| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Dropper- und Trojanerfund durch avast und malware bytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2014, 23:38
| #1 |
| |  Dropper- und Trojanerfund durch avast und malware bytes Durch einen Routine Check auf diese Plagegeister gestoßen. Malwarebytes hat eher Böses gefunden. Ich habe mich schon informiert und ahne schon schlimmstes, hoffentlich wurde kein Backdoor eingerichtet  Naja hier ist mal der Malwarebytes log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.07.2014 Suchlauf-Zeit: 23:36:04 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.04.11 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ......... Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 291663 Verstrichene Zeit: 9 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 7 PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RI8KEYA.exe, In Quarantäne, [8308574443381620bc32b6df58a94cb4], PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RL774X2.exe, In Quarantäne, [6823f9a283f85dd9d11df3a23bc645bb], PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RP3X9CS.exe, In Quarantäne, [216ab0ebe596c76fde10365f3fc201ff], PUP.Optional.OutBrowse, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RW4C5HA.exe, In Quarantäne, [2962900b2b5078beeb85cccb07faf709], PUP.Optional.Outbrowse, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RYWT5UW.exe, In Quarantäne, [66250b907dfe3402088496aa29d9f010], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RBFTEJK.exe, In Quarantäne, [9cef0e8da7d449ed76e9f38921e33ac6], PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$R4MD916.exe, In Quarantäne, [d7b44754205b1026aa4403920ef306fa], Physische Sektoren: 0 (No malicious items detected) (end)  Hab auch schon den tdsskiller verwendet (hätte ich vielleicht nicht machen sollen) Code:
ATTFilter 23:00:41.0214 0x1724 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
23:00:41.0214 0x1724 UEFI system
23:00:43.0203 0x1724 ============================================================
23:00:43.0203 0x1724 Current date / time: 2014/07/04 23:00:43.0203
23:00:43.0203 0x1724 SystemInfo:
23:00:43.0203 0x1724
23:00:43.0203 0x1724 OS Version: 6.3.9600 ServicePack: 0.0
23:00:43.0203 0x1724 Product type: Workstation
23:00:43.0203 0x1724 ComputerName: ..........
23:00:43.0203 0x1724 UserName: ..........
23:00:43.0203 0x1724 Windows directory: C:\Windows
23:00:43.0203 0x1724 System windows directory: C:\Windows
23:00:43.0203 0x1724 Running under WOW64
23:00:43.0203 0x1724 Processor architecture: Intel x64
23:00:43.0203 0x1724 Number of processors: 4
23:00:43.0203 0x1724 Page size: 0x1000
23:00:43.0203 0x1724 Boot type: Normal boot
23:00:43.0203 0x1724 ============================================================
23:00:44.0063 0x1724 KLMD registered as C:\Windows\system32\drivers\32683320.sys
23:00:44.0732 0x1724 System UUID: {6E03D6E4-7D49-CE0C-5ED9-3C17E7BCB431}
23:00:45.0268 0x1724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:45.0280 0x1724 ============================================================
23:00:45.0280 0x1724 \Device\Harddisk0\DR0:
23:00:45.0280 0x1724 GPT partitions:
23:00:45.0282 0x1724 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3D144CAB-8E85-42F7-A63A-9670FBD02664}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
23:00:45.0282 0x1724 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {55AFAC51-43C6-4405-B450-F9520AAE59A7}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
23:00:45.0282 0x1724 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {FC53217C-1135-4FE5-82A2-DCEE532A61F1}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
23:00:45.0282 0x1724 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D9072B83-329A-420C-8602-091ECA0CF6E9}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x378E8000
23:00:45.0282 0x1724 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5B71D179-0848-4A9E-AEB4-E555F06F813B}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
23:00:45.0282 0x1724 MBR partitions:
23:00:45.0282 0x1724 ============================================================
23:00:45.0311 0x1724 C: <-> \Device\Harddisk0\DR0\Partition4
23:00:45.0311 0x1724 ============================================================
23:00:45.0311 0x1724 Initialize success
23:00:45.0311 0x1724 ============================================================
23:00:47.0124 0x0970 ============================================================
23:00:47.0124 0x0970 Scan started
23:00:47.0124 0x0970 Mode: Manual;
23:00:47.0124 0x0970 ============================================================
23:00:47.0124 0x0970 KSN ping started
23:00:49.0757 0x0970 KSN ping finished: true
23:00:50.0990 0x0970 ================ Scan system memory ========================
23:00:50.0990 0x0970 System memory - ok
23:00:50.0990 0x0970 ================ Scan services =============================
23:00:51.0177 0x0970 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
23:00:51.0182 0x0970 1394ohci - ok
23:00:51.0223 0x0970 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
23:00:51.0225 0x0970 3ware - ok
23:00:51.0249 0x0970 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:00:51.0263 0x0970 ACPI - ok
23:00:51.0273 0x0970 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
23:00:51.0275 0x0970 acpiex - ok
23:00:51.0288 0x0970 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
23:00:51.0289 0x0970 acpipagr - ok
23:00:51.0317 0x0970 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
23:00:51.0318 0x0970 AcpiPmi - ok
23:00:51.0326 0x0970 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
23:00:51.0327 0x0970 acpitime - ok
23:00:51.0362 0x0970 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
23:00:51.0377 0x0970 ADP80XX - ok
23:00:51.0428 0x0970 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:00:51.0433 0x0970 AeLookupSvc - ok
23:00:51.0471 0x0970 [ 7C7BE474915166B61B84C025F1F10157, 41F5E2C29F602D272138A6FA0E0FC3369491DABEFF123EF3914613979BA6BDA8 ] AFD C:\Windows\system32\drivers\afd.sys
23:00:51.0479 0x0970 AFD - ok
23:00:51.0490 0x0970 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:00:51.0491 0x0970 agp440 - ok
23:00:51.0512 0x0970 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
23:00:51.0514 0x0970 ahcache - ok
23:00:51.0547 0x0970 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\Windows\System32\alg.exe
23:00:51.0549 0x0970 ALG - ok
23:00:51.0587 0x0970 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
23:00:51.0589 0x0970 AmdK8 - ok
23:00:51.0603 0x0970 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
23:00:51.0605 0x0970 AmdPPM - ok
23:00:51.0616 0x0970 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:00:51.0618 0x0970 amdsata - ok
23:00:51.0640 0x0970 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:00:51.0646 0x0970 amdsbs - ok
23:00:51.0655 0x0970 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:00:51.0656 0x0970 amdxata - ok
23:00:51.0672 0x0970 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\Windows\system32\drivers\appid.sys
23:00:51.0674 0x0970 AppID - ok
23:00:51.0710 0x0970 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:00:51.0711 0x0970 AppIDSvc - ok
23:00:51.0731 0x0970 [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\Windows\System32\appinfo.dll
23:00:51.0734 0x0970 Appinfo - ok
23:00:51.0757 0x0970 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\Windows\system32\AppReadiness.dll
23:00:51.0768 0x0970 AppReadiness - ok
23:00:51.0830 0x0970 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
23:00:51.0876 0x0970 AppXSvc - ok
23:00:51.0909 0x0970 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:00:51.0911 0x0970 arcsas - ok
23:00:52.0004 0x0970 [ DC2BA6926FA0CDCE273CC9897F05584A, CF35A55511C6241679FDB9D48DC43B61D86D071B974E7A668495E2021098E912 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:00:52.0006 0x0970 ASLDRService - ok
23:00:52.0022 0x0970 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:00:52.0023 0x0970 ASMMAP64 - ok
23:00:52.0069 0x0970 [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
23:00:52.0070 0x0970 aswHwid - ok
23:00:52.0092 0x0970 [ D421F374BE2213E910CD133708DDE60E, 951C50BCDC24921F6D25D6704D3A8D054F89B30EFFB8E2A0E2826D8BCDAC9847 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
23:00:52.0093 0x0970 aswKbd - ok
23:00:52.0121 0x0970 [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:00:52.0123 0x0970 aswMonFlt - ok
23:00:52.0174 0x0970 [ 79826FB8C979740D135C3E77A26C63BB, 5BF69B1CAA92CA6BE7E438B8988C561B5D2F30B81CFFA570725F1653ADD40004 ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
23:00:52.0182 0x0970 aswNdisFlt - ok
23:00:52.0223 0x0970 [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
23:00:52.0225 0x0970 aswRdr - ok
23:00:52.0241 0x0970 [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
23:00:52.0244 0x0970 aswRvrt - ok
23:00:52.0286 0x0970 [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:00:52.0306 0x0970 aswSnx - ok
23:00:52.0367 0x0970 [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:00:52.0375 0x0970 aswSP - ok
23:00:52.0400 0x0970 [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm C:\Windows\system32\drivers\aswStm.sys
23:00:52.0402 0x0970 aswStm - ok
23:00:52.0428 0x0970 [ F87990FDBDD4DC037343A80BD7E67538, B81B71F65BC23629C7EB79EE7B4DE38BBE155B1FC37EE66D50E2677C6CA50934 ] aswTap C:\Windows\system32\DRIVERS\aswTap.sys
23:00:52.0430 0x0970 aswTap - ok
23:00:52.0445 0x0970 [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
23:00:52.0448 0x0970 aswVmm - ok
23:00:52.0461 0x0970 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
23:00:52.0462 0x0970 atapi - ok
23:00:52.0498 0x0970 [ 427A6D1397E826B370D025EE73A50E6E, FC8BAB3AA95B55D59B8DF9F97C87D1F3CEAB609A3E6C8BD576F3BF9047C6A120 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
23:00:52.0500 0x0970 AthBTPort - ok
23:00:52.0556 0x0970 [ 54D0CDDB72425D42F7B504EE392E9653, 925FC00DC1222ECC8D750E240E8C159CF46F0BDBAADCDB2108892CF2CD91ED79 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
23:00:52.0560 0x0970 AtherosSvc - ok
23:00:52.0667 0x0970 [ 688941322FB20DB0407B6F149607517D, 53ABFCE11485E307D56598BF03121DDCD8D3E75FE2D85E513252C5A649D7EBAD ] athr C:\Windows\system32\DRIVERS\athwbx.sys
23:00:52.0766 0x0970 athr - ok
23:00:52.0790 0x0970 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:00:52.0791 0x0970 ATKGFNEXSrv - ok
23:00:52.0820 0x0970 [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:00:52.0822 0x0970 atksgt - ok
23:00:52.0850 0x0970 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:00:52.0851 0x0970 ATKWMIACPIIO - ok
23:00:52.0873 0x0970 [ 3903D1056E778BAEFA310B9B6EA6053E, 863977B4166A04557E154C41AC3B194A9F5C56C6090E8DE47C0D9D0E8CBD648E ] ATP C:\Windows\System32\drivers\AsusTP.sys
23:00:52.0875 0x0970 ATP - ok
23:00:52.0908 0x0970 [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
23:00:52.0913 0x0970 AudioEndpointBuilder - ok
23:00:52.0946 0x0970 [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:00:52.0961 0x0970 Audiosrv - ok
23:00:53.0065 0x0970 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:00:53.0066 0x0970 avast! Antivirus - ok
23:00:53.0089 0x0970 [ D386D51B1839E208EF7CCFBFA964638E, 56BF72AE80DFBB5A99A060591A9250BA0D4B9FDF1BEF23C87B61169D2D0EF111 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
23:00:53.0091 0x0970 avast! Firewall - ok
23:00:53.0124 0x0970 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:00:53.0126 0x0970 AxInstSV - ok
23:00:53.0172 0x0970 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:00:53.0183 0x0970 b06bdrv - ok
23:00:53.0198 0x0970 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
23:00:53.0200 0x0970 BasicDisplay - ok
23:00:53.0210 0x0970 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
23:00:53.0211 0x0970 BasicRender - ok
23:00:53.0225 0x0970 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
23:00:53.0226 0x0970 bcmfn2 - ok
23:00:53.0244 0x0970 [ 5BD3A2351BEFCAC8757626271F8EFA89, 6508673210129CF7EFCA93EC7874208FAD361E37814EB4FE9E0EC034E73D5F16 ] BDESVC C:\Windows\System32\bdesvc.dll
23:00:53.0251 0x0970 BDESVC - ok
23:00:53.0284 0x0970 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
23:00:53.0285 0x0970 Beep - ok
23:00:53.0333 0x0970 [ BBE15881FE11BE37112F8320C41DAFB9, 5CE92563628812FF6E00556D8E2DAD6ADCAAF0F4C3B90123F1D98ED6E3BB6DAD ] BFE C:\Windows\System32\bfe.dll
23:00:53.0349 0x0970 BFE - ok
23:00:53.0400 0x0970 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\Windows\System32\qmgr.dll
23:00:53.0422 0x0970 BITS - ok
23:00:53.0444 0x0970 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:00:53.0446 0x0970 bowser - ok
23:00:53.0472 0x0970 [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
23:00:53.0479 0x0970 BrokerInfrastructure - ok
23:00:53.0511 0x0970 [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\Windows\System32\browser.dll
23:00:53.0514 0x0970 Browser - ok
