:17 - 2013-03-24 20:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-25 15:59 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-24 23:07 - 2014-05-24 23:07 - 00000000 _____ () C:\Windows\SysWOW64\sho9BD8.tmp 2014-05-24 22:01 - 2014-01-24 16:44 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForPaul Roters.job 2014-05-24 17:55 - 2013-03-24 19:47 - 00000000 ____D () C:\ProgramData\Origin 2014-05-24 17:21 - 2013-03-24 20:45 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-05-24 17:21 - 2013-03-24 20:37 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-05-24 17:20 - 2013-03-24 20:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-05-24 16:26 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 16:26 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 16:19 - 2013-03-24 19:47 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-24 16:18 - 2014-03-05 23:21 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-24 16:15 - 2013-09-02 19:19 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\Skype 2014-05-23 15:09 - 2013-04-05 10:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-23 15:09 - 2013-03-29 13:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-05-20 20:42 - 2014-02-27 19:33 - 00000000 ____D () C:\Users\Paul Roters\Documents\Aufsicht 2014-05-20 16:28 - 2013-04-12 18:59 - 00036472 _____ () C:\ProgramData\lxeascan.log 2014-05-20 16:25 - 2013-04-12 19:22 - 00000000 ____D () C:\ProgramData\Lx_cats 2014-05-19 21:08 - 2010-07-20 23:46 - 01111210 _____ () C:\Windows\system32\perfh007.dat 2014-05-19 21:08 - 2010-07-20 23:46 - 00275056 _____ () C:\Windows\system32\perfc007.dat 2014-05-19 21:08 - 2009-07-14 07:13 - 00005414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 16:53 - 2014-05-16 16:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-16 16:53 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iTunes 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-16 16:52 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iPod 2014-05-15 19:05 - 2013-08-05 13:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:49 - 2013-04-21 10:58 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 20:56 - 2013-08-02 11:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 20:56 - 2013-03-24 20:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:56 - 2013-03-24 20:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 14:41 - 2013-03-24 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 07:26 - 2014-05-25 16:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-25 16:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-25 16:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 13:18 - 2014-05-11 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 16:01 - 2014-01-24 16:44 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPaul Roters 2014-05-08 18:40 - 2013-03-24 18:49 - 00111728 _____ () C:\Users\Paul Roters\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-07 23:13 - 2013-07-31 00:15 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\SoftGrid Client 2014-05-07 23:07 - 2014-05-07 22:25 - 00027472 _____ () C:\Users\Paul Roters\Downloads\englisch handout.odt 2014-05-07 22:48 - 2014-05-07 22:48 - 00013768 _____ () C:\Users\Paul Roters\Downloads\HanDOUt.odt 2014-05-07 20:15 - 2014-05-05 20:11 - 34468898 _____ () C:\Users\Paul Roters\Desktop\Englisch.odp 2014-05-06 20:05 - 2014-05-06 20:05 - 00001010 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse 2014-05-06 19:59 - 2014-05-06 19:59 - 00689946 _____ (Remote Mouse ) C:\Users\Paul Roters\Downloads\RemoteMouse.exe 2014-05-05 19:08 - 2014-04-29 08:59 - 11812058 _____ () C:\Users\Paul Roters\Desktop\caribbean culture.odp 2014-05-02 23:52 - 2014-05-02 23:52 - 00000000 _____ () C:\Windows\SysWOW64\sho4E96.tmp 2014-04-29 08:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-28 19:36 - 2013-03-24 19:48 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-04-28 19:35 - 2014-04-28 19:35 - 03822704 _____ () C:\Users\Paul Roters\Downloads\battlelog-web-plugins_2.3.2_133.exe 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ____D () C:\Users\Paul Roters\AppData\Local\Skype 2014-04-25 18:52 - 2014-04-25 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-25 18:52 - 2013-09-02 19:18 - 00000000 ____D () C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\Paul Roters\AppData\Local\Temp\cleanup_tool.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 15:45 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 01
Ran by Paul Roters at 2014-05-25 18:46:17
Running from C:\Users\Paul Roters\Desktop\Trojanboard
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1438.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1438.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.6.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.1 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube Download version 3.2.1.320 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.1.320 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{B360E24A-BF25-4353-AA79-1B54F509024A}) (Version: 1.0.0.0 - Hewlett-Packard)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{3A0FD0E8-7825-468D-8808-A5D63B11777B}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
MAGIX Screenshare (HKLM-x32\...\{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{494420A9-5F25-457B-9BBF-228E6A73B94B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 17 Premium Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.1.14 - MAGIX AG)
MAGIX Video deluxe 17 Premium Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Remote Mouse version 2.54 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.54 - Remote Mouse)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
29-04-2014 14:29:20 Windows Update
29-04-2014 20:43:48 Windows Update
06-05-2014 13:35:55 Windows Update
09-05-2014 13:54:18 Windows Update
13-05-2014 12:45:54 Windows Update
14-05-2014 20:49:00 Windows Update
21-05-2014 16:01:42 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-25 18:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0649EE32-7DEA-4F45-B579-5C0E7930FDCF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {12295BEA-7732-4FD6-8741-5E5802E80B0A} - \BrowserProtect No Task File <==== ATTENTION
Task: {165B6E0E-2FFE-4808-A724-DA2B66C32E59} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {1B6EACD2-8A26-4812-BD10-C89BC423BAA2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {1C88A865-1390-4800-A76D-AC691B8589BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3FCDB54B-94C4-44F4-AA33-B196CD6EA097} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {429B0B1D-AE80-43D1-9233-A0B2F13D9907} - System32\Tasks\HPCeeScheduleForPaul Roters => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {66DDD10D-0DBC-4C8F-A0FF-2061D21F975E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-13] (Microsoft)
Task: {6EB43932-86B0-4F66-8677-C0204D8D6B57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {7DC3B83D-A4C1-4CE3-AB44-1AAB9BD177CE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AC4ABFAF-1DD6-4965-8CB9-4701AB88F427} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {B4C6F96E-BD19-41FC-971D-56DAE3F0B23E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C5C20CFE-9C6F-4512-B008-6F99538D6F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {CFE93DA0-B64F-4BA2-84B5-113173E2B227} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {DF6BA6D5-4D28-4301-85C3-AD5D7A531A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F0AFD49D-664B-458A-BBC7-2D0448A4732E} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F1264F8A-3CB3-4A04-80E0-761E3EDB0DBC} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPaul Roters.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-03-29 22:45 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-11 13:18 - 2014-05-11 13:18 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-18 15:53 - 2012-11-18 15:53 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-03-29 22:45 - 2012-02-17 21:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext32.dll
2014-05-14 20:56 - 2014-05-14 20:56 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: lxea_device => 2
MSCONFIG\startupfolder: C:^Users^Paul Roters^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Paul Roters^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: TrayServer => C:\Spiele\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe
MSCONFIG\startupreg: Voobly => "C:\Program Files (x86)\Voobly\voobly.exe" --startup
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2014 06:27:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (05/25/2014 06:22:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (05/25/2014 06:13:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc10e
Name des fehlerhaften Moduls: apphelp.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdeac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001444
ID des fehlerhaften Prozesses: 0x2e0
Startzeit der fehlerhaften Anwendung: 0xservices.exe0
Pfad der fehlerhaften Anwendung: services.exe1
Pfad des fehlerhaften Moduls: services.exe2
Berichtskennung: services.exe3
Error: (05/25/2014 06:04:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).
Error: (05/25/2014 06:04:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/25/2014 06:04:44 PM) (Source: VSS) (EventID: 18) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/25/2014 06:00:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (05/25/2014 05:37:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (05/25/2014 05:37:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (05/25/2014 04:31:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).
System errors:
=============
Error: (05/25/2014 06:32:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (05/25/2014 06:27:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:24:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:22:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:22:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (05/25/2014 06:22:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (05/25/2014 06:22:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:22:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:22:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/25/2014 06:22:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (05/25/2014 06:27:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe
Error: (05/25/2014 06:22:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe
Error: (05/25/2014 06:13:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: services.exe6.1.7600.163854a5bc10eapphelp.dll6.1.7600.163854a5bdeacc000000500000000000014442e001cf78343a7879c2C:\Windows\system32\services.exeC:\Windows\system32\apphelp.dll8eca836d-e427-11e3-b846-a42e4cc6e1a1
Error: (05/25/2014 06:04:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
Error: (05/25/2014 06:04:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/25/2014 06:04:44 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/25/2014 06:00:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe
Error: (05/25/2014 05:37:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe
Error: (05/25/2014 05:37:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe
Error: (05/25/2014 04:31:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
CodeIntegrity Errors:
===================================
Date: 2014-05-25 18:12:16.491
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:12:16.460
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:12:16.429
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:12:16.398
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:05:25.554
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:05:25.523
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:05:25.492
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 18:05:25.461
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 16:39:52.052
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-25 16:39:52.021
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 3893.86 MB
Available physical RAM: 2751.37 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 6809.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.98 GB) (Free:48.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CB9E9924)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-05-25 18:55:43 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\PAULRO~1\AppData\Local\Temp\uxryifoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\Paul Roters\Desktop\OTL.exe[2256] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76] .text C:\Users\Paul Roters\Desktop\OTL.exe[2256] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x76 0x40 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x76 0x40 0x62 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Also ich hoffe mal, das Problem ist nicht unlösbar, und wäre sehr dankbar, wenn mir jmd von euch helfen könnte. mfg Paul |
|
25.05.2014, 18:44
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.05.2014, 19:27
| #3 |
| | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Danke für die schnelle Antwort!