23:00:53.0550 0x0970 [ E9B6AC24CB3737D2F93C05590B4A9048, 7CFDF93947925EDF6D6C0AD9E3A31AF098E8F8574AFCD8C7B3242E29A1F38CDD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
23:00:53.0557 0x0970 BTATH_A2DP - ok
23:00:53.0573 0x0970 [ 2BD94FC9AB890A7A7CEF81E5F1A2D421, 0B572D0F6558CA37164A15A8D9DF13160BBF6DA119B8E92436B3DCFA19361E31 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
23:00:53.0575 0x0970 btath_avdt - ok
23:00:53.0595 0x0970 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
23:00:53.0598 0x0970 BTATH_HCRP - ok
23:00:53.0617 0x0970 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:00:53.0619 0x0970 BTATH_LWFLT - ok
23:00:53.0639 0x0970 [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
23:00:53.0642 0x0970 BTATH_RCP - ok
23:00:53.0667 0x0970 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
23:00:53.0678 0x0970 BtFilter - ok
23:00:53.0719 0x0970 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
23:00:53.0721 0x0970 BthAvrcpTg - ok
23:00:53.0734 0x0970 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:00:53.0736 0x0970 BthEnum - ok
23:00:53.0749 0x0970 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
23:00:53.0751 0x0970 BthHFEnum - ok
23:00:53.0764 0x0970 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
23:00:53.0765 0x0970 bthhfhid - ok
23:00:53.0792 0x0970 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
23:00:53.0797 0x0970 BthLEEnum - ok
23:00:53.0815 0x0970 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
23:00:53.0817 0x0970 BTHMODEM - ok
23:00:53.0841 0x0970 [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:00:53.0844 0x0970 BthPan - ok
23:00:53.0903 0x0970 [ 92370F46AF28D54B67C135FA8C2AFCFC, B1C0DBF27D392DEA8786AB9479C6CCD5A5DBDF3BE25ABA5FC7C6DB6D3EEE739B ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:00:53.0929 0x0970 BTHPORT - ok
23:00:53.0963 0x0970 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\Windows\system32\bthserv.dll
23:00:53.0966 0x0970 bthserv - ok
23:00:53.0982 0x0970 [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:00:53.0984 0x0970 BTHUSB - ok
23:00:53.0999 0x0970 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:00:54.0002 0x0970 cdfs - ok
23:00:54.0026 0x0970 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
23:00:54.0028 0x0970 cdrom - ok
23:00:54.0043 0x0970 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\Windows\System32\certprop.dll
23:00:54.0048 0x0970 CertPropSvc - ok
23:00:54.0079 0x0970 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
23:00:54.0080 0x0970 circlass - ok
23:00:54.0120 0x0970 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\Windows\system32\drivers\CLFS.sys
23:00:54.0127 0x0970 CLFS - ok
23:00:54.0171 0x0970 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
23:00:54.0172 0x0970 CmBatt - ok
23:00:54.0212 0x0970 [ 4627C1FBF2802425A408A2D2AF28CF85, 8B91C1BE1104BE93C0D689A20315FD106D89A076267493319B104EE73A90CDCB ] CNG C:\Windows\system32\Drivers\cng.sys
23:00:54.0223 0x0970 CNG - ok
23:00:54.0235 0x0970 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
23:00:54.0236 0x0970 CompositeBus - ok
23:00:54.0239 0x0970 COMSysApp - ok
23:00:54.0250 0x0970 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
23:00:54.0251 0x0970 condrv - ok
23:00:54.0336 0x0970 [ F9693D45B0F1B346CCDEEC1F341AD389, 342C81EFB434EAC29865F8BB049051635C644D7EF355D0F5FB3ADD9DDCE55D82 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:00:54.0344 0x0970 cphs - ok
23:00:54.0374 0x0970 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:00:54.0378 0x0970 CryptSvc - ok
23:00:54.0392 0x0970 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
23:00:54.0394 0x0970 dam - ok
23:00:54.0443 0x0970 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:00:54.0457 0x0970 DcomLaunch - ok
23:00:54.0505 0x0970 [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc C:\Windows\System32\defragsvc.dll
23:00:54.0514 0x0970 defragsvc - ok
23:00:54.0550 0x0970 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
23:00:54.0558 0x0970 DeviceAssociationService - ok
23:00:54.0594 0x0970 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
23:00:54.0599 0x0970 DeviceInstall - ok
23:00:54.0611 0x0970 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
23:00:54.0615 0x0970 Dfsc - ok
23:00:54.0670 0x0970 [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:00:54.0678 0x0970 Dhcp - ok
23:00:54.0716 0x0970 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
23:00:54.0718 0x0970 disk - ok
23:00:54.0745 0x0970 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
23:00:54.0746 0x0970 dmvsc - ok
23:00:54.0767 0x0970 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:00:54.0774 0x0970 Dnscache - ok
23:00:54.0805 0x0970 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\Windows\System32\dot3svc.dll
23:00:54.0811 0x0970 dot3svc - ok
23:00:54.0832 0x0970 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\Windows\system32\dps.dll
23:00:54.0838 0x0970 DPS - ok
23:00:54.0864 0x0970 [ 68E2849CF59D54557F5CC6911EE5B26F, 902768EEB69EAADB7AB2935C5B283D48329FC91FD1BC2BE61993D2C31D05A54E ] DptfDevDram C:\Windows\system32\DRIVERS\DptfDevDram.sys
23:00:54.0866 0x0970 DptfDevDram - ok
23:00:54.0883 0x0970 [ 76C91DB88A8CEE7711F41ADF08128522, 584AFB7076D8C6D200444E5D376A8934285DF7D8A9B41C076E350F258D43B8EB ] DptfDevPch C:\Windows\system32\DRIVERS\DptfDevPch.sys
23:00:54.0885 0x0970 DptfDevPch - ok
23:00:54.0902 0x0970 [ 82D5BA44F3A32EE7D41D2E8B4361AD9B, BFC8059C4208E79E0A52F86A28A5E119F059DC1CD03564675A1554CE916AD5A5 ] DptfDevProc C:\Windows\system32\DRIVERS\DptfDevProc.sys
23:00:54.0904 0x0970 DptfDevProc - ok
23:00:54.0920 0x0970 [ 66AA3E34E06A32B60573926DD861D70E, 1888D8B35460E3D1F73B495D90BFA0D14AE405F50A010A8555558DFC6E233C7A ] DptfManager C:\Windows\system32\DRIVERS\DptfManager.sys
23:00:54.0923 0x0970 DptfManager - ok
23:00:54.0935 0x0970 [ 058388D2D86C28C6C345B52ECF251FF7, 81D0A652F419F1B95E10245480BDF168C74370760B574987F0F88D6C9097BCA9 ] DptfParticipantProcessorService C:\Windows\system32\DptfParticipantProcessorService.exe
23:00:54.0937 0x0970 DptfParticipantProcessorService - ok
23:00:54.0963 0x0970 [ DD102BC049487894B5214E5CC890F7C7, 340A24CBB4961F5D50835597E418368D60E2BDFB6E9C89DC546E1D9C77066A99 ] DptfPolicyConfigTDPService C:\Windows\system32\DptfPolicyConfigTDPService.exe
23:00:54.0966 0x0970 DptfPolicyConfigTDPService - ok
23:00:54.0986 0x0970 [ 920DA0F094DDE55DF835FECD7304A0C1, 5EE88CE2F7BA292F60618B5EC4EC87C2417CD12A20306966B5DC68D7687EFDA0 ] DptfPolicyCriticalService C:\Windows\system32\DptfPolicyCriticalService.exe
23:00:54.0988 0x0970 DptfPolicyCriticalService - ok
23:00:55.0006 0x0970 [ 4BA8E65371129900116259D8513644EB, A5DEE74D2C9DA0C1185333B4A3D22815104423682645BB4E2A5E8E7DB766D41E ] DptfPolicyLpmService C:\Windows\system32\DptfPolicyLpmService.exe
23:00:55.0008 0x0970 DptfPolicyLpmService - ok
23:00:55.0017 0x0970 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:00:55.0018 0x0970 drmkaud - ok
23:00:55.0053 0x0970 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
23:00:55.0058 0x0970 DsmSvc - ok
23:00:55.0129 0x0970 [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:00:55.0182 0x0970 DXGKrnl - ok
23:00:55.0235 0x0970 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\Windows\System32\eapsvc.dll
23:00:55.0238 0x0970 Eaphost - ok
23:00:55.0340 0x0970 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:00:55.0419 0x0970 ebdrv - ok
23:00:55.0447 0x0970 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\Windows\System32\lsass.exe
23:00:55.0450 0x0970 EFS - ok
23:00:55.0464 0x0970 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
23:00:55.0468 0x0970 EhStorClass - ok
23:00:55.0483 0x0970 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
23:00:55.0486 0x0970 EhStorTcgDrv - ok
23:00:55.0520 0x0970 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
23:00:55.0521 0x0970 ErrDev - ok
23:00:55.0573 0x0970 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\Windows\system32\es.dll
23:00:55.0581 0x0970 EventSystem - ok
23:00:55.0613 0x0970 [ D83EB7ADE99D99A4CD6568AC1261D35E, 92F7ACBFE9CD717129176CEDF33FCA738C0FE0AFC5F2C22C894AB605A3F0747C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
23:00:55.0617 0x0970 ewusbnet - ok
23:00:55.0627 0x0970 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
23:00:55.0629 0x0970 ew_hwusbdev - ok
23:00:55.0656 0x0970 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
23:00:55.0661 0x0970 exfat - ok
23:00:55.0703 0x0970 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:00:55.0708 0x0970 fastfat - ok
23:00:55.0755 0x0970 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\Windows\system32\fxssvc.exe
23:00:55.0768 0x0970 Fax - ok
23:00:55.0778 0x0970 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
23:00:55.0780 0x0970 fdc - ok
23:00:55.0822 0x0970 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\Windows\system32\fdPHost.dll
23:00:55.0824 0x0970 fdPHost - ok
23:00:55.0850 0x0970 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\Windows\system32\fdrespub.dll
23:00:55.0852 0x0970 FDResPub - ok
23:00:55.0868 0x0970 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\Windows\system32\fhsvc.dll
23:00:55.0871 0x0970 fhsvc - ok
23:00:55.0891 0x0970 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:00:55.0893 0x0970 FileInfo - ok
23:00:55.0905 0x0970 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:00:55.0906 0x0970 Filetrace - ok
23:00:55.0923 0x0970 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
23:00:55.0924 0x0970 flpydisk - ok
23:00:55.0956 0x0970 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:00:55.0964 0x0970 FltMgr - ok
23:00:56.0008 0x0970 [ 183CA7699474FDE235853967D1DA4D9B, 8FBD5997F1E39AFFD8C4322520DF4D2227279B5149017D825C188D7411BA99AF ] FontCache C:\Windows\system32\FntCache.dll
23:00:56.0051 0x0970 FontCache - ok
23:00:56.0155 0x0970 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:00:56.0157 0x0970 FontCache3.0.0.0 - ok
23:00:56.0185 0x0970 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:00:56.0186 0x0970 FsDepends - ok
23:00:56.0195 0x0970 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:00:56.0196 0x0970 Fs_Rec - ok
23:00:56.0232 0x0970 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:00:56.0241 0x0970 fvevol - ok
23:00:56.0250 0x0970 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
23:00:56.0251 0x0970 FxPPM - ok
23:00:56.0271 0x0970 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:00:56.0273 0x0970 gagp30kx - ok
23:00:56.0303 0x0970 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
23:00:56.0304 0x0970 gencounter - ok
23:00:56.0323 0x0970 [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
23:00:56.0327 0x0970 GPIOClx0101 - ok
23:00:56.0377 0x0970 [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc C:\Windows\System32\gpsvc.dll
23:00:56.0422 0x0970 gpsvc - ok
23:00:56.0454 0x0970 [ C41EB965A9DC4844F156E628F75AE876, 3E250704E6C30FAFE0FDE2BB259452761AFB7AAC3A7026ADB960079D06870C84 ] Hamachi C:\Windows\system32\DRIVERS\Hamdrv.sys
23:00:56.0456 0x0970 Hamachi - ok
23:00:56.0575 0x0970 [ 8E459BA8360F33D64BE96F9550E56EE8, AA0568EE4DE90C7D6001759BADE17729E4420DEBE106DB8AFDC2B4E1C518DC49 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:00:56.0610 0x0970 Hamachi2Svc - ok
23:00:56.0644 0x0970 [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
23:00:56.0646 0x0970 HDAudBus - ok
23:00:56.0671 0x0970 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
23:00:56.0672 0x0970 HidBatt - ok
23:00:56.0715 0x0970 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\Windows\System32\drivers\hidbth.sys
23:00:56.0717 0x0970 HidBth - ok
23:00:56.0728 0x0970 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
23:00:56.0730 0x0970 hidi2c - ok
23:00:56.0740 0x0970 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
23:00:56.0741 0x0970 HidIr - ok
23:00:56.0773 0x0970 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\Windows\system32\hidserv.dll
23:00:56.0776 0x0970 hidserv - ok
23:00:56.0797 0x0970 [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch C:\Windows\System32\drivers\AsHIDSwitch64.sys
23:00:56.0798 0x0970 HIDSwitch - ok
23:00:56.0832 0x0970 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
23:00:56.0834 0x0970 HidUsb - ok
23:00:56.0871 0x0970 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:00:56.0874 0x0970 hkmsvc - ok
23:00:56.0892 0x0970 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:00:56.0901 0x0970 HomeGroupListener - ok
23:00:56.0942 0x0970 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:00:56.0953 0x0970 HomeGroupProvider - ok
23:00:56.0984 0x0970 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:00:56.0986 0x0970 HpSAMD - ok
23:00:57.0024 0x0970 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:00:57.0038 0x0970 HTTP - ok
23:00:57.0071 0x0970 [ C2212C930D7A6CC21972B9882683D271, 94DAAFE964E33B44A82410CF286B273DFFFE207813EE07EA82CB7839EE2C5F11 ] huawei_enumerator C:\Windows\System32\drivers\ew_jubusenum.sys
23:00:57.0073 0x0970 huawei_enumerator - ok
23:00:57.0102 0x0970 [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:00:57.0104 0x0970 hwdatacard - ok
23:00:57.0153 0x0970 HWDeviceService64.exe - ok
23:00:57.0182 0x0970 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:00:57.0183 0x0970 hwpolicy - ok
23:00:57.0224 0x0970 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
23:00:57.0226 0x0970 hyperkbd - ok
23:00:57.0244 0x0970 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
23:00:57.0245 0x0970 HyperVideo - ok
23:00:57.0274 0x0970 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
23:00:57.0276 0x0970 i8042prt - ok
23:00:57.0281 0x0970 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
23:00:57.0282 0x0970 iaLPSSi_GPIO - ok
23:00:57.0293 0x0970 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
23:00:57.0295 0x0970 iaLPSSi_I2C - ok
23:00:57.0337 0x0970 [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
23:00:57.0347 0x0970 iaStorA - ok
23:00:57.0370 0x0970 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
23:00:57.0383 0x0970 iaStorAV - ok
23:00:57.0409 0x0970 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:00:57.0417 0x0970 iaStorV - ok
23:00:57.0420 0x0970 IEEtwCollectorService - ok
23:00:57.0537 0x0970 [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:00:57.0639 0x0970 igfx - ok
23:00:57.0703 0x0970 [ CFE7F0267B0C3077042FF291949B5546, 7B8C432632D0210119BFF57D4994F2B8F75307A9D6867353AF93BBA3F561595B ] IKEEXT C:\Windows\System32\ikeext.dll
23:00:57.0724 0x0970 IKEEXT - ok
23:00:57.0761 0x0970 [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
23:00:57.0762 0x0970 intaud_WaveExtensible - ok
23:00:57.0872 0x0970 [ 6C7970A8E0546A4D9466E0045C7DB199, 70F2D58514C8E1A1E10B833236213F87F34AEB06ACC0D4C0DF61FCD69F8F1E07 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:00:57.0920 0x0970 IntcAzAudAddService - ok
23:00:57.0950 0x0970 [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:00:57.0959 0x0970 IntcDAud - ok
23:00:58.0091 0x0970 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:00:58.0105 0x0970 Intel(R) Capability Licensing Service Interface - ok
23:00:58.0131 0x0970 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
23:00:58.0148 0x0970 Intel(R) Capability Licensing Service TCP IP Interface - ok
23:00:58.0184 0x0970 [ 726BFAF3DC2071218F0AE53C919A4D3B, 7934BB42C16F1DAA80AB92FA4AF4BFDD2B8AF73EF55D95950E4A77DBB3DCBF4A ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
23:00:58.0186 0x0970 Intel(R) ME Service - ok
23:00:58.0197 0x0970 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
23:00:58.0198 0x0970 intelide - ok
23:00:58.0219 0x0970 [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\Windows\system32\drivers\intelpep.sys
23:00:58.0220 0x0970 intelpep - ok
23:00:58.0253 0x0970 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
23:00:58.0255 0x0970 intelppm - ok
23:00:58.0274 0x0970 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:58.0277 0x0970 IpFilterDriver - ok
23:00:58.0337 0x0970 [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:00:58.0356 0x0970 iphlpsvc - ok
23:00:58.0392 0x0970 [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
23:00:58.0393 0x0970 IPMIDRV - ok
23:00:58.0412 0x0970 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:00:58.0415 0x0970 IPNAT - ok
23:00:58.0450 0x0970 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:00:58.0451 0x0970 IRENUM - ok
23:00:58.0459 0x0970 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:00:58.0460 0x0970 isapnp - ok
23:00:58.0507 0x0970 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
23:00:58.0513 0x0970 iScsiPrt - ok
23:00:58.0555 0x0970 [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
23:00:58.0556 0x0970 iwdbus - ok
23:00:58.0580 0x0970 [ 1128B38EEC9DAF1B36373B65E87C00A3, 071E9454B9B442C2C3272FBC1AE5E92911A23CDB99F1C718C34067A70B99F910 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:00:58.0583 0x0970 jhi_service - ok
23:00:58.0616 0x0970 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
23:00:58.0617 0x0970 kbdclass - ok
23:00:58.0628 0x0970 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
23:00:58.0630 0x0970 kbdhid - ok
23:00:58.0649 0x0970 [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr C:\Windows\System32\drivers\kbfiltr.sys
23:00:58.0651 0x0970 kbfiltr - ok
23:00:58.0664 0x0970 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
23:00:58.0664 0x0970 kdnic - ok
23:00:58.0675 0x0970 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\Windows\system32\lsass.exe
23:00:58.0679 0x0970 KeyIso - ok
23:00:58.0698 0x0970 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:00:58.0700 0x0970 KSecDD - ok
23:00:58.0733 0x0970 [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:00:58.0738 0x0970 KSecPkg - ok
23:00:58.0753 0x0970 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:00:58.0755 0x0970 ksthunk - ok
23:00:58.0807 0x0970 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:00:58.0816 0x0970 KtmRm - ok
23:00:58.0853 0x0970 [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:00:58.0862 0x0970 LanmanServer - ok
23:00:58.0891 0x0970 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:00:58.0901 0x0970 LanmanWorkstation - ok
23:00:58.0946 0x0970 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
23:00:58.0957 0x0970 lfsvc - ok
23:00:58.0989 0x0970 [ 955982BF4421B77722196552B62E8DC2, 3732449ACDBB78E1ED8436DF153C899C28573F458FDCFE345DFA1B305D085033 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:00:58.0990 0x0970 lirsgt - ok
23:00:59.0009 0x0970 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:00:59.0011 0x0970 lltdio - ok
23:00:59.0052 0x0970 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:00:59.0059 0x0970 lltdsvc - ok
23:00:59.0091 0x0970 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:00:59.0094 0x0970 lmhosts - ok
23:00:59.0138 0x0970 [ D5F9C50082FA5F82C35922998B3DAD6E, 4957FB1888EC69E16E6D019F2D984EE810F8532FAB504B30D32518E4D3F01FDB ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
23:00:59.0143 0x0970 LMIGuardianSvc - ok
23:00:59.0203 0x0970 [ 388B04A767082D0B0581AF475DF943D9, B1E12445B79C4D1EFAABB38096EED2C8A127479AF1602476DFDDECC122A828CA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:00:59.0208 0x0970 LMS - ok
23:00:59.0242 0x0970 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:00:59.0244 0x0970 LSI_SAS - ok
23:00:59.0261 0x0970 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:00:59.0263 0x0970 LSI_SAS2 - ok
23:00:59.0278 0x0970 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
23:00:59.0280 0x0970 LSI_SAS3 - ok
23:00:59.0296 0x0970 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
23:00:59.0298 0x0970 LSI_SSS - ok
23:00:59.0343 0x0970 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\Windows\System32\lsm.dll
23:00:59.0358 0x0970 LSM - ok
23:00:59.0401 0x0970 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
23:00:59.0403 0x0970 luafv - ok
23:00:59.0415 0x0970 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
23:00:59.0416 0x0970 megasas - ok
23:00:59.0440 0x0970 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
23:00:59.0451 0x0970 megasr - ok
23:00:59.0462 0x0970 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
23:00:59.0464 0x0970 MEIx64 - ok
23:00:59.0491 0x0970 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\Windows\system32\mmcss.dll
23:00:59.0494 0x0970 MMCSS - ok
23:00:59.0553 0x0970 [ 38106C7BD34EAE89D2769AC0BA2E846B, 8A33C138C84ED3E6C9408BB66FDEA65E35DD3600AF3ED2C967B8C3D5D54EC3C4 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
23:00:59.0559 0x0970 Mobile Partner. RunOuc - ok
23:00:59.0570 0x0970 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
23:00:59.0571 0x0970 Modem - ok
23:00:59.0600 0x0970 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
23:00:59.0602 0x0970 monitor - ok
23:00:59.0615 0x0970 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\Windows\System32\drivers\mouclass.sys
23:00:59.0617 0x0970 mouclass - ok
23:00:59.0646 0x0970 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\Windows\System32\drivers\mouhid.sys
23:00:59.0647 0x0970 mouhid - ok
23:00:59.0665 0x0970 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:00:59.0668 0x0970 mountmgr - ok
23:00:59.0720 0x0970 [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:00:59.0723 0x0970 MozillaMaintenance - ok
23:00:59.0742 0x0970 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:00:59.0744 0x0970 mpsdrv - ok
23:00:59.0793 0x0970 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:00:59.0828 0x0970 MpsSvc - ok
23:00:59.0868 0x0970 [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:00:59.0872 0x0970 MRxDAV - ok
23:00:59.0917 0x0970 [ 0696F66E4D423793951A60562F794D14, E808E4E160C019F2F10762758F48C4565037974775CD267DF06B8B4A2CE26705 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:00:59.0923 0x0970 mrxsmb - ok
23:00:59.0946 0x0970 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:00:59.0952 0x0970 mrxsmb10 - ok
23:01:00.0162 0x0970 [ DBA635C6398782C549E3BE45CF1D0411, E9806E075F401D3E7357E876C7F941F7DAFFBBEE065DC3FE556014F5D92EDAC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:00.0165 0x0970 mrxsmb20 - ok
23:01:00.0200 0x0970 [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
23:01:00.0202 0x0970 MsBridge - ok
23:01:00.0239 0x0970 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\Windows\System32\msdtc.exe
23:01:00.0244 0x0970 MSDTC - ok
23:01:00.0266 0x0970 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:01:00.0267 0x0970 Msfs - ok
23:01:00.0288 0x0970 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
23:01:00.0289 0x0970 msgpiowin32 - ok
23:01:00.0300 0x0970 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:01:00.0301 0x0970 mshidkmdf - ok
23:01:00.0320 0x0970 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
23:01:00.0320 0x0970 mshidumdf - ok
23:01:00.0350 0x0970 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:01:00.0351 0x0970 msisadrv - ok
23:01:00.0395 0x0970 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:01:00.0400 0x0970 MSiSCSI - ok
23:01:00.0403 0x0970 msiserver - ok
23:01:00.0417 0x0970 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:01:00.0418 0x0970 MSKSSRV - ok
23:01:00.0439 0x0970 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
23:01:00.0441 0x0970 MsLldp - ok
23:01:00.0459 0x0970 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:00.0460 0x0970 MSPCLOCK - ok
23:01:00.0465 0x0970 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:01:00.0466 0x0970 MSPQM - ok
23:01:00.0490 0x0970 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:01:00.0496 0x0970 MsRPC - ok
23:01:00.0510 0x0970 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
23:01:00.0511 0x0970 mssmbios - ok
23:01:00.0519 0x0970 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:01:00.0520 0x0970 MSTEE - ok
23:01:00.0528 0x0970 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
23:01:00.0529 0x0970 MTConfig - ok
23:01:00.0550 0x0970 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
23:01:00.0552 0x0970 Mup - ok
23:01:00.0564 0x0970 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
23:01:00.0566 0x0970 mvumis - ok
23:01:00.0623 0x0970 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\Windows\system32\qagentRT.dll
23:01:00.0632 0x0970 napagent - ok
23:01:00.0648 0x0970 [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:01:00.0655 0x0970 NativeWifiP - ok
23:01:00.0698 0x0970 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\Windows\System32\ncasvc.dll
23:01:00.0703 0x0970 NcaSvc - ok
23:01:00.0725 0x0970 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\Windows\System32\ncbservice.dll
23:01:00.0731 0x0970 NcbService - ok
23:01:00.0743 0x0970 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
23:01:00.0746 0x0970 NcdAutoSetup - ok
23:01:00.0797 0x0970 [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS C:\Windows\system32\drivers\ndis.sys
23:01:00.0813 0x0970 NDIS - ok
23:01:00.0848 0x0970 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:00.0850 0x0970 NdisCap - ok
23:01:00.0862 0x0970 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
23:01:00.0864 0x0970 NdisImPlatform - ok
23:01:00.0881 0x0970 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:00.0882 0x0970 NdisTapi - ok
23:01:00.0890 0x0970 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:00.0892 0x0970 Ndisuio - ok
23:01:00.0909 0x0970 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
23:01:00.0910 0x0970 NdisVirtualBus - ok
23:01:00.0926 0x0970 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:00.0931 0x0970 NdisWan - ok
23:01:00.0937 0x0970 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:00.0941 0x0970 NdisWanLegacy - ok
23:01:00.0951 0x0970 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:01:00.0953 0x0970 NDProxy - ok
23:01:00.0986 0x0970 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\Windows\system32\drivers\Ndu.sys
23:01:00.0988 0x0970 Ndu - ok
23:01:01.0003 0x0970 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:01:01.0004 0x0970 NetBIOS - ok