__________________Malwarebytes hat beim ersten durchlauf nichts gefunden, also hab ich mir den 2. nach dem Neutsart gespart. Hier der Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.05.25.05
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Paul Roters :: PAULROTERS-HP [administrator]
25.05.2014 20:04:13
mbar-log-2014-05-25 (20-04-13).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 313426
Time elapsed: 8 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Und hier der TDSSKiller (hat was gefunden!) log: Code:
ATTFilter 20:22:23.0342 0x0b6c TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
20:22:26.0604 0x0b6c ============================================================
20:22:26.0604 0x0b6c Current date / time: 2014/05/25 20:22:26.0604
20:22:26.0604 0x0b6c SystemInfo:
20:22:26.0604 0x0b6c
20:22:26.0604 0x0b6c OS Version: 6.1.7600 ServicePack: 0.0
20:22:26.0604 0x0b6c Product type: Workstation
20:22:26.0604 0x0b6c ComputerName: PAULROTERS-HP
20:22:26.0605 0x0b6c UserName: Paul Roters
20:22:26.0605 0x0b6c Windows directory: C:\Windows
20:22:26.0605 0x0b6c System windows directory: C:\Windows
20:22:26.0605 0x0b6c Running under WOW64
20:22:26.0605 0x0b6c Processor architecture: Intel x64
20:22:26.0605 0x0b6c Number of processors: 4
20:22:26.0605 0x0b6c Page size: 0x1000
20:22:26.0605 0x0b6c Boot type: Safe boot with network
20:22:26.0605 0x0b6c ============================================================
20:22:26.0860 0x0b6c KLMD registered as C:\Windows\system32\drivers\51210706.sys
20:22:26.0986 0x0b6c System UUID: {35C6CFC6-3F15-3DFE-E8E8-237EDB976439}
20:22:27.0387 0x0b6c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:27.0389 0x0b6c ============================================================
20:22:27.0389 0x0b6c \Device\Harddisk0\DR0:
20:22:27.0389 0x0b6c MBR partitions:
20:22:27.0390 0x0b6c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:22:27.0390 0x0b6c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x233F5000
20:22:27.0390 0x0b6c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23459000, BlocksNum 0x1FA1800
20:22:27.0390 0x0b6c \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
20:22:27.0390 0x0b6c ============================================================
20:22:27.0411 0x0b6c C: <-> \Device\Harddisk0\DR0\Partition2
20:22:27.0457 0x0b6c D: <-> \Device\Harddisk0\DR0\Partition3
20:22:27.0458 0x0b6c ============================================================
20:22:27.0458 0x0b6c Initialize success
20:22:27.0458 0x0b6c ============================================================
20:23:24.0452 0x0bb0 ============================================================
20:23:24.0452 0x0bb0 Scan started
20:23:24.0452 0x0bb0 Mode: Manual; SigCheck; TDLFS;
20:23:24.0452 0x0bb0 ============================================================
20:23:24.0452 0x0bb0 KSN ping started
20:23:26.0937 0x0bb0 KSN ping finished: true
20:23:27.0075 0x0bb0 ================ Scan system memory ========================
20:23:27.0075 0x0bb0 System memory - ok
20:23:27.0075 0x0bb0 ================ Scan services =============================
20:23:27.0230 0x0bb0 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:23:27.0512 0x0bb0 1394ohci - ok
20:23:27.0542 0x0bb0 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:23:27.0558 0x0bb0 ACPI - ok
20:23:27.0595 0x0bb0 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:23:27.0645 0x0bb0 AcpiPmi - ok
20:23:27.0748 0x0bb0 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:27.0772 0x0bb0 AdobeFlashPlayerUpdateSvc - ok
20:23:27.0824 0x0bb0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:27.0851 0x0bb0 adp94xx - ok
20:23:27.0885 0x0bb0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:23:27.0910 0x0bb0 adpahci - ok
20:23:27.0936 0x0bb0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:23:27.0949 0x0bb0 adpu320 - ok
20:23:27.0986 0x0bb0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:23:28.0098 0x0bb0 AeLookupSvc - ok
20:23:28.0161 0x0bb0 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:23:28.0171 0x0bb0 AERTFilters - ok
20:23:28.0236 0x0bb0 [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
20:23:28.0300 0x0bb0 AFD - ok
20:23:28.0360 0x0bb0 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:23:28.0487 0x0bb0 AgereSoftModem - ok
20:23:28.0520 0x0bb0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:23:28.0529 0x0bb0 agp440 - ok
20:23:28.0556 0x0bb0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:23:28.0594 0x0bb0 ALG - ok
20:23:28.0625 0x0bb0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:23:28.0633 0x0bb0 aliide - ok
20:23:28.0677 0x0bb0 [ CC180E1E0700995340C838BC1A729577, F04A7CDAD0ED6C3E8437F20D12219AEBA49F818A8065E1D2114E16E632F6E09D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:23:28.0714 0x0bb0 AMD External Events Utility - ok
20:23:28.0729 0x0bb0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:23:28.0737 0x0bb0 amdide - ok
20:23:28.0761 0x0bb0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:23:28.0781 0x0bb0 AmdK8 - ok
20:23:28.0981 0x0bb0 [ 8155EA1864D1FA8B168C46C41ED97A76, 5161C92B87FA283288649DA9AD5BADEF9959A4AB1B82D3D0D798E2330E56DB14 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:29.0264 0x0bb0 amdkmdag - ok
20:23:29.0287 0x0bb0 [ 4841C7AF2BAC05AE23955D65B4336446, 1D3619FC366DD7675629B9C602641C7D68EE984BCC9654592F1D0070B44724E2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:29.0318 0x0bb0 amdkmdap - ok
20:23:29.0332 0x0bb0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:23:29.0354 0x0bb0 AmdPPM - ok
20:23:29.0386 0x0bb0 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:23:29.0397 0x0bb0 amdsata - ok
20:23:29.0422 0x0bb0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:29.0435 0x0bb0 amdsbs - ok
20:23:29.0450 0x0bb0 [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:23:29.0459 0x0bb0 amdxata - ok
20:23:29.0496 0x0bb0 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
20:23:29.0558 0x0bb0 AppID - ok
20:23:29.0579 0x0bb0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:23:29.0627 0x0bb0 AppIDSvc - ok
20:23:29.0643 0x0bb0 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
20:23:29.0673 0x0bb0 Appinfo - ok
20:23:29.0800 0x0bb0 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:29.0809 0x0bb0 Apple Mobile Device - ok
20:23:29.0843 0x0bb0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:23:29.0853 0x0bb0 arc - ok
20:23:29.0877 0x0bb0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:23:29.0888 0x0bb0 arcsas - ok
20:23:29.0903 0x0bb0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:29.0952 0x0bb0 AsyncMac - ok
20:23:29.0976 0x0bb0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:23:29.0985 0x0bb0 atapi - ok
20:23:30.0025 0x0bb0 [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:23:30.0058 0x0bb0 AtiHDAudioService - ok
20:23:30.0086 0x0bb0 [ 2D648572BA9A610952FCAFBA1E119C2D, 4CD7E7D3C878DEF8CC18A925EAB1E0E8E8893BE99DA1E1F78FE9AD12EF1C48BC ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:23:30.0147 0x0bb0 AtiHdmiService - ok
20:23:30.0212 0x0bb0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:23:30.0281 0x0bb0 AudioEndpointBuilder - ok
20:23:30.0298 0x0bb0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:23:30.0345 0x0bb0 AudioSrv - ok
20:23:30.0451 0x0bb0 [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] avp C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
20:23:30.0466 0x0bb0 avp - ok
20:23:30.0506 0x0bb0 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:23:30.0533 0x0bb0 AxInstSV - ok
20:23:30.0587 0x0bb0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:30.0640 0x0bb0 b06bdrv - ok
20:23:30.0672 0x0bb0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:30.0708 0x0bb0 b57nd60a - ok
20:23:30.0854 0x0bb0 [ 810BE94A9E42309B3F74217AC28BC6AC, 98959361B715911553434FF5AFAC2C4C71BE2AF032B935A2B84EBC56E81ED32E ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:23:30.0926 0x0bb0 BCM43XX - ok
20:23:30.0993 0x0bb0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:23:31.0030 0x0bb0 BDESVC - ok
20:23:31.0055 0x0bb0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:23:31.0094 0x0bb0 Beep - ok
20:23:31.0144 0x0bb0 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
20:23:31.0228 0x0bb0 BFE - ok
20:23:31.0277 0x0bb0 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\system32\qmgr.dll
20:23:31.0436 0x0bb0 BITS - ok
20:23:31.0455 0x0bb0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:31.0475 0x0bb0 blbdrive - ok
20:23:31.0544 0x0bb0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:23:31.0563 0x0bb0 Bonjour Service - ok
20:23:31.0610 0x0bb0 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:23:31.0641 0x0bb0 bowser - ok
20:23:31.0672 0x0bb0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:31.0703 0x0bb0 BrFiltLo - ok
20:23:31.0703 0x0bb0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:31.0735 0x0bb0 BrFiltUp - ok
20:23:31.0766 0x0bb0 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:23:31.0797 0x0bb0 BridgeMP - ok
20:23:31.0828 0x0bb0 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
20:23:31.0875 0x0bb0 Browser - ok
20:23:31.0891 0x0bb0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:23:31.0922 0x0bb0 Brserid - ok
20:23:31.0937 0x0bb0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:31.0953 0x0bb0 BrSerWdm - ok
20:23:31.0969 0x0bb0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:32.0000 0x0bb0 BrUsbMdm - ok
20:23:32.0000 0x0bb0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:32.0015 0x0bb0 BrUsbSer - ok
20:23:32.0047 0x0bb0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:32.0078 0x0bb0 BTHMODEM - ok
20:23:32.0109 0x0bb0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:23:32.0156 0x0bb0 bthserv - ok
20:23:32.0203 0x0bb0 catchme - ok
20:23:32.0218 0x0bb0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:23:32.0265 0x0bb0 cdfs - ok
20:23:32.0281 0x0bb0 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:23:32.0312 0x0bb0 cdrom - ok
20:23:32.0343 0x0bb0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
20:23:32.0374 0x0bb0 CertPropSvc - ok
20:23:32.0405 0x0bb0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:23:32.0421 0x0bb0 circlass - ok
20:23:32.0452 0x0bb0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:23:32.0468 0x0bb0 CLFS - ok