23:01:01.0028 0x0970 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:01:01.0033 0x0970 NetBT - ok
23:01:01.0050 0x0970 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\Windows\system32\lsass.exe
23:01:01.0054 0x0970 Netlogon - ok
23:01:01.0113 0x0970 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\Windows\System32\netman.dll
23:01:01.0121 0x0970 Netman - ok
23:01:01.0167 0x0970 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\Windows\System32\netprofmsvc.dll
23:01:01.0180 0x0970 netprofm - ok
23:01:01.0228 0x0970 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:01:01.0231 0x0970 NetTcpPortSharing - ok
23:01:01.0275 0x0970 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\Windows\system32\DRIVERS\netvsc63.sys
23:01:01.0277 0x0970 netvsc - ok
23:01:01.0303 0x0970 [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:01:01.0313 0x0970 NlaSvc - ok
23:01:01.0332 0x0970 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:01:01.0334 0x0970 Npfs - ok
23:01:01.0370 0x0970 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
23:01:01.0371 0x0970 npsvctrig - ok
23:01:01.0389 0x0970 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\Windows\system32\nsisvc.dll
23:01:01.0393 0x0970 nsi - ok
23:01:01.0408 0x0970 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:01:01.0409 0x0970 nsiproxy - ok
23:01:01.0493 0x0970 [ 1C80517BE6836A812F6A9B99B8321351, 7DBED4633820E201C9C242D961EF6F25BA2B1D5593BA60F707CC71A4014C2D4B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:01:01.0540 0x0970 Ntfs - ok
23:01:01.0554 0x0970 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
23:01:01.0554 0x0970 Null - ok
23:01:01.0861 0x0970 [ 0AC797F70F2F3E5B69A34FF2F63496F3, 80A811F8234BA00779BA76AAF41E830FB6CED03667E6E8F430C14DEBF2E45DD9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:01:02.0153 0x0970 nvlddmkm - ok
23:01:02.0276 0x0970 [ 048C6FACA905A7DF0A86D3CC31D7E6AE, 7222B301DBBDFF15B038E13FEA076759D8AC392F5145ECD60A640BDA6CFABE8C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
23:01:02.0299 0x0970 NvNetworkService - ok
23:01:02.0311 0x0970 [ C045199456CE8B823AD85CB9507DEA3C, 9C070B7463AB22D1AFC116E89C690FD552ED68D138F9DD3BA9FAD9BB652DC940 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
23:01:02.0312 0x0970 nvpciflt - ok
23:01:02.0344 0x0970 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:01:02.0347 0x0970 nvraid - ok
23:01:02.0356 0x0970 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:01:02.0360 0x0970 nvstor - ok
23:01:02.0405 0x0970 [ C135A25E8CF21EB631AB041ABB1F73EA, D0A3DC0411E888D0934B7579EEB980FA7824E3F22F70819A33411D8B8BC9EE42 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
23:01:02.0421 0x0970 nvsvc - ok
23:01:02.0438 0x0970 nvvad_WaveExtensible - ok
23:01:02.0458 0x0970 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:01:02.0461 0x0970 nv_agp - ok
23:01:02.0508 0x0970 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:01:02.0518 0x0970 p2pimsvc - ok
23:01:02.0532 0x0970 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\Windows\system32\p2psvc.dll
23:01:02.0543 0x0970 p2psvc - ok
23:01:02.0557 0x0970 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
23:01:02.0560 0x0970 Parport - ok
23:01:02.0575 0x0970 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:01:02.0577 0x0970 partmgr - ok
23:01:02.0589 0x0970 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:01:02.0601 0x0970 PcaSvc - ok
23:01:02.0630 0x0970 [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci C:\Windows\system32\drivers\pci.sys
23:01:02.0638 0x0970 pci - ok
23:01:02.0655 0x0970 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
23:01:02.0656 0x0970 pciide - ok
23:01:02.0670 0x0970 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:01:02.0673 0x0970 pcmcia - ok
23:01:02.0686 0x0970 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
23:01:02.0688 0x0970 pcw - ok
23:01:02.0701 0x0970 [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\Windows\system32\drivers\pdc.sys
23:01:02.0704 0x0970 pdc - ok
23:01:02.0749 0x0970 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:01:02.0759 0x0970 PEAUTH - ok
23:01:02.0831 0x0970 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:01:02.0834 0x0970 PerfHost - ok
23:01:02.0905 0x0970 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\Windows\system32\pla.dll
23:01:02.0962 0x0970 pla - ok
23:01:02.0994 0x0970 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:01:02.0998 0x0970 PlugPlay - ok
23:01:03.0011 0x0970 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:01:03.0014 0x0970 PNRPAutoReg - ok
23:01:03.0041 0x0970 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:01:03.0049 0x0970 PNRPsvc - ok
23:01:03.0084 0x0970 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:01:03.0094 0x0970 PolicyAgent - ok
23:01:03.0130 0x0970 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\Windows\system32\umpo.dll
23:01:03.0135 0x0970 Power - ok
23:01:03.0259 0x0970 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
23:01:03.0326 0x0970 PrintNotify - ok
23:01:03.0356 0x0970 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
23:01:03.0358 0x0970 Processor - ok
23:01:03.0394 0x0970 [ B2A890D96C05E33FDD2BF3F3D4D0DF92, 3A29E17424429A5654D906E420D938148F09F57457356EFA72DA003B73F2D81E ] ProfSvc C:\Windows\system32\profsvc.dll
23:01:03.0400 0x0970 ProfSvc - ok
23:01:03.0441 0x0970 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:01:03.0444 0x0970 Psched - ok
23:01:03.0471 0x0970 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\Windows\system32\qwave.dll
23:01:03.0480 0x0970 QWAVE - ok
23:01:03.0494 0x0970 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:01:03.0496 0x0970 QWAVEdrv - ok
23:01:03.0514 0x0970 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:01:03.0515 0x0970 RasAcd - ok
23:01:03.0548 0x0970 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\Windows\System32\rasauto.dll
23:01:03.0553 0x0970 RasAuto - ok
23:01:03.0577 0x0970 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\Windows\System32\rasmans.dll
23:01:03.0591 0x0970 RasMan - ok
23:01:03.0612 0x0970 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:03.0614 0x0970 RasPppoe - ok
23:01:03.0638 0x0970 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:01:03.0647 0x0970 rdbss - ok
23:01:03.0661 0x0970 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
23:01:03.0662 0x0970 rdpbus - ok
23:01:03.0696 0x0970 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:01:03.0700 0x0970 RDPDR - ok
23:01:03.0718 0x0970 [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:01:03.0719 0x0970 RdpVideoMiniport - ok
23:01:03.0743 0x0970 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:01:03.0748 0x0970 rdyboost - ok
23:01:03.0783 0x0970 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\Windows\system32\drivers\ReFS.sys
23:01:03.0801 0x0970 ReFS - ok
23:01:03.0836 0x0970 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:01:03.0843 0x0970 RemoteAccess - ok
23:01:03.0898 0x0970 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:01:03.0904 0x0970 RemoteRegistry - ok
23:01:03.0921 0x0970 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:03.0925 0x0970 RFCOMM - ok
23:01:03.0959 0x0970 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:01:03.0964 0x0970 RpcEptMapper - ok
23:01:03.0994 0x0970 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\Windows\system32\locator.exe
23:01:03.0997 0x0970 RpcLocator - ok
23:01:04.0029 0x0970 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\Windows\system32\rpcss.dll
23:01:04.0043 0x0970 RpcSs - ok
23:01:04.0077 0x0970 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:01:04.0079 0x0970 rspndr - ok
23:01:04.0124 0x0970 [ E7B780F2E7A124264AA487C13107BDFF, 2AE4E7227F3E28FCEF685AC54771D949845339D7881A7855810A6C33E9B179D7 ] RSUSBVSTOR C:\Windows\System32\Drivers\RtsUVStor.sys
23:01:04.0131 0x0970 RSUSBVSTOR - ok
23:01:04.0163 0x0970 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
23:01:04.0175 0x0970 RTL8168 - ok
23:01:04.0188 0x0970 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
23:01:04.0189 0x0970 s3cap - ok
23:01:04.0201 0x0970 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\Windows\system32\lsass.exe
23:01:04.0204 0x0970 SamSs - ok
23:01:04.0238 0x0970 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:01:04.0241 0x0970 sbp2port - ok
23:01:04.0279 0x0970 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:01:04.0285 0x0970 SCardSvr - ok
23:01:04.0306 0x0970 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
23:01:04.0311 0x0970 ScDeviceEnum - ok
23:01:04.0330 0x0970 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:01:04.0331 0x0970 scfilter - ok
23:01:04.0377 0x0970 [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule C:\Windows\system32\schedsvc.dll
23:01:04.0422 0x0970 Schedule - ok
23:01:04.0462 0x0970 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:01:04.0465 0x0970 SCPolicySvc - ok
23:01:04.0485 0x0970 [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus C:\Windows\System32\drivers\sdbus.sys
23:01:04.0491 0x0970 sdbus - ok
23:01:04.0500 0x0970 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
23:01:04.0501 0x0970 sdstor - ok
23:01:04.0530 0x0970 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:01:04.0532 0x0970 secdrv - ok
23:01:04.0540 0x0970 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\Windows\system32\seclogon.dll
23:01:04.0544 0x0970 seclogon - ok
23:01:04.0559 0x0970 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\Windows\System32\sens.dll
23:01:04.0564 0x0970 SENS - ok
23:01:04.0576 0x0970 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:01:04.0583 0x0970 SensrSvc - ok
23:01:04.0627 0x0970 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
23:01:04.0628 0x0970 SerCx - ok
23:01:04.0650 0x0970 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
23:01:04.0654 0x0970 SerCx2 - ok
23:01:04.0671 0x0970 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
23:01:04.0672 0x0970 Serenum - ok
23:01:04.0686 0x0970 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
23:01:04.0688 0x0970 Serial - ok
23:01:04.0706 0x0970 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\Windows\System32\drivers\sermouse.sys
23:01:04.0707 0x0970 sermouse - ok
23:01:04.0750 0x0970 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\Windows\system32\sessenv.dll
23:01:04.0759 0x0970 SessionEnv - ok
23:01:04.0774 0x0970 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
23:01:04.0775 0x0970 sfloppy - ok
23:01:04.0803 0x0970 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:01:04.0813 0x0970 SharedAccess - ok
23:01:04.0885 0x0970 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:01:04.0900 0x0970 ShellHWDetection - ok
23:01:04.0920 0x0970 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:01:04.0921 0x0970 SiSRaid2 - ok
23:01:04.0936 0x0970 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:01:04.0938 0x0970 SiSRaid4 - ok
23:01:04.0977 0x0970 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\Windows\System32\smphost.dll
23:01:04.0980 0x0970 smphost - ok
23:01:05.0024 0x0970 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:01:05.0028 0x0970 SNMPTRAP - ok
23:01:05.0069 0x0970 [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport C:\Windows\system32\drivers\spaceport.sys
23:01:05.0078 0x0970 spaceport - ok
23:01:05.0100 0x0970 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
23:01:05.0102 0x0970 SpbCx - ok
23:01:05.0131 0x0970 [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\Windows\System32\spoolsv.exe
23:01:05.0148 0x0970 Spooler - ok
23:01:05.0348 0x0970 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
23:01:05.0505 0x0970 sppsvc - ok
23:01:05.0533 0x0970 [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:01:05.0540 0x0970 srv - ok
23:01:05.0587 0x0970 [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:01:05.0597 0x0970 srv2 - ok
23:01:05.0617 0x0970 [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:01:05.0621 0x0970 srvnet - ok
23:01:05.0662 0x0970 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:01:05.0670 0x0970 SSDPSRV - ok
23:01:05.0702 0x0970 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:01:05.0708 0x0970 SstpSvc - ok
23:01:05.0746 0x0970 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:01:05.0747 0x0970 stexstor - ok
23:01:05.0797 0x0970 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\Windows\System32\wiaservc.dll
23:01:05.0812 0x0970 stisvc - ok
23:01:05.0834 0x0970 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
23:01:05.0836 0x0970 storahci - ok
23:01:05.0850 0x0970 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:01:05.0851 0x0970 storflt - ok
23:01:05.0866 0x0970 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
23:01:05.0867 0x0970 stornvme - ok
23:01:05.0915 0x0970 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\Windows\system32\storsvc.dll
23:01:05.0918 0x0970 StorSvc - ok