20:23:32.0530 0x0bb0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:32.0546 0x0bb0 clr_optimization_v2.0.50727_32 - ok
20:23:32.0577 0x0bb0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:32.0577 0x0bb0 clr_optimization_v2.0.50727_64 - ok
20:23:32.0671 0x0bb0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:32.0717 0x0bb0 clr_optimization_v4.0.30319_32 - ok
20:23:32.0764 0x0bb0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:32.0780 0x0bb0 clr_optimization_v4.0.30319_64 - ok
20:23:32.0811 0x0bb0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:32.0827 0x0bb0 CmBatt - ok
20:23:32.0842 0x0bb0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:23:32.0858 0x0bb0 cmdide - ok
20:23:32.0905 0x0bb0 [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
20:23:32.0951 0x0bb0 CNG - ok
20:23:32.0967 0x0bb0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:23:32.0967 0x0bb0 Compbatt - ok
20:23:32.0998 0x0bb0 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:23:33.0014 0x0bb0 CompositeBus - ok
20:23:33.0029 0x0bb0 COMSysApp - ok
20:23:33.0045 0x0bb0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:33.0045 0x0bb0 crcdisk - ok
20:23:33.0139 0x0bb0 [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:23:33.0170 0x0bb0 CryptSvc - ok
20:23:33.0341 0x0bb0 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:23:33.0388 0x0bb0 cvhsvc - ok
20:23:33.0419 0x0bb0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:23:33.0497 0x0bb0 DcomLaunch - ok
20:23:33.0544 0x0bb0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:23:33.0607 0x0bb0 defragsvc - ok
20:23:33.0653 0x0bb0 [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:23:33.0685 0x0bb0 DfsC - ok
20:23:33.0716 0x0bb0 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:23:33.0778 0x0bb0 Dhcp - ok
20:23:33.0841 0x0bb0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:23:33.0887 0x0bb0 discache - ok
20:23:33.0919 0x0bb0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:23:33.0919 0x0bb0 Disk - ok
20:23:33.0981 0x0bb0 [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:23:34.0012 0x0bb0 Dnscache - ok
20:23:34.0028 0x0bb0 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
20:23:34.0090 0x0bb0 dot3svc - ok
20:23:34.0106 0x0bb0 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
20:23:34.0137 0x0bb0 DPS - ok
20:23:34.0168 0x0bb0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:23:34.0184 0x0bb0 drmkaud - ok
20:23:34.0277 0x0bb0 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:23:34.0324 0x0bb0 DXGKrnl - ok
20:23:34.0340 0x0bb0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:23:34.0387 0x0bb0 EapHost - ok
20:23:34.0496 0x0bb0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:23:34.0636 0x0bb0 ebdrv - ok
20:23:34.0683 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
20:23:34.0714 0x0bb0 EFS - ok
20:23:34.0792 0x0bb0 [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:23:34.0855 0x0bb0 ehRecvr - ok
20:23:34.0886 0x0bb0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:23:34.0917 0x0bb0 ehSched - ok
20:23:34.0979 0x0bb0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:23:35.0026 0x0bb0 elxstor - ok
20:23:35.0026 0x0bb0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:23:35.0057 0x0bb0 ErrDev - ok
20:23:35.0104 0x0bb0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:23:35.0182 0x0bb0 EventSystem - ok
20:23:35.0198 0x0bb0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:23:35.0229 0x0bb0 exfat - ok
20:23:35.0245 0x0bb0 ezSharedSvc - ok
20:23:35.0276 0x0bb0 Fabs - ok
20:23:35.0291 0x0bb0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:23:35.0338 0x0bb0 fastfat - ok
20:23:35.0369 0x0bb0 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
20:23:35.0432 0x0bb0 Fax - ok
20:23:35.0447 0x0bb0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:23:35.0463 0x0bb0 fdc - ok
20:23:35.0479 0x0bb0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:23:35.0510 0x0bb0 fdPHost - ok
20:23:35.0525 0x0bb0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:23:35.0557 0x0bb0 FDResPub - ok
20:23:35.0588 0x0bb0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:23:35.0603 0x0bb0 FileInfo - ok
20:23:35.0603 0x0bb0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:23:35.0650 0x0bb0 Filetrace - ok
20:23:35.0744 0x0bb0 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:23:35.0915 0x0bb0 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
20:23:35.0978 0x0bb0 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
20:23:38.0474 0x0bb0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:38.0489 0x0bb0 flpydisk - ok
20:23:38.0521 0x0bb0 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:23:38.0552 0x0bb0 FltMgr - ok
20:23:38.0630 0x0bb0 [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
20:23:38.0677 0x0bb0 FontCache - ok
20:23:38.0708 0x0bb0 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:38.0723 0x0bb0 FontCache3.0.0.0 - ok
20:23:38.0755 0x0bb0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:23:38.0770 0x0bb0 FsDepends - ok
20:23:38.0817 0x0bb0 [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:23:38.0817 0x0bb0 Fs_Rec - ok
20:23:38.0879 0x0bb0 [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:23:38.0895 0x0bb0 fvevol - ok
20:23:38.0911 0x0bb0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:38.0926 0x0bb0 gagp30kx - ok
20:23:38.0973 0x0bb0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:23:38.0989 0x0bb0 GEARAspiWDM - ok
20:23:39.0020 0x0bb0 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
20:23:39.0098 0x0bb0 gpsvc - ok
20:23:39.0098 0x0bb0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:23:39.0145 0x0bb0 hcw85cir - ok
20:23:39.0176 0x0bb0 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:23:39.0207 0x0bb0 HdAudAddService - ok
20:23:39.0238 0x0bb0 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:23:39.0269 0x0bb0 HDAudBus - ok
20:23:39.0285 0x0bb0 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:23:39.0301 0x0bb0 HECIx64 - ok
20:23:39.0301 0x0bb0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:39.0332 0x0bb0 HidBatt - ok
20:23:39.0347 0x0bb0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:23:39.0363 0x0bb0 HidBth - ok
20:23:39.0394 0x0bb0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:23:39.0425 0x0bb0 HidIr - ok
20:23:39.0425 0x0bb0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
20:23:39.0488 0x0bb0 hidserv - ok
20:23:39.0503 0x0bb0 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:23:39.0519 0x0bb0 HidUsb - ok
20:23:39.0535 0x0bb0 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
20:23:39.0581 0x0bb0 hkmsvc - ok
20:23:39.0613 0x0bb0 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:23:39.0628 0x0bb0 HomeGroupListener - ok
20:23:39.0644 0x0bb0 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:23:39.0675 0x0bb0 HomeGroupProvider - ok
20:23:39.0737 0x0bb0 [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:23:39.0737 0x0bb0 HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
20:23:39.0737 0x0bb0 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:23:42.0233 0x0bb0 [ 3A09322A8AA8B0C79036686A0EBE7B4C, A110ECBBD9A0EDAA134B95F9FB3428F33F7629480ABCF36F58891837EE1B04C0 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:23:42.0249 0x0bb0 HP Wireless Assistant Service - ok
20:23:42.0296 0x0bb0 [ BCC4A8B2E2E902F52E7F2E7D8E125765, 4253DEABF5E4613E42BFC921BF4E2DD5BDF80A640250F41BDA7DD2711A6BA8A1 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:23:42.0311 0x0bb0 HPDrvMntSvc.exe - ok
20:23:42.0358 0x0bb0 [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:23:42.0405 0x0bb0 hpqwmiex - ok
20:23:42.0436 0x0bb0 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:23:42.0436 0x0bb0 HpSAMD - ok
20:23:42.0467 0x0bb0 [ 77C15D7E8F002A173EEBFF0B20CD697D, 72220E3AE71CDAC5E7341FF3F8294A01D3BA7B0BE14EB92B3E5D3EE22F2C65A9 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:23:42.0483 0x0bb0 HPWMISVC - ok
20:23:42.0545 0x0bb0 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:23:42.0608 0x0bb0 HTTP - ok
20:23:42.0623 0x0bb0 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:23:42.0639 0x0bb0 hwpolicy - ok
20:23:42.0701 0x0bb0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:23:42.0717 0x0bb0 i8042prt - ok
20:23:42.0748 0x0bb0 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:23:42.0764 0x0bb0 iaStor - ok
20:23:42.0811 0x0bb0 [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:23:42.0826 0x0bb0 IAStorDataMgrSvc - ok
20:23:42.0857 0x0bb0 [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:23:42.0889 0x0bb0 iaStorV - ok
20:23:42.0982 0x0bb0 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:23:42.0998 0x0bb0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:23:42.0998 0x0bb0 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:23:45.0525 0x0bb0 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:45.0587 0x0bb0 idsvc - ok
20:23:45.0899 0x0bb0 [ FBACBED7A37B3223822470FF1D8EA00F, 45E4A26E95F37DEF58BD8C49D70C0F2332E646878FEF35B4AF2DCED7451169DD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:23:46.0367 0x0bb0 igfx - ok
20:23:46.0399 0x0bb0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:23:46.0414 0x0bb0 iirsp - ok
20:23:46.0445 0x0bb0 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
20:23:46.0539 0x0bb0 IKEEXT - ok
20:23:46.0570 0x0bb0 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:23:46.0601 0x0bb0 Impcd - ok
20:23:46.0726 0x0bb0 [ E76FDFFF07F8A2FA81FF250DDA0F6BBA, 7CE8E2FDB87E401AFD36FB820794FC5F1F83C38E7CCD35EC5A975B20E6389693 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:23:46.0804 0x0bb0 IntcAzAudAddService - ok
20:23:46.0820 0x0bb0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:23:46.0835 0x0bb0 intelide - ok
20:23:47.0147 0x0bb0 [ FBACBED7A37B3223822470FF1D8EA00F, 45E4A26E95F37DEF58BD8C49D70C0F2332E646878FEF35B4AF2DCED7451169DD ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
20:23:47.0537 0x0bb0 intelkmd - ok
20:23:47.0600 0x0bb0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:23:47.0615 0x0bb0 intelppm - ok
20:23:47.0631 0x0bb0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:23:47.0662 0x0bb0 IPBusEnum - ok
20:23:47.0678 0x0bb0 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:47.0709 0x0bb0 IpFilterDriver - ok