23:01:05.0938 0x0970 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:01:05.0940 0x0970 storvsc - ok
23:01:05.0980 0x0970 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\Windows\system32\svsvc.dll
23:01:05.0984 0x0970 svsvc - ok
23:01:05.0999 0x0970 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\Windows\System32\drivers\swenum.sys
23:01:06.0000 0x0970 swenum - ok
23:01:06.0042 0x0970 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\Windows\System32\swprv.dll
23:01:06.0058 0x0970 swprv - ok
23:01:06.0105 0x0970 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\Windows\system32\sysmain.dll
23:01:06.0150 0x0970 SysMain - ok
23:01:06.0170 0x0970 [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
23:01:06.0180 0x0970 SystemEventsBroker - ok
23:01:06.0212 0x0970 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
23:01:06.0218 0x0970 TabletInputService - ok
23:01:06.0239 0x0970 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:01:06.0249 0x0970 TapiSrv - ok
23:01:06.0323 0x0970 [ D7566BE560B040C47F6F35EB980D8377, 51487FCBFE4BD07FCFEF324B6C7711E56A7D8893450F808BD50C2FD44BBFED99 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:01:06.0387 0x0970 Tcpip - ok
23:01:06.0456 0x0970 [ D7566BE560B040C47F6F35EB980D8377, 51487FCBFE4BD07FCFEF324B6C7711E56A7D8893450F808BD50C2FD44BBFED99 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:01:06.0491 0x0970 TCPIP6 - ok
23:01:06.0536 0x0970 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:01:06.0537 0x0970 tcpipreg - ok
23:01:06.0574 0x0970 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:01:06.0576 0x0970 tdx - ok
23:01:06.0614 0x0970 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
23:01:06.0616 0x0970 terminpt - ok
23:01:06.0675 0x0970 [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService C:\Windows\System32\termsrv.dll
23:01:06.0693 0x0970 TermService - ok
23:01:06.0721 0x0970 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\Windows\system32\themeservice.dll
23:01:06.0725 0x0970 Themes - ok
23:01:06.0747 0x0970 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\Windows\system32\mmcss.dll
23:01:06.0750 0x0970 THREADORDER - ok
23:01:06.0763 0x0970 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
23:01:06.0771 0x0970 TimeBroker - ok
23:01:06.0795 0x0970 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
23:01:06.0799 0x0970 TPM - ok
23:01:06.0813 0x0970 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\Windows\System32\trkwks.dll
23:01:06.0819 0x0970 TrkWks - ok
23:01:06.0876 0x0970 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:01:06.0878 0x0970 TrustedInstaller - ok
23:01:06.0900 0x0970 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:01:06.0902 0x0970 TsUsbFlt - ok
23:01:06.0917 0x0970 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
23:01:06.0919 0x0970 TsUsbGD - ok
23:01:06.0957 0x0970 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:01:06.0960 0x0970 tunnel - ok
23:01:06.0999 0x0970 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:01:07.0001 0x0970 uagp35 - ok
23:01:07.0016 0x0970 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
23:01:07.0018 0x0970 UASPStor - ok
23:01:07.0034 0x0970 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
23:01:07.0037 0x0970 UCX01000 - ok
23:01:07.0072 0x0970 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:01:07.0077 0x0970 udfs - ok
23:01:07.0094 0x0970 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
23:01:07.0095 0x0970 UEFI - ok
23:01:07.0124 0x0970 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:01:07.0127 0x0970 UI0Detect - ok
23:01:07.0142 0x0970 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:01:07.0143 0x0970 uliagpkx - ok
23:01:07.0156 0x0970 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
23:01:07.0157 0x0970 umbus - ok
23:01:07.0166 0x0970 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
23:01:07.0168 0x0970 UmPass - ok
23:01:07.0211 0x0970 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\Windows\System32\umrdp.dll
23:01:07.0220 0x0970 UmRdpService - ok
23:01:07.0241 0x0970 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\Windows\System32\upnphost.dll
23:01:07.0252 0x0970 upnphost - ok
23:01:07.0270 0x0970 [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
23:01:07.0274 0x0970 usbccgp - ok
23:01:07.0308 0x0970 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\Windows\System32\drivers\usbcir.sys
23:01:07.0312 0x0970 usbcir - ok
23:01:07.0333 0x0970 [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci C:\Windows\System32\drivers\usbehci.sys
23:01:07.0335 0x0970 usbehci - ok
23:01:07.0363 0x0970 [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub C:\Windows\System32\drivers\usbhub.sys
23:01:07.0371 0x0970 usbhub - ok
23:01:07.0413 0x0970 [ CFC52C49BEFE4D70D87FFA900EAB9777, 09A2F5D8AB07C3AE3F2B092F4DD7AE5838736CDC263016F188B442B32EC928F8 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
23:01:07.0424 0x0970 USBHUB3 - ok
23:01:07.0443 0x0970 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
23:01:07.0444 0x0970 usbohci - ok
23:01:07.0459 0x0970 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
23:01:07.0460 0x0970 usbprint - ok
23:01:07.0481 0x0970 [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:01:07.0482 0x0970 usbscan - ok
23:01:07.0495 0x0970 [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
23:01:07.0500 0x0970 USBSTOR - ok
23:01:07.0518 0x0970 [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
23:01:07.0519 0x0970 usbuhci - ok
23:01:07.0553 0x0970 [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:01:07.0559 0x0970 usbvideo - ok
23:01:07.0583 0x0970 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
23:01:07.0588 0x0970 USBXHCI - ok
23:01:07.0608 0x0970 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\Windows\system32\lsass.exe
23:01:07.0610 0x0970 VaultSvc - ok
23:01:07.0618 0x0970 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:01:07.0620 0x0970 vdrvroot - ok
23:01:07.0690 0x0970 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\Windows\System32\vds.exe
23:01:07.0735 0x0970 vds - ok
23:01:07.0772 0x0970 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
23:01:07.0776 0x0970 VerifierExt - ok
23:01:07.0803 0x0970 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
23:01:07.0817 0x0970 vhdmp - ok
23:01:07.0834 0x0970 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
23:01:07.0836 0x0970 viaide - ok
23:01:07.0848 0x0970 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:01:07.0850 0x0970 vmbus - ok
23:01:07.0860 0x0970 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
23:01:07.0862 0x0970 VMBusHID - ok
23:01:07.0912 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
23:01:07.0924 0x0970 vmicguestinterface - ok
23:01:07.0937 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
23:01:07.0946 0x0970 vmicheartbeat - ok
23:01:07.0958 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
23:01:07.0966 0x0970 vmickvpexchange - ok
23:01:07.0979 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\Windows\System32\ICSvc.dll
23:01:07.0988 0x0970 vmicrdv - ok
23:01:08.0000 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\Windows\System32\ICSvc.dll
23:01:08.0009 0x0970 vmicshutdown - ok
23:01:08.0022 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\Windows\System32\ICSvc.dll
23:01:08.0031 0x0970 vmictimesync - ok
23:01:08.0043 0x0970 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\Windows\System32\ICSvc.dll
23:01:08.0052 0x0970 vmicvss - ok
23:01:08.0066 0x0970 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:01:08.0069 0x0970 volmgr - ok
23:01:08.0092 0x0970 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:01:08.0100 0x0970 volmgrx - ok
23:01:08.0116 0x0970 [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:01:08.0122 0x0970 volsnap - ok
23:01:08.0153 0x0970 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\Windows\System32\drivers\vpci.sys
23:01:08.0155 0x0970 vpci - ok
23:01:08.0190 0x0970 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:01:08.0194 0x0970 vsmraid - ok
23:01:08.0237 0x0970 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\Windows\system32\vssvc.exe
23:01:08.0293 0x0970 VSS - ok
23:01:08.0317 0x0970 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
23:01:08.0323 0x0970 VSTXRAID - ok
23:01:08.0336 0x0970 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:01:08.0337 0x0970 vwifibus - ok
23:01:08.0351 0x0970 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:08.0353 0x0970 vwififlt - ok
23:01:08.0369 0x0970 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:01:08.0370 0x0970 vwifimp - ok
23:01:08.0413 0x0970 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\Windows\system32\w32time.dll
23:01:08.0425 0x0970 W32Time - ok
23:01:08.0445 0x0970 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
23:01:08.0446 0x0970 WacomPen - ok
23:01:08.0514 0x0970 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\Windows\system32\wbengine.exe
23:01:08.0570 0x0970 wbengine - ok
23:01:08.0602 0x0970 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:01:08.0614 0x0970 WbioSrvc - ok
23:01:08.0630 0x0970 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
23:01:08.0641 0x0970 Wcmsvc - ok
23:01:08.0660 0x0970 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:01:08.0673 0x0970 wcncsvc - ok
23:01:08.0689 0x0970 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:08.0693 0x0970 WcsPlugInService - ok
23:01:08.0730 0x0970 [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
23:01:08.0731 0x0970 WdBoot - ok
23:01:08.0779 0x0970 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:01:08.0795 0x0970 Wdf01000 - ok
23:01:08.0831 0x0970 [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
23:01:08.0837 0x0970 WdFilter - ok
23:01:08.0860 0x0970 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:01:08.0864 0x0970 WdiServiceHost - ok
23:01:08.0870 0x0970 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:01:08.0875 0x0970 WdiSystemHost - ok
23:01:08.0900 0x0970 [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
23:01:08.0903 0x0970 WdNisDrv - ok
23:01:08.0951 0x0970 WdNisSvc - ok
23:01:08.0974 0x0970 [ 6588A957873326361AB1CAC4E76F8394, BE17880CEDCAE5ED3B983443E3777842646A3E48B661422A717656E11F6DBA94 ] WebClient C:\Windows\System32\webclnt.dll
23:01:08.0983 0x0970 WebClient - ok
23:01:08.0998 0x0970 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\Windows\system32\wecsvc.dll
23:01:09.0005 0x0970 Wecsvc - ok
23:01:09.0018 0x0970 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
23:01:09.0022 0x0970 WEPHOSTSVC - ok
23:01:09.0027 0x0970 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:01:09.0032 0x0970 wercplsupport - ok
23:01:09.0052 0x0970 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\Windows\System32\WerSvc.dll
23:01:09.0059 0x0970 WerSvc - ok
23:01:09.0092 0x0970 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
23:01:09.0095 0x0970 WFPLWFS - ok
23:01:09.0131 0x0970 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\Windows\System32\wiarpc.dll
23:01:09.0136 0x0970 WiaRpc - ok
23:01:09.0156 0x0970 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:01:09.0157 0x0970 WIMMount - ok
23:01:09.0159 0x0970 WinDefend - ok
23:01:09.0217 0x0970 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
23:01:09.0235 0x0970 WinHttpAutoProxySvc - ok
23:01:09.0295 0x0970 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:01:09.0301 0x0970 Winmgmt - ok
23:01:09.0391 0x0970 [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM C:\Windows\system32\WsmSvc.dll
23:01:09.0461 0x0970 WinRM - ok
23:01:09.0522 0x0970 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:01:09.0524 0x0970 WinUSB - ok
23:01:09.0593 0x0970 [ EF252510DB6C3511E30418BD2AC95A2D, 75B496F5C611129D9D19B382503830FDB0E2E61D4880D2821AE381DF578C5E56 ] WlanSvc C:\Windows\System32\wlansvc.dll
23:01:09.0638 0x0970 WlanSvc - ok
23:01:09.0697 0x0970 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\Windows\system32\wlidsvc.dll
23:01:09.0742 0x0970 wlidsvc - ok
23:01:09.0772 0x0970 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
23:01:09.0773 0x0970 WmiAcpi - ok
23:01:09.0816 0x0970 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:01:09.0827 0x0970 wmiApSrv - ok
23:01:09.0827 0x1744 Object required for P2P: [ E0EF6C1399A9B1AAA0B28590411BED04 ] MEIx64
23:01:09.0860 0x0970 WMPNetworkSvc - ok
23:01:09.0904 0x0970 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
23:01:09.0908 0x0970 Wof - ok
23:01:09.0980 0x0970 [ 5071E71CC05346D88C5A08EB8B5A05E3, EA2B14130EDD1846B2E25D310B0D49253CFB43C22D3DC7B3179DF7349CC4AEFB ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
23:01:10.0024 0x0970 workfolderssvc - ok
23:01:10.0057 0x0970 [ C1F564F324685C088ECAB1933576CF91, 022F0EC160352AB73AF7DA557D1A5798964231B82C556F22F4163E8B3E4088B2 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
23:01:10.0059 0x0970 wpcfltr - ok
23:01:10.0089 0x0970 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:01:10.0093 0x0970 WPCSvc - ok
23:01:10.0109 0x0970 [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:01:10.0114 0x0970 WPDBusEnum - ok
23:01:10.0129 0x0970 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
23:01:10.0131 0x0970 WpdUpFltr - ok
23:01:10.0184 0x0970 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:01:10.0185 0x0970 ws2ifsl - ok
23:01:10.0219 0x0970 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\Windows\System32\wscsvc.dll
23:01:10.0255 0x0970 wscsvc - ok
23:01:10.0258 0x0970 WSearch - ok
23:01:10.0354 0x0970 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\Windows\System32\WSService.dll
23:01:10.0444 0x0970 WSService - ok
23:01:10.0556 0x0970 [ 7E609FBF50774CC5A239420FE34EBB9C, 69B643B11717D51BC5D3F1CDE47D4C9E198AB8D9160C852DBE9B940E40AD8A57 ] wuauserv C:\Windows\system32\wuaueng.dll
23:01:10.0646 0x0970 wuauserv - ok
23:01:10.0682 0x0970 [ 2FEAE33E9B2B56104596E1BA444405A9, 0A142F50E06F6224B9CB36B3CE62BE0B36DE8B8DB9F9E05D287DFB884CC7826E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:01:10.0685 0x0970 WudfPf - ok
23:01:10.0710 0x0970 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
23:01:10.0716 0x0970 WUDFRd - ok
23:01:10.0733 0x0970 [ BB73CBC65AABC4EA0A5C6A1474A0A743, D644B3C6A7202CADDADB3B68FE1B2A7C76B023FE58F667EED4D538C1F4A65D64 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:01:10.0739 0x0970 wudfsvc - ok
23:01:10.0746 0x0970 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:10.0750 0x0970 WUDFWpdFs - ok
23:01:10.0756 0x0970 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:10.0760 0x0970 WUDFWpdMtp - ok
23:01:10.0791 0x0970 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\Windows\System32\wwansvc.dll
23:01:10.0805 0x0970 WwanSvc - ok
23:01:10.0864 0x0970 [ 86B8B1F5C1189D68B07666784BE882FE, 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
23:01:10.0871 0x0970 ZAtheros Bt and Wlan Coex Agent - ok
23:01:10.0886 0x0970 ================ Scan global ===============================
23:01:10.0933 0x0970 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
23:01:10.0962 0x0970 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
23:01:10.0994 0x0970 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
23:01:11.0046 0x0970 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
23:01:11.0055 0x0970 [ Global ] - ok
23:01:11.0055 0x0970 ================ Scan MBR ==================================
23:01:11.0065 0x0970 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
23:01:11.0070 0x0970 \Device\Harddisk0\DR0 - ok
23:01:11.0070 0x0970 ================ Scan VBR ==================================
23:01:11.0073 0x0970 [ BEA05B48D9AF9E855B5E02C08D07ADB0 ] \Device\Harddisk0\DR0\Partition1
23:01:11.0079 0x0970 \Device\Harddisk0\DR0\Partition1 - ok
23:01:11.0098 0x0970 [ B1887DFACAD3441F7902CDB0B7D238A9 ] \Device\Harddisk0\DR0\Partition2
23:01:11.0106 0x0970 \Device\Harddisk0\DR0\Partition2 - ok
23:01:11.0121 0x0970 [ 68B925D4145038CE8C678CF65A540867 ] \Device\Harddisk0\DR0\Partition3
23:01:11.0122 0x0970 \Device\Harddisk0\DR0\Partition3 - ok
23:01:11.0130 0x0970 [ F9835B280F18BF49BD40F778D87DEE6B ] \Device\Harddisk0\DR0\Partition4
23:01:11.0143 0x0970 \Device\Harddisk0\DR0\Partition4 - ok
23:01:11.0177 0x0970 [ 25A8179E4D85D62DE8D0471443BE39AB ] \Device\Harddisk0\DR0\Partition5
23:01:11.0194 0x0970 \Device\Harddisk0\DR0\Partition5 - ok
23:01:11.0195 0x0970 ================ Scan generic autorun ======================
23:01:11.0239 0x0970 [ 33ECE216B2B85850BD00CAD23046C200, 36B5915C213DA22B92C615E944195D628F5A2243969EF7810EC3739EA5655F2A ] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
23:01:11.0242 0x0970 DptfPolicyLpmServiceHelper - ok
23:01:11.0279 0x0970 [ CFF4C979AA720C73EC93918D9730B9E9, 0DC04ACD258DD5FC4A7EA81AC3F8876675424EC35F7ECB996B7C132BAB430A33 ] C:\WINDOWS\system32\igfxtray.exe
23:01:11.0288 0x0970 IgfxTray - ok
23:01:11.0314 0x0970 [ 4B9D449ED9880477DEFBA85D512E05F9, B50C589A1F8953617FAD961363CA3538F6C0539FA06D7FAA2EA88320410C7F43 ] C:\WINDOWS\system32\hkcmd.exe
23:01:11.0331 0x0970 HotKeysCmds - ok
23:01:11.0357 0x0970 [ 2498449B5CA65A640125164EE0019B14, F4EF4EA34A656984C83DB3BFCD8390ACD76C922A1C253335104C31D371EEDA17 ] C:\WINDOWS\system32\igfxpers.exe
23:01:11.0373 0x0970 Persistence - ok
23:01:11.0763 0x0970 [ 637C513A8A3FFBB3AA05FAFAC3F9174D, 5BFE633BE091A1BCED55AB2E99A6FEB92B7166921249BFB4B05386EA3856B735 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:01:12.0061 0x0970 RTHDVCPL - ok
23:01:12.0110 0x0970 [ F66CE44D86EA704B31BED2BF2BEDDF75, EC0B3AB0B2011B718299BFF743A28117A3436E9431B6F31CF34416D68AAF1B56 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:01:12.0143 0x0970 RtHDVBg - ok
23:01:12.0170 0x0970 Nvtmru - ok
23:01:12.0265 0x0970 [ 436A83E5555A8449B9BFBE1AAB314654, DE956310B2EF80B43399E63E309E659018879942EBBA5063B9A366C2314E8158 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:01:12.0296 0x0970 NvBackend - ok
23:01:12.0349 0x0970 [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
23:01:12.0352 0x0970 Classic Start Menu - ok
23:01:12.0462 0x0970 [ 2362B857693DA580E04ECE28F7D67E7E, EABF4B6502A06B94D07E25D78D8CEF8862B7FE5D117F7F145268B95688A02E62 ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
23:01:12.0548 0x0970 ASUSPRP - ok
23:01:12.0692 0x0970 [ 26AFC1F16494FFE66F2197153B342A27, 817436E38F832500E120F196941F2F8392B192262E16D5E52CD5DFAC34749C15 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:01:12.0746 0x0970 AvastUI.exe - ok
23:01:12.0863 0x0970 [ D1A8E603EC38F299B29EA5DBF05F7AC1, 386B80157268A55F40CF9C80DF5D805EB9138883F3B5048ED2A7F796FB56EAFD ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
23:01:12.0914 0x0970 LogMeIn Hamachi Ui - ok
23:01:12.0970 0x0970 [ E350385CF8113BE4A1D5ABEFC2B0F04C, CCE22F609274A1782F9EA563E5841786AAD142C246698648A8710C113073BFC1 ] C:\Program Files (x86)\EMET 4.1\EMET_agent.exe
23:01:12.0971 0x0970 EMET Agent - ok
23:01:12.0972 0x0970 Waiting for KSN requests completion. In queue: 277
23:01:13.0541 0x1744 Object send P2P result: true
23:01:13.0972 0x0970 Waiting for KSN requests completion. In queue: 106
23:01:14.0973 0x0970 Waiting for KSN requests completion. In queue: 106
23:01:16.0058 0x0970 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
23:01:16.0066 0x0970 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
23:01:16.0067 0x0970 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41010 ( enabled )
23:01:18.0522 0x0970 ============================================================
23:01:18.0522 0x0970 Scan finished
23:01:18.0522 0x0970 ============================================================
23:01:18.0528 0x0f6c Detected object count: 0
23:01:18.0528 0x0f6c Actual detected object count: 0
23:01:48.0937 0x0578 KLMD registered as C:\Windows\system32\drivers\73687819.sys
23:01:49.0778 0x0578 Deinitialize success
 PS: Würde es mir vielleicht weniger Arbeit bescherren wenn ich die Resetfunktion bei Windows 8 nutze. Naja solange der Bios nicht befallen ist kann man dadurch doch auch den "Viehern den Saft abdrehen", oder? |
|
09.07.2014, 07:07
| #2 |
| /// the machine /// TB-Ausbilder    | Dropper- und Trojanerfund durch avast und malware bytes hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.07.2014, 09:30
| #3 |
| | Dropper- und Trojanerfund durch avast und malware bytes frst
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by ...... (ATTENTION: The logged in user is not administrator) on ......PC on 09-07-2014 08:22:52 Running from C:\Users\......\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-29] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.) HKLM-x32\...\Run: [EMET Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-12] (Microsoft Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] ( (Atheros Communications)) HKU\S-1-5-21-2245838751-742312130-2388482474-1002\...\MountPoints2: {5c8fe0b5-e111-11e3-be97-240a646972a8} - "D:\AutoRun.exe" HKU\S-1-5-21-2245838751-742312130-2388482474-1002\...\MountPoints2: {8b0beb88-e8aa-11e3-be99-001e101f1644} - "D:\AutoRun.exe" HKU\S-1-5-21-2245838751-742312130-2388482474-1002\...\MountPoints2: {962e5970-dd10-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" HKU\S-1-5-21-2245838751-742312130-2388482474-1002\...\MountPoints2: {a6ee66ce-ea59-11e3-be9b-001e101f3209} - "D:\AutoRun.exe" ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicyUsers\S-1-5-21-2245838751-742312130-2388482474-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {5DEF82FF-896B-440B-A950-65918429C723} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKCU - {6BC5FF23-8B20-4EB6-B0E6-CDE31292C42A} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{9F07244D-7427-439B-95FB-32926EF0840D}: [NameServer]213.162.69.170 213.162.69.2 Tcpip\..\Interfaces\{B857F7ED-0985-4E7C-95F4-11FBF6CD5111}: [NameServer]213.162.69.170 213.162.69.2 Tcpip\..\Interfaces\{DCCC6BCF-D2E9-413D-A111-815E6C12B145}: [NameServer]213.162.69.1 213.162.69.169 FireFox: ======== FF ProfilePath: C:\Users\......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default FF Homepage: hxxp://www.orf.at/ FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HTTPS-Everywhere - C:\Users\......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default\Extensions\https-everywhere@eff.org [2014-06-16] FF Extension: Disconnect - C:\Users\......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default\Extensions\2.0@disconnect.me.xpi [2014-06-16] FF Extension: BetterPrivacy - C:\Users\......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-07-08] FF Extension: Adblock Edge - C:\Users\......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (SNT) - C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpkpegjnbjbkkiehpkfhodbgnikjmfdm [2014-05-15] CHR Extension: (DeskSMS Send and Receive Texts Messages) - C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfdmgcfldfkehdgoancleciikdlnf [2014-05-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-29] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-29] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-29] (AVAST Software) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2013-12-20] () [File not signed] R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-16] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-29] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-29] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-29] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-29] (AVAST Software) S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-16] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-29] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-05] () S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-22] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2013-12-20] (Huawei Technologies Co., Ltd.) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-02-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-16] (Microsoft Corporation) S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\......\AppData\Roaming\AVAST Software 2014-07-09 08:22 - 2014-07-09 08:23 - 00015030 _____ () C:\Users\......\Downloads\FRST.txt 2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\......\Downloads\FRST64.exe 2014-07-09 08:22 - 2014-07-09 08:22 - 00000000 ____D () C:\FRST 2014-07-09 00:06 - 2014-02-19 11:57 - 93612840 _____ (GOG.com ) C:\Users\......\Downloads\setup_banished_2.0.0.3.exe 2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 ____D () C:\Users\Admin 2014-07-08 21:55 - 2014-07-08 21:56 - 00002183 _____ () C:\Users\......\Desktop\malwarebytes.txt 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\......\Downloads\hitmanpro_x64.exe 2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\......\Downloads\avira_pc_cleaner_de.exe 2014-07-08 20:56 - 2014-07-08 20:57 - 01889616 _____ (SurfRight B.V.) C:\Users\......\Downloads\hmpalert.exe 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\......\AppData\Local\Secunia PSI 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-04 23:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-04 23:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-04 23:18 - 2014-07-04 23:23 - 00000000 ____D () C:\AdwCleaner 2014-07-04 23:10 - 2014-07-05 09:26 - 00000000 ____D () C:\Users\......\Downloads\Malwaretools 2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT 2014-07-04 22:20 - 2014-07-08 22:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 22:20 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 22:20 - 2014-07-04 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-04 22:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 22:07 - 2014-07-04 22:07 - 00083427 _____ () C:\Users\......\Desktop\ht.txt 2014-07-04 22:02 - 2014-07-04 22:02 - 00085697 _____ () C:\Users\......\Desktop\Gmer.txt 2014-07-04 21:53 - 2014-07-04 21:53 - 718638958 _____ () C:\Windows\MEMORY.DMP 2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\......\Downloads\OTL.Txt 2014-07-04 16:24 - 2014-07-04 17:00 - 1017118720 _____ () C:\Users\......