20:23:47.0756 0x0bb0 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:23:47.0834 0x0bb0 iphlpsvc - ok
20:23:47.0834 0x0bb0 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:23:47.0849 0x0bb0 IPMIDRV - ok
20:23:47.0865 0x0bb0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:23:47.0912 0x0bb0 IPNAT - ok
20:23:47.0990 0x0bb0 [ 6BF622C46721CF6E2B35E868F319E6EB, 926D3C6334D8AF8A248A361D1F7C0A655835572ED8AC6F1D7932E1FA7A26B50A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:23:48.0021 0x0bb0 iPod Service - ok
20:23:48.0052 0x0bb0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:23:48.0052 0x0bb0 IRENUM - ok
20:23:48.0068 0x0bb0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:23:48.0083 0x0bb0 isapnp - ok
20:23:48.0099 0x0bb0 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:23:48.0115 0x0bb0 iScsiPrt - ok
20:23:48.0130 0x0bb0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:23:48.0130 0x0bb0 kbdclass - ok
20:23:48.0146 0x0bb0 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:23:48.0177 0x0bb0 kbdhid - ok
20:23:48.0193 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
20:23:48.0193 0x0bb0 KeyIso - ok
20:23:48.0239 0x0bb0 [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:23:48.0271 0x0bb0 kl1 - ok
20:23:48.0302 0x0bb0 [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt C:\Windows\system32\DRIVERS\klflt.sys
20:23:48.0317 0x0bb0 klflt - ok
20:23:48.0364 0x0bb0 [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:23:48.0411 0x0bb0 KLIF - ok
20:23:48.0442 0x0bb0 [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:23:48.0458 0x0bb0 KLIM6 - ok
20:23:48.0489 0x0bb0 [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:23:48.0489 0x0bb0 klkbdflt - ok
20:23:48.0505 0x0bb0 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:23:48.0505 0x0bb0 klmouflt - ok
20:23:48.0520 0x0bb0 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
20:23:48.0536 0x0bb0 klpd - ok
20:23:48.0536 0x0bb0 [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
20:23:48.0551 0x0bb0 kltdi - ok
20:23:48.0567 0x0bb0 [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:23:48.0583 0x0bb0 kneps - ok
20:23:48.0614 0x0bb0 [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:23:48.0629 0x0bb0 KSecDD - ok
20:23:48.0661 0x0bb0 [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:23:48.0661 0x0bb0 KSecPkg - ok
20:23:48.0692 0x0bb0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:23:48.0739 0x0bb0 ksthunk - ok
20:23:48.0770 0x0bb0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:23:48.0832 0x0bb0 KtmRm - ok
20:23:48.0879 0x0bb0 [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\System32\srvsvc.dll
20:23:48.0910 0x0bb0 LanmanServer - ok
20:23:48.0941 0x0bb0 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:48.0988 0x0bb0 LanmanWorkstation - ok
20:23:49.0035 0x0bb0 [ 7550D101BF49FDB1F92666A233EE36C4, 281EE6C9AAE0A3FDA8D0FE7CD6BA55C481B8719799A526601FEA0542345CAF18 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:23:49.0066 0x0bb0 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:23:49.0066 0x0bb0 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:23:51.0562 0x0bb0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:23:51.0625 0x0bb0 lltdio - ok
20:23:51.0640 0x0bb0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:23:51.0687 0x0bb0 lltdsvc - ok
20:23:51.0718 0x0bb0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:23:51.0749 0x0bb0 lmhosts - ok
20:23:51.0796 0x0bb0 [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:23:51.0827 0x0bb0 LMS - ok
20:23:51.0859 0x0bb0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:51.0874 0x0bb0 LSI_FC - ok
20:23:51.0874 0x0bb0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:51.0890 0x0bb0 LSI_SAS - ok
20:23:51.0905 0x0bb0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:51.0921 0x0bb0 LSI_SAS2 - ok
20:23:51.0937 0x0bb0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:51.0937 0x0bb0 LSI_SCSI - ok
20:23:51.0952 0x0bb0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:23:52.0015 0x0bb0 luafv - ok
20:23:52.0077 0x0bb0 [ 3D1516114F5B1548864D043177F992A6, 3733D5D51EA0DBFB24C408F1C48F8367CEE005EFCEC2860975D5EE2B4445ECF4 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
20:23:52.0077 0x0bb0 lxeaCATSCustConnectService - ok
20:23:52.0093 0x0bb0 lxea_device - ok
20:23:52.0124 0x0bb0 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:23:52.0139 0x0bb0 Mcx2Svc - ok
20:23:52.0155 0x0bb0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:23:52.0171 0x0bb0 megasas - ok
20:23:52.0186 0x0bb0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:52.0202 0x0bb0 MegaSR - ok
20:23:52.0217 0x0bb0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:23:52.0264 0x0bb0 MMCSS - ok
20:23:52.0280 0x0bb0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:23:52.0311 0x0bb0 Modem - ok
20:23:52.0327 0x0bb0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:23:52.0358 0x0bb0 monitor - ok
20:23:52.0373 0x0bb0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:23:52.0373 0x0bb0 mouclass - ok
20:23:52.0405 0x0bb0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:23:52.0420 0x0bb0 mouhid - ok
20:23:52.0436 0x0bb0 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:23:52.0451 0x0bb0 mountmgr - ok
20:23:52.0514 0x0bb0 [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:23:52.0514 0x0bb0 MozillaMaintenance - ok
20:23:52.0529 0x0bb0 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:23:52.0545 0x0bb0 mpio - ok
20:23:52.0561 0x0bb0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:23:52.0592 0x0bb0 mpsdrv - ok
20:23:52.0623 0x0bb0 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:23:52.0701 0x0bb0 MpsSvc - ok
20:23:52.0717 0x0bb0 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:23:52.0732 0x0bb0 MRxDAV - ok
20:23:52.0763 0x0bb0 [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:52.0795 0x0bb0 mrxsmb - ok
20:23:52.0810 0x0bb0 [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:52.0841 0x0bb0 mrxsmb10 - ok
20:23:52.0857 0x0bb0 [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:52.0888 0x0bb0 mrxsmb20 - ok
20:23:52.0904 0x0bb0 [ 5E939CF91EA4A841DBAFE4627E0292BB, C6C132215ABF7BE46BEC4222E4255CA210A972AC3C6E14B636BB291AC3243E8E ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:23:52.0919 0x0bb0 msahci - ok
20:23:52.0935 0x0bb0 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:23:52.0935 0x0bb0 msdsm - ok
20:23:52.0966 0x0bb0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:23:52.0966 0x0bb0 MSDTC - ok
20:23:52.0982 0x0bb0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:23:53.0013 0x0bb0 Msfs - ok
20:23:53.0044 0x0bb0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:23:53.0091 0x0bb0 mshidkmdf - ok
20:23:53.0091 0x0bb0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:23:53.0107 0x0bb0 msisadrv - ok
20:23:53.0138 0x0bb0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:23:53.0185 0x0bb0 MSiSCSI - ok
20:23:53.0185 0x0bb0 msiserver - ok
20:23:53.0200 0x0bb0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:23:53.0247 0x0bb0 MSKSSRV - ok
20:23:53.0263 0x0bb0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:53.0325 0x0bb0 MSPCLOCK - ok
20:23:53.0341 0x0bb0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:23:53.0387 0x0bb0 MSPQM - ok
20:23:53.0403 0x0bb0 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:23:53.0434 0x0bb0 MsRPC - ok
20:23:53.0450 0x0bb0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:23:53.0465 0x0bb0 mssmbios - ok
20:23:53.0481 0x0bb0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:23:53.0512 0x0bb0 MSTEE - ok
20:23:53.0528 0x0bb0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:53.0543 0x0bb0 MTConfig - ok
20:23:53.0575 0x0bb0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:23:53.0575 0x0bb0 Mup - ok
20:23:53.0606 0x0bb0 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
20:23:53.0668 0x0bb0 napagent - ok
20:23:53.0746 0x0bb0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:23:53.0793 0x0bb0 NativeWifiP - ok
20:23:53.0824 0x0bb0 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
20:23:53.0871 0x0bb0 NDIS - ok
20:23:53.0887 0x0bb0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:53.0918 0x0bb0 NdisCap - ok
20:23:53.0933 0x0bb0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:53.0980 0x0bb0 NdisTapi - ok
20:23:53.0980 0x0bb0 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:54.0027 0x0bb0 Ndisuio - ok
20:23:54.0043 0x0bb0 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:54.0074 0x0bb0 NdisWan - ok
20:23:54.0089 0x0bb0 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:23:54.0121 0x0bb0 NDProxy - ok
20:23:54.0167 0x0bb0 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
20:23:54.0167 0x0bb0 Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
20:23:54.0167 0x0bb0 Netaapl ( UnsignedFile.Multi.Generic ) - warning
20:23:56.0617 0x0bb0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:23:56.0648 0x0bb0 NetBIOS - ok
20:23:56.0663 0x0bb0 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:23:56.0726 0x0bb0 NetBT - ok
20:23:56.0726 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
20:23:56.0741 0x0bb0 Netlogon - ok
20:23:56.0773 0x0bb0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:23:56.0835 0x0bb0 Netman - ok
20:23:56.0851 0x0bb0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:23:56.0929 0x0bb0 netprofm - ok
20:23:56.0960 0x0bb0 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:56.0975 0x0bb0 NetTcpPortSharing - ok
20:23:57.0131 0x0bb0 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:23:57.0412 0x0bb0 netw5v64 - ok
20:23:57.0428 0x0bb0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:57.0443 0x0bb0 nfrd960 - ok
20:23:57.0475 0x0bb0 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
20:23:57.0537 0x0bb0 NlaSvc - ok
20:23:57.0553 0x0bb0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:23:57.0599 0x0bb0 Npfs - ok
20:23:57.0615 0x0bb0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:23:57.0662 0x0bb0 nsi - ok
20:23:57.0677 0x0bb0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:23:57.0724 0x0bb0 nsiproxy - ok
20:23:57.0818 0x0bb0 [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:23:57.0896 0x0bb0 Ntfs - ok
20:23:57.0911 0x0bb0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:23:57.0943 0x0bb0 Null - ok
20:23:57.0974 0x0bb0 [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:23:57.0989 0x0bb0 nvraid - ok
20:23:58.0005 0x0bb0 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:23:58.0021 0x0bb0 nvstor - ok
20:23:58.0036 0x0bb0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:23:58.0052 0x0bb0 nv_agp - ok
20:23:58.0067 0x0bb0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:23:58.0083 0x0bb0 ohci1394 - ok
20:23:58.0130 0x0bb0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:58.0145 0x0bb0 ose - ok
20:23:58.0317 0x0bb0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:23:58.0504 0x0bb0 osppsvc - ok
20:23:58.0520 0x0bb0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:23:58.0582 0x0bb0 p2pimsvc - ok
20:23:58.0598 0x0bb0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:23:58.0629 0x0bb0 p2psvc - ok
20:23:58.0645 0x0bb0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:23:58.0660 0x0bb0 Parport - ok
20:23:58.0691 0x0bb0 [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:23:58.0707 0x0bb0 partmgr - ok
20:23:58.0723 0x0bb0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
20:23:58.0754 0x0bb0 PcaSvc - ok
20:23:58.0816 0x0bb0 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
20:23:58.0832 0x0bb0 pci - ok
20:23:58.0863 0x0bb0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:23:58.0879 0x0bb0 pciide - ok
20:23:58.0894 0x0bb0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:58.0910 0x0bb0 pcmcia - ok
20:23:58.0925 0x0bb0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:23:58.0941 0x0bb0 pcw - ok
20:23:58.0972 0x0bb0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:23:59.0050 0x0bb0 PEAUTH - ok
20:23:59.0113 0x0bb0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:23:59.0191 0x0bb0 PerfHost - ok
20:23:59.0237 0x0bb0 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
20:23:59.0331 0x0bb0 pla - ok
20:23:59.0378 0x0bb0 [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:23:59.0440 0x0bb0 PlugPlay - ok
20:23:59.0471 0x0bb0 PnkBstrA - ok
20:23:59.0471 0x0bb0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:23:59.0503 0x0bb0 PNRPAutoReg - ok
20:23:59.0518 0x0bb0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:23:59.0534 0x0bb0 PNRPsvc - ok
20:23:59.0581 0x0bb0 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:23:59.0643 0x0bb0 PolicyAgent - ok
20:23:59.0659 0x0bb0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:23:59.0705 0x0bb0 Power - ok
20:23:59.0752 0x0bb0 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:23:59.0783 0x0bb0 PptpMiniport - ok
20:23:59.0815 0x0bb0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:23:59.0830 0x0bb0 Processor - ok
20:23:59.0877 0x0bb0 [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
20:23:59.0893 0x0bb0 ProfSvc - ok
20:23:59.0908 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:23:59.0908 0x0bb0 ProtectedStorage - ok
20:23:59.0939 0x0bb0 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:23:59.0971 0x0bb0 Psched - ok
20:24:00.0017 0x0bb0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:24:00.0095 0x0bb0 ql2300 - ok
20:24:00.0111 0x0bb0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:00.0111 0x0bb0 ql40xx - ok
20:24:00.0158 0x0bb0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:24:00.0173 0x0bb0 QWAVE - ok
20:24:00.0189 0x0bb0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:00.0205 0x0bb0 QWAVEdrv - ok
20:24:00.0220 0x0bb0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:00.0251 0x0bb0 RasAcd - ok
20:24:00.0283 0x0bb0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:00.0329 0x0bb0 RasAgileVpn - ok
20:24:00.0329 0x0bb0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:00.0376 0x0bb0 RasAuto - ok
20:24:00.0392 0x0bb0 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:00.0423 0x0bb0 Rasl2tp - ok
20:24:00.0454 0x0bb0 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
20:24:00.0501 0x0bb0 RasMan - ok
20:24:00.0532 0x0bb0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:00.0579 0x0bb0 RasPppoe - ok
20:24:00.0579 0x0bb0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:00.0626 0x0bb0 RasSstp - ok
20:24:00.0657 0x0bb0 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:00.0688 0x0bb0 rdbss - ok
20:24:00.0704 0x0bb0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:00.0719 0x0bb0 rdpbus - ok
20:24:00.0735 0x0bb0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:00.0766 0x0bb0 RDPCDD - ok
20:24:00.0782 0x0bb0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:00.0829 0x0bb0 RDPENCDD - ok
20:24:00.0844 0x0bb0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:24:00.0891 0x0bb0 RDPREFMP - ok
20:24:00.0922 0x0bb0 [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:00.0953 0x0bb0 RDPWD - ok
20:24:00.0969 0x0bb0 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:24:00.0985 0x0bb0 rdyboost - ok
20:24:01.0016 0x0bb0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:01.0063 0x0bb0 RemoteAccess - ok
20:24:01.0063 0x0bb0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:01.0109 0x0bb0 RemoteRegistry - ok
20:24:01.0141 0x0bb0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:24:01.0187 0x0bb0 RpcEptMapper - ok
20:24:01.0219 0x0bb0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:24:01.0219 0x0bb0 RpcLocator - ok
20:24:01.0250 0x0bb0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:01.0297 0x0bb0 RpcSs - ok
20:24:01.0312 0x0bb0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:01.0359 0x0bb0 rspndr - ok
20:24:01.0437 0x0bb0 [ 483DF0B58CA532E5240E59DC41F30AA2, 3A5AC91E5B57B671072A40F38DA1F804ECDE30FB4D9042FB3FE7B7CA10C0D0BC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:24:01.0453 0x0bb0 RSUSBSTOR - ok
20:24:01.0499 0x0bb0 [ 20A466B9EA2BD828C0EC723F99B8CFE7, E05AD3C273EC1D3EB2257E565775AB2FE5C797777FCF90FDB714979F8D78C514 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:24:01.0499 0x0bb0 RTL8167 - ok
20:24:01.0546 0x0bb0 [ FEBFB5730E12F62CA38F86A066E7348D, EA0DFFB97FFEA52279B8498E0FB9E4B0CFE854922664FE52483CA9BCEA853031 ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:24:01.0577 0x0bb0 RtVOsdService - detected UnsignedFile.Multi.Generic ( 1 )
20:24:01.0577 0x0bb0 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
20:24:01.0577 0x0bb0 Force sending object to P2P due to detect: C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:24:04.0167 0x0bb0 Object send P2P result: true
20:24:06.0632 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
20:24:06.0632 0x0bb0 SamSs - ok
20:24:06.0647 0x0bb0 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:06.0663 0x0bb0 sbp2port - ok
20:24:06.0679 0x0bb0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:06.0710 0x0bb0 SCardSvr - ok
20:24:06.0725 0x0bb0 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:24:06.0788 0x0bb0 scfilter - ok
20:24:06.0850 0x0bb0 [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
20:24:06.0913 0x0bb0 Schedule - ok
20:24:06.0928 0x0bb0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:06.0959 0x0bb0 SCPolicySvc - ok
20:24:06.0975 0x0bb0 [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:24:06.0991 0x0bb0 sdbus - ok
20:24:07.0006 0x0bb0 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:07.0037 0x0bb0 SDRSVC - ok
20:24:07.0069 0x0bb0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:07.0100 0x0bb0 secdrv - ok
20:24:07.0115 0x0bb0 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
20:24:07.0162 0x0bb0 seclogon - ok
20:24:07.0193 0x0bb0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
20:24:07.0240 0x0bb0 SENS - ok
20:24:07.0271 0x0bb0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:24:07.0303 0x0bb0 SensrSvc - ok
20:24:07.0318 0x0bb0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:24:07.0318 0x0bb0 Serenum - ok
20:24:07.0334 0x0bb0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:24:07.0365 0x0bb0 Serial - ok
20:24:07.0365 0x0bb0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:24:07.0381 0x0bb0 sermouse - ok
20:24:07.0412 0x0bb0 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:07.0443 0x0bb0 SessionEnv - ok
20:24:07.0459 0x0bb0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:07.0490 0x0bb0 sffdisk - ok
20:24:07.0552 0x0bb0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:07.0568 0x0bb0 sffp_mmc - ok
20:24:07.0583 0x0bb0 [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:07.0599 0x0bb0 sffp_sd - ok
20:24:07.0615 0x0bb0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:07.0630 0x0bb0 sfloppy - ok
20:24:07.0677 0x0bb0 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:24:07.0724 0x0bb0 Sftfs - ok
20:24:07.0802 0x0bb0 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:24:07.0833 0x0bb0 sftlist - ok
20:24:07.0880 0x0bb0 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:24:07.0895 0x0bb0 Sftplay - ok
20:24:07.0911 0x0bb0 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:24:07.0927 0x0bb0 Sftredir - ok
20:24:07.0942 0x0bb0 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:24:07.0942 0x0bb0 Sftvol - ok
20:24:07.0989 0x0bb0 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:24:08.0005 0x0bb0 sftvsa - ok
20:24:08.0036 0x0bb0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:08.0098 0x0bb0 SharedAccess - ok
20:24:08.0129 0x0bb0 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:08.0176 0x0bb0 ShellHWDetection - ok
20:24:08.0192 0x0bb0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:08.0207 0x0bb0 SiSRaid2 - ok
20:24:08.0223 0x0bb0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:08.0239 0x0bb0 SiSRaid4 - ok
20:24:08.0301 0x0bb0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:08.0317 0x0bb0 SkypeUpdate - ok
20:24:08.0348 0x0bb0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:08.0395 0x0bb0 Smb - ok
20:24:08.0426 0x0bb0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:08.0441 0x0bb0 SNMPTRAP - ok
20:24:08.0457 0x0bb0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:08.0457 0x0bb0 spldr - ok
20:24:08.0519 0x0bb0 [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
20:24:08.0566 0x0bb0 Spooler - ok
20:24:08.0675 0x0bb0 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
20:24:08.0831 0x0bb0 sppsvc - ok
20:24:08.0847 0x0bb0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:24:08.0878 0x0bb0 sppuinotify - ok
20:24:08.0894 0x0bb0 sptd - ok