\Downloads\ubuntu-14.04-desktop-i386.iso 2014-07-04 15:54 - 2014-07-04 22:50 - 00001590 _____ () C:\Windows\setupact.log 2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\......\Desktop\Anno 1404 - Venice.lnk 2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\......\Desktop\Anno1404.lnk 2014-07-04 13:40 - 2014-07-09 00:09 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-04 00:25 - 2014-07-04 00:26 - 00018511 _____ () C:\Windows\DirectX.log 2014-07-03 23:58 - 2014-07-04 00:48 - 00000000 ____D () C:\Users\......\Downloads\venedig 2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\......\AppData\Roaming\WinRAR 2014-07-03 23:34 - 2014-07-09 00:06 - 00000000 ____D () C:\Users\......\Downloads\Anno Venedig 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1 2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\......\AppData\Roaming\QuickScan 2014-07-02 22:39 - 2014-07-02 22:41 - 00000000 ____D () C:\Users\......\Downloads\LibreOfficePortable 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\......\AppData\Roaming\NVIDIA 2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\......\Desktop\Minecraft.exe 2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-30 00:04 - 2014-07-08 23:34 - 00028092 _____ () C:\Windows\PFRO.log 2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\system32\NV 2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-06-29 23:53 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-06-29 23:53 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2014-06-29 23:49 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\LastGood 2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-29 23:46 - 2014-06-29 23:47 - 29677544 _____ (Mozilla) C:\Users\......\Downloads\Firefox Setup 30.0.exe 2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-06-29 23:30 - 2014-06-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-29 23:29 - 2014-07-04 13:33 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-29 23:29 - 2014-06-29 23:33 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578 2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\......\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell 2014-06-29 21:48 - 2014-07-09 07:36 - 00873865 _____ () C:\Windows\WindowsUpdate.log 2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\......\AppData\Roaming\LibreOffice 2014-06-17 21:24 - 2014-06-17 21:26 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-06-17 16:51 - 2014-06-17 16:52 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\......\AppData\Local\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\......\AppData\Local\Avg2014 2014-06-16 21:14 - 2014-06-29 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle 2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys 2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687 2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687 2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-16 09:30 - 2014-05-27 18:12 - 00918952 _____ (Oracle Corporation) C:\Users\......\Downloads\jxpiinstall.exe 2014-06-16 08:56 - 2014-06-29 22:49 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-06-12 13:18 - 2014-06-12 13:18 - 00000000 ____D () C:\Users\......\AppData\Roaming\java 2014-06-11 20:04 - 2014-06-29 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery 2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Intelore 2014-06-10 13:19 - 2014-06-10 13:19 - 06869696 _____ (IvoSoft) C:\Users\......\Downloads\ClassicShellSetup_4_1_0-de.exe 2014-06-09 16:26 - 2014-06-09 16:48 - 2463242240 _____ () C:\Users\......\Downloads\win7 homeprem32.iso ==================== One Month Modified Files and Folders ======= 2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\......\AppData\Roaming\AVAST Software 2014-07-09 08:23 - 2014-07-09 08:22 - 00015030 _____ () C:\Users\......\Downloads\FRST.txt 2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\......\Downloads\FRST64.exe 2014-07-09 08:22 - 2014-07-09 08:22 - 00000000 ____D () C:\FRST 2014-07-09 08:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-07-09 07:36 - 2014-06-29 21:48 - 00873865 _____ () C:\Windows\WindowsUpdate.log 2014-07-09 07:29 - 2014-04-26 20:25 - 00000000 ____D () C:\Users\......\AppData\Roaming\.minecraft 2014-07-09 00:41 - 2013-12-20 16:14 - 00000000 ____D () C:\Users\......\AppData\Roaming\ClassicShell 2014-07-09 00:09 - 2014-07-04 13:40 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-09 00:09 - 2014-03-18 11:25 - 00773008 _____ () C:\Windows\system32\perfh007.dat 2014-07-09 00:09 - 2014-03-18 11:25 - 00162310 _____ () C:\Windows\system32\perfc007.dat 2014-07-09 00:06 - 2014-07-03 23:34 - 00000000 ____D () C:\Users\......\Downloads\Anno Venedig 2014-07-09 00:05 - 2014-04-25 22:30 - 00000000 ____D () C:\Users\......\AppData\Local\LogMeIn Hamachi 2014-07-09 00:05 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 ____D () C:\Users\Admin 2014-07-08 23:35 - 2014-05-16 18:19 - 00000660 __RSH () C:\Users\......\ntuser.pol 2014-07-08 23:35 - 2014-05-16 17:53 - 00000000 ____D () C:\Users\...... 2014-07-08 23:34 - 2014-06-30 00:04 - 00028092 _____ () C:\Windows\PFRO.log 2014-07-08 23:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Vss 2014-07-08 22:59 - 2014-07-04 22:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-08 21:56 - 2014-07-08 21:55 - 00002183 _____ () C:\Users\......\Desktop\malwarebytes.txt 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\......\Downloads\hitmanpro_x64.exe 2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\......\Downloads\avira_pc_cleaner_de.exe 2014-07-08 20:57 - 2014-07-08 20:56 - 01889616 _____ (SurfRight B.V.) C:\Users\......\Downloads\hmpalert.exe 2014-07-06 17:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-06 17:46 - 2013-12-20 15:53 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-05 09:26 - 2014-07-04 23:10 - 00000000 ____D () C:\Users\......\Downloads\Malwaretools 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\......\AppData\Local\Secunia PSI 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 23:23 - 2014-07-04 23:18 - 00000000 ____D () C:\AdwCleaner 2014-07-04 23:23 - 2014-05-17 22:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT 2014-07-04 22:50 - 2014-07-04 15:54 - 00001590 _____ () C:\Windows\setupact.log 2014-07-04 22:30 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-04 22:07 - 2014-07-04 22:07 - 00083427 _____ () C:\Users\......\Desktop\ht.txt 2014-07-04 22:02 - 2014-07-04 22:02 - 00085697 _____ () C:\Users\......\Desktop\Gmer.txt 2014-07-04 21:53 - 2014-07-04 21:53 - 718638958 _____ () C:\Windows\MEMORY.DMP 2014-07-04 21:53 - 2014-05-18 18:16 - 00000000 ____D () C:\Windows\Minidump 2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\......\Downloads\OTL.Txt 2014-07-04 17:00 - 2014-07-04 16:24 - 1017118720 _____ () C:\Users\......\Downloads\ubuntu-14.04-desktop-i386.iso 2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\......\Desktop\Anno 1404 - Venice.lnk 2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\......\Desktop\Anno1404.lnk 2014-07-04 13:33 - 2014-06-29 23:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-04 00:48 - 2014-07-03 23:58 - 00000000 ____D () C:\Users\......\Downloads\venedig 2014-07-04 00:35 - 2014-01-01 21:51 - 00000000 ____D () C:\Users\......\AppData\Roaming\Ubisoft 2014-07-04 00:29 - 2014-01-25 21:52 - 00000000 ____D () C:\ProgramData\Solidshield 2014-07-04 00:28 - 2013-07-19 16:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-04 00:26 - 2014-07-04 00:25 - 00018511 _____ () C:\Windows\DirectX.log 2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\......\AppData\Roaming\WinRAR 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1 2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\......\AppData\Roaming\QuickScan 2014-07-02 22:41 - 2014-07-02 22:39 - 00000000 ____D () C:\Users\......\Downloads\LibreOfficePortable 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\......\AppData\Roaming\NVIDIA 2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\......\Desktop\Minecraft.exe 2014-07-01 13:32 - 2014-01-18 11:29 - 00000000 ____D () C:\ProgramData\Origin 2014-07-01 13:24 - 2014-01-18 11:29 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\system32\NV 2014-06-30 15:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-29 23:57 - 2014-01-04 14:08 - 00000000 ____D () C:\Users\......\AppData\Local\NVIDIA Corporation 2014-06-29 23:57 - 2014-01-04 14:05 - 00000000 ____D () C:\Users\......\AppData\Local\NVIDIA 2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-06-29 23:54 - 2014-06-29 23:49 - 00000000 ____D () C:\Windows\LastGood 2014-06-29 23:54 - 2014-05-16 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-29 23:47 - 2014-06-29 23:46 - 29677544 _____ (Mozilla) C:\Users\......\Downloads\Firefox Setup 30.0.exe 2014-06-29 23:40 - 2014-04-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-06-29 23:40 - 2014-01-31 22:30 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-06-29 23:34 - 2014-06-29 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-29 23:33 - 2014-06-29 23:29 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578 2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\......\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk 2014-06-29 23:18 - 2013-04-26 01:17 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-06-29 23:18 - 2012-07-26 11:43 - 00000000 ____D () C:\Windows\en-GB 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell 2014-06-29 22:49 - 2014-06-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle 2014-06-29 22:49 - 2014-06-16 08:56 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-06-29 22:49 - 2014-06-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery 2014-06-29 22:49 - 2014-05-16 19:19 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-06-29 22:49 - 2014-05-16 17:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-06-29 22:49 - 2014-01-31 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\security 2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help 2014-06-29 22:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-06-29 22:49 - 2013-07-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite 2014-06-29 22:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration 2014-06-29 22:35 - 2014-05-15 21:47 - 00000000 ____D () C:\Users\......\AppData\Local\Mozilla 2014-06-29 22:35 - 2013-12-17 21:12 - 00000000 ____D () C:\Users\......\AppData\Local\Packages 2014-06-29 22:34 - 2014-01-19 17:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-29 18:56 - 2014-02-07 17:41 - 00000000 ____D () C:\Users\......\Desktop\Mods 2014-06-29 17:25 - 2014-06-03 15:16 - 00000000 ____D () C:\Users\......\Documents\Battlefield 3 2014-06-29 17:25 - 2014-03-15 19:57 - 00000000 ____D () C:\Users\......\Documents\!DOKUMENTE! 2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\......\AppData\Roaming\LibreOffice 2014-06-17 21:26 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-06-17 16:52 - 2014-06-17 16:51 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\......\AppData\Local\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\......\AppData\Local\Avg2014 2014-06-16 22:17 - 2014-05-07 22:55 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-16 22:17 - 2014-04-28 20:08 - 00000000 ____D () C:\Users\......\AppData\Local\Android 2014-06-16 22:16 - 2014-05-18 21:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys 2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687 2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687 2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-16 09:24 - 2013-04-26 01:16 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-06-16 08:56 - 2014-05-16 17:45 - 00153969 _____ () C:\Windows\system32\Drivers\RTWAVES30.dat 2014-06-12 13:18 - 2014-06-12 13:18 - 00000000 ____D () C:\Users\......\AppData\Roaming\java 2014-06-11 20:04 - 2014-06-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Intelore 2014-06-10 13:24 - 2013-04-26 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2014-06-10 13:19 - 2014-06-10 13:19 - 06869696 _____ (IvoSoft) C:\Users\......\Downloads\ClassicShellSetup_4_1_0-de.exe 2014-06-09 21:30 - 2014-05-16 19:57 - 00000000 ____D () C:\Users\......\AppData\Local\Windows Live 2014-06-09 16:48 - 2014-06-09 16:26 - 2463242240 _____ () C:\Users\......\Downloads\win7 homeprem32.iso Files to move or delete: ==================== C:\Users\......\AppData\Roaming\Camdata.ini C:\Users\......\AppData\Roaming\CamLayout.ini C:\Users\......\AppData\Roaming\CamShapes.ini C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS C:\Users\......\.gdocs.dat Some content of TEMP: ==================== C:\Users\......\AppData\Local\Temp\hitmanpro_x64.exe C:\Users\......\AppData\Local\Temp\Quarantine.exe C:\Users\......\AppData\Local\Temp\ubi26D9.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by ........ at 2014-07-09 08:23:37