20:24:08.0941 0x0bb0 [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:08.0987 0x0bb0 srv - ok
20:24:09.0034 0x0bb0 [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:09.0081 0x0bb0 srv2 - ok
20:24:09.0112 0x0bb0 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:24:09.0128 0x0bb0 SrvHsfHDA - ok
20:24:09.0190 0x0bb0 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:24:09.0268 0x0bb0 SrvHsfV92 - ok
20:24:09.0299 0x0bb0 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:24:09.0346 0x0bb0 SrvHsfWinac - ok
20:24:09.0377 0x0bb0 [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:09.0409 0x0bb0 srvnet - ok
20:24:09.0424 0x0bb0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:09.0471 0x0bb0 SSDPSRV - ok
20:24:09.0487 0x0bb0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:09.0533 0x0bb0 SstpSvc - ok
20:24:09.0596 0x0bb0 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:24:09.0830 0x0bb0 Steam Client Service - ok
20:24:09.0845 0x0bb0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:24:09.0861 0x0bb0 stexstor - ok
20:24:09.0908 0x0bb0 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
20:24:09.0939 0x0bb0 stisvc - ok
20:24:09.0955 0x0bb0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:24:09.0970 0x0bb0 swenum - ok
20:24:10.0001 0x0bb0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:24:10.0048 0x0bb0 swprv - ok
20:24:10.0111 0x0bb0 [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:24:10.0126 0x0bb0 SynTP - ok
20:24:10.0189 0x0bb0 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
20:24:10.0298 0x0bb0 SysMain - ok
20:24:10.0313 0x0bb0 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:10.0345 0x0bb0 TabletInputService - ok
20:24:10.0360 0x0bb0 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:10.0423 0x0bb0 TapiSrv - ok
20:24:10.0438 0x0bb0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:24:10.0469 0x0bb0 TBS - ok
20:24:10.0563 0x0bb0 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:10.0641 0x0bb0 Tcpip - ok
20:24:10.0703 0x0bb0 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:10.0750 0x0bb0 TCPIP6 - ok
20:24:10.0766 0x0bb0 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:10.0813 0x0bb0 tcpipreg - ok
20:24:10.0813 0x0bb0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:10.0844 0x0bb0 TDPIPE - ok
20:24:10.0875 0x0bb0 [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:10.0906 0x0bb0 TDTCP - ok
20:24:10.0922 0x0bb0 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:10.0969 0x0bb0 tdx - ok
20:24:11.0000 0x0bb0 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:24:11.0000 0x0bb0 TermDD - ok
20:24:11.0031 0x0bb0 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
20:24:11.0109 0x0bb0 TermService - ok
20:24:11.0125 0x0bb0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:24:11.0140 0x0bb0 Themes - ok
20:24:11.0156 0x0bb0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:11.0187 0x0bb0 THREADORDER - ok
20:24:11.0203 0x0bb0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:24:11.0249 0x0bb0 TrkWks - ok
20:24:11.0281 0x0bb0 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:11.0312 0x0bb0 TrustedInstaller - ok
20:24:11.0327 0x0bb0 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:11.0374 0x0bb0 tssecsrv - ok
20:24:11.0405 0x0bb0 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:11.0452 0x0bb0 tunnel - ok
20:24:11.0468 0x0bb0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:24:11.0468 0x0bb0 uagp35 - ok
20:24:11.0499 0x0bb0 [ C06E6F4679CEB8F430B90A51D76D8D3C, A403592780F75425F40F8E443EBE83CEF9FA8A20EB9597FBFF691298CE323B57 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:11.0530 0x0bb0 udfs - ok
20:24:11.0546 0x0bb0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:11.0561 0x0bb0 UI0Detect - ok
20:24:11.0577 0x0bb0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:11.0593 0x0bb0 uliagpkx - ok
20:24:11.0608 0x0bb0 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:24:11.0639 0x0bb0 umbus - ok
20:24:11.0639 0x0bb0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:24:11.0655 0x0bb0 UmPass - ok
20:24:11.0764 0x0bb0 [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:24:11.0858 0x0bb0 UNS - ok
20:24:11.0889 0x0bb0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:24:11.0936 0x0bb0 upnphost - ok
20:24:11.0967 0x0bb0 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:24:11.0998 0x0bb0 USBAAPL64 - ok
20:24:12.0014 0x0bb0 [ 537A4E03D7103C12D42DFD8FFDB5BDC9, 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:12.0061 0x0bb0 usbccgp - ok
20:24:12.0076 0x0bb0 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:24:12.0107 0x0bb0 usbcir - ok
20:24:12.0123 0x0bb0 [ FBB21EBE49F6D560DB37AC25FBC68E66, 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:24:12.0139 0x0bb0 usbehci - ok
20:24:12.0185 0x0bb0 [ 6B7A8A99C4A459E73C286A6763EA24CC, 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:12.0201 0x0bb0 usbhub - ok
20:24:12.0232 0x0bb0 [ 8C88AA7617B4CBC2E4BED61D26B33A27, 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:24:12.0232 0x0bb0 usbohci - ok
20:24:12.0263 0x0bb0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:12.0263 0x0bb0 usbprint - ok
20:24:12.0310 0x0bb0 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:12.0310 0x0bb0 usbscan - ok
20:24:12.0341 0x0bb0 [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:12.0373 0x0bb0 USBSTOR - ok
20:24:12.0388 0x0bb0 [ 0B5B3B2DF3FD1709618ACFA50B8392B0, 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:24:12.0404 0x0bb0 usbuhci - ok
20:24:12.0435 0x0bb0 [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:24:12.0466 0x0bb0 usbvideo - ok
20:24:12.0497 0x0bb0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:24:12.0529 0x0bb0 UxSms - ok
20:24:12.0529 0x0bb0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
20:24:12.0544 0x0bb0 VaultSvc - ok
20:24:12.0575 0x0bb0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:12.0575 0x0bb0 vdrvroot - ok
20:24:12.0622 0x0bb0 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
20:24:12.0653 0x0bb0 vds - ok
20:24:12.0653 0x0bb0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:12.0669 0x0bb0 vga - ok
20:24:12.0685 0x0bb0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:12.0716 0x0bb0 VgaSave - ok
20:24:12.0731 0x0bb0 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:12.0747 0x0bb0 vhdmp - ok
20:24:12.0763 0x0bb0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:24:12.0778 0x0bb0 viaide - ok
20:24:12.0778 0x0bb0 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:24:12.0794 0x0bb0 volmgr - ok
20:24:12.0809 0x0bb0 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:12.0841 0x0bb0 volmgrx - ok
20:24:12.0856 0x0bb0 [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:24:12.0872 0x0bb0 volsnap - ok
20:24:12.0887 0x0bb0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:12.0903 0x0bb0 vsmraid - ok
20:24:12.0965 0x0bb0 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
20:24:13.0059 0x0bb0 VSS - ok
20:24:13.0059 0x0bb0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:13.0075 0x0bb0 vwifibus - ok
20:24:13.0106 0x0bb0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:13.0137 0x0bb0 vwififlt - ok
20:24:13.0168 0x0bb0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:13.0184 0x0bb0 vwifimp - ok
20:24:13.0199 0x0bb0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:24:13.0262 0x0bb0 W32Time - ok
20:24:13.0277 0x0bb0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:24:13.0293 0x0bb0 WacomPen - ok
20:24:13.0324 0x0bb0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:24:13.0371 0x0bb0 WANARP - ok
20:24:13.0387 0x0bb0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:13.0418 0x0bb0 Wanarpv6 - ok
20:24:13.0511 0x0bb0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:13.0558 0x0bb0 WatAdminSvc - ok
20:24:13.0621 0x0bb0 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
20:24:13.0714 0x0bb0 wbengine - ok
20:24:13.0730 0x0bb0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:24:13.0745 0x0bb0 WbioSrvc - ok
20:24:13.0792 0x0bb0 [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:13.0839 0x0bb0 wcncsvc - ok
20:24:13.0839 0x0bb0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:13.0870 0x0bb0 WcsPlugInService - ok
20:24:13.0870 0x0bb0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:24:13.0886 0x0bb0 Wd - ok
20:24:13.0933 0x0bb0 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:13.0979 0x0bb0 Wdf01000 - ok
20:24:13.0995 0x0bb0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:14.0026 0x0bb0 WdiServiceHost - ok
20:24:14.0026 0x0bb0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:14.0042 0x0bb0 WdiSystemHost - ok
20:24:14.0089 0x0bb0 [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
20:24:14.0135 0x0bb0 WebClient - ok
20:24:14.0167 0x0bb0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:14.0198 0x0bb0 Wecsvc - ok
20:24:14.0213 0x0bb0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:14.0260 0x0bb0 wercplsupport - ok
20:24:14.0291 0x0bb0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:14.0323 0x0bb0 WerSvc - ok
20:24:14.0338 0x0bb0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:14.0369 0x0bb0 WfpLwf - ok
20:24:14.0385 0x0bb0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:24:14.0401 0x0bb0 WIMMount - ok
20:24:14.0401 0x0bb0 WinDefend - ok
20:24:14.0401 0x0bb0 WinHttpAutoProxySvc - ok
20:24:14.0463 0x0bb0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:14.0510 0x0bb0 Winmgmt - ok
20:24:14.0588 0x0bb0 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:14.0697 0x0bb0 WinRM - ok
20:24:14.0759 0x0bb0 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:14.0759 0x0bb0 WinUsb - ok
20:24:14.0791 0x0bb0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:14.0853 0x0bb0 Wlansvc - ok
20:24:14.0962 0x0bb0 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:15.0040 0x0bb0 wlidsvc - ok
20:24:15.0071 0x0bb0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:15.0071 0x0bb0 WmiAcpi - ok
20:24:15.0103 0x0bb0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:15.0134 0x0bb0 wmiApSrv - ok
20:24:15.0149 0x0bb0 WMPNetworkSvc - ok
20:24:15.0165 0x0bb0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:15.0181 0x0bb0 WPCSvc - ok
20:24:15.0196 0x0bb0 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:15.0243 0x0bb0 WPDBusEnum - ok
20:24:15.0259 0x0bb0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:15.0290 0x0bb0 ws2ifsl - ok
20:24:15.0337 0x0bb0 [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\system32\wscsvc.dll
20:24:15.0352 0x0bb0 wscsvc - ok
20:24:15.0383 0x0bb0 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:24:15.0399 0x0bb0 WSDPrintDevice - ok
20:24:15.0399 0x0bb0 WSearch - ok
20:24:15.0493 0x0bb0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:15.0586 0x0bb0 wuauserv - ok
20:24:15.0617 0x0bb0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:24:15.0633 0x0bb0 WudfPf - ok
20:24:15.0664 0x0bb0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:15.0680 0x0bb0 WUDFRd - ok
20:24:15.0711 0x0bb0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:15.0742 0x0bb0 wudfsvc - ok
20:24:15.0758 0x0bb0 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:24:15.0836 0x0bb0 WwanSvc - ok
20:24:15.0867 0x0bb0 [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:24:15.0898 0x0bb0 yukonw7 - ok
20:24:15.0929 0x0bb0 ================ Scan global ===============================
20:24:15.0945 0x0bb0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:24:15.0976 0x0bb0 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
20:24:15.0992 0x0bb0 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
20:24:16.0023 0x0bb0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:24:16.0054 0x0bb0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:24:16.0070 0x0bb0 [ Global ] - ok
20:24:16.0070 0x0bb0 ================ Scan MBR ==================================
20:24:16.0070 0x0bb0 [ DCD773646563E45773D89BEA0FDE2F6E ] \Device\Harddisk0\DR0
20:24:16.0351 0x0bb0 \Device\Harddisk0\DR0 - ok
20:24:16.0351 0x0bb0 ================ Scan VBR ==================================
20:24:16.0351 0x0bb0 [ E169A7A9281D8BAE83FED431A937F8EF ] \Device\Harddisk0\DR0\Partition1
20:24:16.0366 0x0bb0 \Device\Harddisk0\DR0\Partition1 - ok
20:24:16.0366 0x0bb0 [ B3C58A5C45819F8A72BD5592FB56B265 ] \Device\Harddisk0\DR0\Partition2
20:24:16.0366 0x0bb0 \Device\Harddisk0\DR0\Partition2 - ok
20:24:16.0366 0x0bb0 [ 39F2AE77BBB31D7E1E483EA414923652 ] \Device\Harddisk0\DR0\Partition3
20:24:16.0366 0x0bb0 \Device\Harddisk0\DR0\Partition3 - ok
20:24:16.0366 0x0bb0 [ EDE82142A57D067DA47D7F9B471E21B0 ] \Device\Harddisk0\DR0\Partition4
20:24:16.0366 0x0bb0 \Device\Harddisk0\DR0\Partition4 - ok
20:24:16.0413 0x0bb0 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
20:24:16.0429 0x0bb0 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
20:24:18.0862 0x0bb0 ============================================================
20:24:18.0862 0x0bb0 Scan finished
20:24:18.0862 0x0bb0 ============================================================
20:24:18.0862 0x0ba8 Detected object count: 6
20:24:18.0862 0x0ba8 Actual detected object count: 6
20:24:32.0029 0x0ba8 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0029 0x0ba8 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:32.0029 0x0ba8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0029 0x0ba8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:32.0029 0x0ba8 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0029 0x0ba8 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:32.0029 0x0ba8 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0029 0x0ba8 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:32.0029 0x0ba8 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0029 0x0ba8 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:32.0044 0x0ba8 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:32.0044 0x0ba8 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:39.0595 0x0b68 Deinitialize success
|
|
26.05.2014, 19:13
| #4 |
| /// the machine /// TB-Ausbilder | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.05.2014, 20:08
| #5 |
| | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Hallo, hab Combofix durchlaufen lassen, hier der log: Code:
ATTFilter Combofix Logfile:  wenns jetzt dann zu kompliziert/umständlich wird, könnt ich meine daten auch im abgesicherten modus auf meine externe festplatte ziehen und dann auf werkeinstellungen zurücksetzen. mfg Paul |
|
27.05.2014, 18:09
| #6 |
| /// the machine /// TB-Ausbilder | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. |
|
27.05.2014, 19:08
| #7 |
| | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Hi, Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.05.2014 Suchlauf-Zeit: 19:37:19 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.27.07 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Paul Roters Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 318008 Verstrichene Zeit: 6 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 27/05/2014 um 19:48:16
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Paul Roters - PAULROTERS-HP
# Gestartet von : C:\Users\Paul Roters\Desktop\Trojanboard\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3049 octets] - [25/05/2014 17:10:07]
AdwCleaner[R1].txt - [1102 octets] - [27/05/2014 19:47:42]
AdwCleaner[S0].txt - [2886 octets] - [25/05/2014 17:14:50]
AdwCleaner[S1].txt - [1024 octets] - [27/05/2014 19:48:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1084 octets] ##########
hier der FRST log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01 Ran by Paul Roters (administrator) on PAULROTERS-HP on 27-05-2014 20:00:02 Running from C:\Users\Paul Roters\Desktop\Trojanboard Platform: Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe [243544 2010-04-13] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation) HKLM-x32\...\Runonce: [] - [X] HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company) HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1499898754-2157105081-680754646-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S1].txt [1164 2014-05-27] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {44D3E627-AA97-4372-B2E2-DC8AA6652F9E} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {F689CB8A-6ABA-4A84-BBEA-8EF4C776BE26} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default FF NewTab: user_pref("browser.newtab.url", ""); FF SearchEngineOrder.1: Search Gol FF Homepage: about:home FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: YouTube High Definition - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-03-15] FF Extension: Web Developer - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-04-20] FF Extension: Adblock Plus - C:\Users\Paul Roters\AppData\Roaming\Mozilla\Firefox\Profiles\4gq2mnpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-03] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010-10-12] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-25] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-25] ==================== Services (Whitelisted) ================= S2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S4 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S4 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( ) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-28] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-25] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-19] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-20] (Kaspersky Lab ZAO) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-05-21] (Duplex Secure Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-27 19:59 - 2014-05-27 19:59 - 01016261 _____ (Thisisu) C:\Users\Paul Roters\Desktop\JRT.exe 2014-05-27 19:46 - 2014-05-27 19:46 - 00001149 _____ () C:\Users\Paul Roters\Desktop\mbam.txt 2014-05-26 21:02 - 2014-05-26 21:02 - 00026548 _____ () C:\Users\Paul Roters\Desktop\Combofix.txt 2014-05-26 20:56 - 2014-05-26 20:56 - 00026548 _____ () C:\ComboFix.txt 2014-05-25 20:21 - 2014-05-25 20:21 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\Paul Roters\Desktop\tdsskiller.exe 2014-05-25 20:04 - 2014-05-25 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-25 20:03 - 2014-05-25 20:13 - 00000000 ____D () C:\Users\Paul Roters\Desktop\mbar 2014-05-25 20:02 - 2014-05-25 20:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paul Roters\Desktop\mbar-1.07.0.1009.exe 2014-05-25 18:59 - 2014-05-25 18:59 - 00000020 _____ () C:\Users\Paul Roters\defogger_reenable 2014-05-25 18:45 - 2014-05-27 20:00 - 00000000 ____D () C:\FRST 2014-05-25 18:44 - 2014-05-27 20:00 - 00000000 ____D () C:\Users\Paul Roters\Desktop\Trojanboard 2014-05-25 18:44 - 2014-05-25 18:45 - 00099616 _____ () C:\Users\Paul Roters\Desktop\Extras.Txt 2014-05-25 18:44 - 2014-05-25 18:44 - 00103256 _____ () C:\Users\Paul Roters\Desktop\OTL.Txt 2014-05-25 18:40 - 2014-05-25 18:40 - 00602112 _____ (OldTimer Tools) C:\Users\Paul Roters\Desktop\OTL.exe 2014-05-25 17:52 - 2014-05-25 17:52 - 00860104 _____ () C:\Users\Paul Roters\Desktop\401539_intl_x64_zip.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 02347384 _____ (ESET) C:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-25 17:31 - 2014-05-25 17:32 - 231785784 _____ (Emsisoft GmbH ) C:\Users\Paul Roters\Desktop\EmsisoftAntiMalwareSetup.exe 2014-05-25 17:10 - 2014-05-27 19:48 - 00000000 ____D () C:\AdwCleaner 2014-05-25 16:52 - 2014-05-27 19:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-25 16:52 - 2014-05-27 19:34 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-25 16:52 - 2014-05-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-25 16:52 - 2014-05-27 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-25 16:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-25 16:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-25 16:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-25 16:51 - 2014-05-25 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul Roters\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-25 16:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-25 16:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-25 16:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-25 16:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-25 16:28 - 2014-05-26 20:56 - 00000000 ____D () C:\Qoobox 2014-05-25 16:27 - 2014-05-25 18:12 - 00000000 ____D () C:\Windows\erdnt 2014-05-25 16:26 - 2014-05-26 20:46 - 05200919 ____R (Swearware) C:\Users\Paul Roters\Desktop\ComboFix.exe 2014-05-24 23:07 - 2014-05-24 23:07 - 00000000 _____ () C:\Windows\SysWOW64\sho9BD8.tmp 2014-05-16 16:53 - 2014-05-16 16:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-16 16:53 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\Program Files\iTunes 2014-05-16 16:52 - 2014-05-16 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-16 16:52 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iPod 2014-05-11 13:18 - 2014-05-11 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 22:48 - 2014-05-07 22:48 - 00013768 _____ () C:\Users\Paul Roters\Downloads\HanDOUt.odt 2014-05-07 22:25 - 2014-05-07 23:07 - 00027472 _____ () C:\Users\Paul Roters\Downloads\englisch handout.odt 2014-05-06 20:05 - 2014-05-06 20:05 - 00001010 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse 2014-05-06 19:59 - 2014-05-06 19:59 - 00689946 _____ (Remote Mouse ) C:\Users\Paul Roters\Downloads\RemoteMouse.exe 2014-05-05 20:11 - 2014-05-07 20:15 - 34468898 _____ () C:\Users\Paul Roters\Desktop\Englisch.odp 2014-05-02 23:52 - 2014-05-02 23:52 - 00000000 _____ () C:\Windows\SysWOW64\sho4E96.tmp 2014-04-29 08:59 - 2014-05-05 19:08 - 11812058 _____ () C:\Users\Paul Roters\Desktop\caribbean culture.odp 2014-04-29 08:22 - 2011-02-19 08:37 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-04-28 19:35 - 2014-04-28 19:35 - 03822704 _____ () C:\Users\Paul Roters\Downloads\battlelog-web-plugins_2.3.2_133.exe ==================== One Month Modified Files and Folders ======= 2014-05-27 20:00 - 2014-05-25 18:45 - 00000000 ____D () C:\FRST 2014-05-27 20:00 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Paul Roters\Desktop\Trojanboard 2014-05-27 20:00 - 2013-04-20 20:39 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\NetSpeedMonitor 2014-05-27 19:59 - 2014-05-27 19:59 - 01016261 _____ (Thisisu) C:\Users\Paul Roters\Desktop\JRT.exe 2014-05-27 19:53 - 2013-03-24 19:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-27 19:50 - 2013-03-24 18:37 - 00236760 _____ () C:\Windows\PFRO.log 2014-05-27 19:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-27 19:49 - 2009-07-14 06:51 - 00102708 _____ () C:\Windows\setupact.log 2014-05-27 19:48 - 2014-05-25 17:10 - 00000000 ____D () C:\AdwCleaner 2014-05-27 19:46 - 2014-05-27 19:46 - 00001149 _____ () C:\Users\Paul Roters\Desktop\mbam.txt 2014-05-27 19:35 - 2014-05-25 16:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-27 19:34 - 2014-05-25 16:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-27 19:34 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 19:34 - 2014-05-25 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-26 21:02 - 2014-05-26 21:02 - 00026548 _____ () C:\Users\Paul Roters\Desktop\Combofix.txt 2014-05-26 20:56 - 2014-05-26 20:56 - 00026548 _____ () C:\ComboFix.txt 2014-05-26 20:56 - 2014-05-25 16:28 - 00000000 ____D () C:\Qoobox 2014-05-26 20:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-26 20:46 - 2014-05-25 16:26 - 05200919 ____R (Swearware) C:\Users\Paul Roters\Desktop\ComboFix.exe 2014-05-25 23:17 - 2013-03-25 04:35 - 00000000 ____D () C:\ProgramData\Recovery 2014-05-25 20:21 - 2014-05-25 20:21 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\Paul Roters\Desktop\tdsskiller.exe 2014-05-25 20:13 - 2014-05-25 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-25 20:13 - 2014-05-25 20:03 - 00000000 ____D () C:\Users\Paul Roters\Desktop\mbar 2014-05-25 20:02 - 2014-05-25 20:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paul Roters\Desktop\mbar-1.07.0.1009.exe 2014-05-25 18:59 - 2014-05-25 18:59 - 00000020 _____ () C:\Users\Paul Roters\defogger_reenable 2014-05-25 18:59 - 2013-03-24 18:46 - 00000000 ____D () C:\Users\Paul Roters 2014-05-25 18:45 - 2014-05-25 18:44 - 00099616 _____ () C:\Users\Paul Roters\Desktop\Extras.Txt 2014-05-25 18:44 - 2014-05-25 18:44 - 00103256 _____ () C:\Users\Paul Roters\Desktop\OTL.Txt 2014-05-25 18:40 - 2014-05-25 18:40 - 00602112 _____ (OldTimer Tools) C:\Users\Paul Roters\Desktop\OTL.exe 2014-05-25 18:32 - 2010-10-12 12:03 - 01483822 _____ () C:\Windows\WindowsUpdate.log 2014-05-25 18:12 - 2014-05-25 16:27 - 00000000 ____D () C:\Windows\erdnt 2014-05-25 17:52 - 2014-05-25 17:52 - 00860104 _____ () C:\Users\Paul Roters\Desktop\401539_intl_x64_zip.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 02347384 _____ (ESET) C:\Users\Paul Roters\Desktop\esetsmartinstaller_deu.exe 2014-05-25 17:37 - 2014-05-25 17:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-25 17:32 - 2014-05-25 17:31 - 231785784 _____ (Emsisoft GmbH ) C:\Users\Paul Roters\Desktop\EmsisoftAntiMalwareSetup.exe 2014-05-25 16:52 - 2014-05-25 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-25 16:51 - 2014-05-25 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul Roters\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-25 16:17 - 2013-03-24 20:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-25 15:59 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-24 23:07 - 2014-05-24 23:07 - 00000000 _____ () C:\Windows\SysWOW64\sho9BD8.tmp 2014-05-24 22:01 - 2014-01-24 16:44 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForPaul Roters.job 2014-05-24 17:55 - 2013-03-24 19:47 - 00000000 ____D () C:\ProgramData\Origin 2014-05-24 17:21 - 2013-03-24 20:45 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-05-24 17:21 - 2013-03-24 20:37 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-05-24 17:20 - 2013-03-24 20:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-05-24 16:26 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 16:26 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 16:19 - 2013-03-24 19:47 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-24 16:18 - 2014-03-05 23:21 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-24 16:15 - 2013-09-02 19:19 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\Skype 2014-05-23 15:09 - 2013-04-05 10:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-23 15:09 - 2013-03-29 13:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-05-20 20:42 - 2014-02-27 19:33 - 00000000 ____D () C:\Users\Paul Roters\Documents\Aufsicht 2014-05-20 16:28 - 2013-04-12 18:59 - 00036472 _____ () C:\ProgramData\lxeascan.log 2014-05-20 16:25 - 2013-04-12 19:22 - 00000000 ____D () C:\ProgramData\Lx_cats 2014-05-19 21:08 - 2010-07-20 23:46 - 01111210 _____ () C:\Windows\system32\perfh007.dat 2014-05-19 21:08 - 2010-07-20 23:46 - 00275056 _____ () C:\Windows\system32\perfc007.dat 2014-05-19 21:08 - 2009-07-14 07:13 - 00005414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-16 16:53 - 2014-05-16 16:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-05-16 16:53 - 2014-05-16 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iTunes 2014-05-16 16:53 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-16 16:52 - 2014-05-16 16:52 - 00000000 ____D () C:\Program Files\iPod 2014-05-15 19:05 - 2013-08-05 13:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:49 - 2013-04-21 10:58 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 20:56 - 2013-08-02 11:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 20:56 - 2013-03-24 20:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 20:56 - 2013-03-24 20:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 14:41 - 2013-03-24 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-12 07:26 - 2014-05-25 16:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-25 16:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-25 16:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 13:18 - 2014-05-11 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 16:01 - 2014-01-24 16:44 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPaul Roters 2014-05-08 18:40 - 2013-03-24 18:49 - 00111728 _____ () C:\Users\Paul Roters\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-07 23:13 - 2013-07-31 00:15 - 00000000 ____D () C:\Users\Paul Roters\AppData\Roaming\SoftGrid Client 2014-05-07 23:07 - 2014-05-07 22:25 - 00027472 _____ () C:\Users\Paul Roters\Downloads\englisch handout.odt 2014-05-07 22:48 - 2014-05-07 22:48 - 00013768 _____ () C:\Users\Paul Roters\Downloads\HanDOUt.odt 2014-05-07 20:15 - 2014-05-05 20:11 - 34468898 _____ () C:\Users\Paul Roters\Desktop\Englisch.odp 2014-05-06 20:05 - 2014-05-06 20:05 - 00001010 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse 2014-05-06 20:05 - 2014-05-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse 2014-05-06 19:59 - 2014-05-06 19:59 - 00689946 _____ (Remote Mouse ) C:\Users\Paul Roters\Downloads\RemoteMouse.exe 2014-05-05 19:08 - 2014-04-29 08:59 - 11812058 _____ () C:\Users\Paul Roters\Desktop\caribbean culture.odp 2014-05-02 23:52 - 2014-05-02 23:52 - 00000000 _____ () C:\Windows\SysWOW64\sho4E96.tmp 2014-04-29 08:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-28 19:36 - 2013-03-24 19:48 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-04-28 19:35 - 2014-04-28 19:35 - 03822704 _____ () C:\Users\Paul Roters\Downloads\battlelog-web-plugins_2.3.2_133.exe Some content of TEMP: ==================== C:\Users\Paul Roters\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 15:45 ==================== End Of Log ============================ Junkware hat irgendwie nicht funktioniert. nach öffnen (als Admin) kam nur der/die/das leere cmd feld und auch nach enter/leertaste/... drücken nichts neues... wäre echt froh über eine einschätzung, wie lang es noch ca dauern wird, da ich meinen laptop jetzt wieder für die schule (Präsentationen, Filme schneiden...) bräuchte. Aber weiterhin natürlich vielen dank für die Hilfe! mfg Paul |
|
28.05.2014, 12:08
| #8 |
| /// the machine /// TB-Ausbilder | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2014, 22:26
| #9 |
| | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Also, ESET hat beim aktualisieren gemeckert (trotz mehrmaligen neu runterladen, vielen versuchen, als admin ausführen...). Hab mich dann spontan entschieden, neu aufzusetzen und jetzt läuft alles wieder perfekt. trotzdem danke für die hilfe! mfg Paul |
|
29.05.2014, 21:05
| #10 |
| /// the machine /// TB-Ausbilder | Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten. |
| association, avp, branding, combofix, converter, defender, desktop, device driver, dvdvideosoft ltd., ebanking, fehler, firefox, flash player, ftp, google, home, homepage, iexplore.exe, kaspersky, mozilla, mp3, newtab, realtek, registry, security, software, starten, svchost.exe, tower, trojaner, vista, werkeinstellungen, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