Running from C:\Users\........\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Anno 1404 Modification Manager (HKLM-x32\...\Anno 1404 Modification Manager) (Version: 4.2.0.0 - Corona Development)
Anno 1404 Modification Manager (x32 Version: 4.2.0.0 - Corona Development) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - )
ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Banished (HKLM-x32\...\GOGPACKBANISHED_is1) (Version: 2.0.0.3 - GOG.com)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MegaTrainer eXperience V1.1.0.4 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version: - )
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.003.28.00.152 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
SuperTux Version 0.3.4 (HKLM-x32\...\{5095BBEC-9A2F-4DA1-B5EF-511C728A2FF6}_is1) (Version: 0.3.4 - SuperTux Development Team)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
==================== Loaded Modules (whitelisted) =============
2013-04-24 17:09 - 2013-04-24 17:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-24 17:07 - 2013-04-24 17:07 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00114176 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00028672 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2013-06-12 15:53 - 2013-06-12 15:53 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00023040 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00042496 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2013-04-24 17:12 - 2013-04-24 17:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\........\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81239427.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81239427.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
HKLM\...\StartupApproved\Run: => "DptfPolicyLpmServiceHelper"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== Faulty Device Manager Devices =============
Name: Intel(R) Display-Audio
Description: Intel(R) Display-Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (07/09/2014 00:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Name des fehlerhaften Moduls: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000005d239
ID des fehlerhaften Prozesses: 0x900
Startzeit der fehlerhaften Anwendung: 0xHeciServer.exe0
Pfad der fehlerhaften Anwendung: HeciServer.exe1
Pfad des fehlerhaften Moduls: HeciServer.exe2
Berichtskennung: HeciServer.exe3
Vollständiger Name des fehlerhaften Pakets: HeciServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HeciServer.exe5
Error: (07/08/2014 11:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Name des fehlerhaften Moduls: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000005d239
ID des fehlerhaften Prozesses: 0x92c
Startzeit der fehlerhaften Anwendung: 0xHeciServer.exe0
Pfad der fehlerhaften Anwendung: HeciServer.exe1
Pfad des fehlerhaften Moduls: HeciServer.exe2
Berichtskennung: HeciServer.exe3
Vollständiger Name des fehlerhaften Pakets: HeciServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HeciServer.exe5
Error: (07/06/2014 11:48:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AutoRun.exe_AutoRun, Version: 2.0.0.42, Zeitstempel: 0x4ce28921
Name des fehlerhaften Moduls: AutoRun.exe, Version: 2.0.0.42, Zeitstempel: 0x4ce28921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000068b9
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xAutoRun.exe_AutoRun0
Pfad der fehlerhaften Anwendung: AutoRun.exe_AutoRun1
Pfad des fehlerhaften Moduls: AutoRun.exe_AutoRun2
Berichtskennung: AutoRun.exe_AutoRun3
Vollständiger Name des fehlerhaften Pakets: AutoRun.exe_AutoRun4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AutoRun.exe_AutoRun5
Error: (07/05/2014 09:25:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/05/2014 08:59:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/04/2014 11:54:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/04/2014 11:54:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/04/2014 11:41:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/04/2014 11:36:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/04/2014 11:36:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (07/09/2014 00:06:34 AM) (Source: DCOM) (EventID: 10010) (User: ........PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/09/2014 00:05:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/09/2014 00:05:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/09/2014 00:05:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/09/2014 00:05:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Error: (07/08/2014 11:36:55 PM) (Source: DCOM) (EventID: 10010) (User: ........PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/08/2014 11:35:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/08/2014 11:35:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/08/2014 11:35:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/08/2014 11:35:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Microsoft Office Sessions:
=========================
Error: (07/09/2014 00:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HeciServer.exe1.28.487.1518e67a1HeciServer.exe1.28.487.1518e67a140000015000000000005d23990001cf9af8b2f48699C:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Intel\iCLS Client\HeciServer.exef996ae9b-06eb-11e4-bebd-240a646972a8
Error: (07/08/2014 11:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HeciServer.exe1.28.487.1518e67a1HeciServer.exe1.28.487.1518e67a140000015000000000005d23992c01cf9af47c8d2f69C:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Intel\iCLS Client\HeciServer.exec3341e02-06e7-11e4-bebc-240a646972a8
Error: (07/06/2014 11:48:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoRun.exe_AutoRun2.0.0.424ce28921AutoRun.exe2.0.0.424ce28921c0000005000068b971c01cf98ff614dffe3D:\AutoRun.exeD:\AutoRun.exea106ad80-04f2-11e4-bebb-240a646972a8
Error: (07/05/2014 09:25:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/05/2014 08:59:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/04/2014 11:54:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/04/2014 11:54:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/04/2014 11:41:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/04/2014 11:36:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
Error: (07/04/2014 11:36:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\........\Downloads\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-05-16 22:02:11.341
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:11.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:11.185
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:11.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.919
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.763
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-16 22:02:10.654
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8075.22 MB
Available physical RAM: 6306.78 MB
Total Pagefile: 16267.22 MB
Available Pagefile: 14451.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:444.45 GB) (Free:299.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (anno) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
10.07.2014, 09:01
| #4 |
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytes hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2014, 23:02
| #5 |
| | Dropper- und Trojanerfund durch avast und malware bytes Ich glaub er 'meckert' Ha alles wie gesagt gemacht aber combofix sagt: not meant to run in compatibility mode. ?? |
|
11.07.2014, 13:51
| #6 |
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytes Mein Fehler. Combofix geht hier nicht. Alle anderen Tools bitte immer mit Adminrechten starten. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Dropper- und Trojanerfund durch avast und malware bytes |
|
12.07.2014, 11:42
| #7 |
| | Dropper- und Trojanerfund durch avast und malware bytes mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.07.2014 Suchlauf-Zeit: 11:48:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.12.01 Rootkit Datenbank: v2014.07.09.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 332388 Verstrichene Zeit: 10 Min, 1 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 12/07/2014 um 11:19:36
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Admin - NICOLASPC
# Gestartet von : C:\Users\Marcel\Downloads\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6inlgg9z.default\prefs.js ]
[ Datei : C:\Users\.......\AppData\Roaming\Mozilla\Firefox\Profiles\mvta7r0w.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [7600 octets] - [04/07/2014 23:18:56]
AdwCleaner[R1].txt - [1115 octets] - [12/07/2014 11:18:32]
AdwCleaner[S0].txt - [7746 octets] - [04/07/2014 23:23:40]
AdwCleaner[S1].txt - [1039 octets] - [12/07/2014 11:19:36]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1099 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Admin on 12.07.2014 at 12:15:38,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2245838751-742312130-2388482474-1006\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2014 at 12:21:39,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Admin (administrator) on ........PC on 12-07-2014 12:36:34
Running from C:\Users\Admin\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Thisisu) C:\Users\Admin\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-29] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKLM-x32\...\Run: [EMET Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] ( (Atheros Communications))
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-2245838751-742312130-2388482474-1002\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9F07244D-7427-439B-95FB-32926EF0840D}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{B857F7ED-0985-4E7C-95F4-11FBF6CD5111}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{DCCC6BCF-D2E9-413D-A111-815E6C12B145}: [NameServer]213.162.69.1 213.162.69.169
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6inlgg9z.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-29] (AVAST Software)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2013-12-20] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-16] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-29] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-29] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-29] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-16] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-29] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-05] ()
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-22] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2013-12-20] (Huawei Technologies Co., Ltd.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-02-05] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-16] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\........\AppData\Roaming\AVAST Software
2014-07-12 12:36 - 2014-07-12 12:36 - 02084864 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-12 12:36 - 2014-07-12 12:36 - 00013818 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-12 12:21 - 2014-07-12 12:21 - 00001341 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ClassicShell
2014-07-12 12:14 - 2014-07-12 12:14 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-07-12 12:08 - 2014-07-12 12:09 - 00000000 ____D () C:\AdwCleaner
2014-07-12 12:07 - 2014-07-12 12:07 - 01348263 _____ () C:\Users\Admin\Desktop\adwcleaner_3.215.exe
2014-07-12 11:59 - 2014-07-12 11:59 - 00001145 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-07-12 11:36 - 2014-07-12 11:36 - 00001143 _____ () C:\Users\........\Desktop\mbam.txt
2014-07-12 11:19 - 2014-07-12 11:19 - 00001177 _____ () C:\Users\Admin\Desktop\AdwCleaner[S1].txt
2014-07-12 11:18 - 2014-07-12 11:19 - 00001115 _____ () C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2014-07-12 11:18 - 2014-07-12 11:18 - 01348263 _____ () C:\Users\........\Downloads\adwcleaner_3.215.exe
2014-07-11 00:05 - 2014-07-11 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2014-07-11 00:05 - 2014-07-11 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-07-10 23:37 - 2014-07-12 12:23 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245838751-742312130-2388482474-1006
2014-07-10 23:36 - 2014-07-10 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2014-07-10 23:36 - 2014-07-10 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\Documents\Bluetooth Folder
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Atheros
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\BMExplorer
2014-07-10 23:31 - 2014-07-10 23:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2014-07-10 23:31 - 2014-07-10 23:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-07-10 23:19 - 2014-07-10 23:19 - 05217324 _____ (Swearware) C:\Users\........\Desktop\ComboFix.exe
2014-07-09 10:03 - 2014-07-09 10:03 - 00000000 ____D () C:\Users\........\Desktop\Neuer Ordner
2014-07-09 08:23 - 2014-07-09 08:23 - 00032074 _____ () C:\Users\........\Downloads\Addition.txt
2014-07-09 08:22 - 2014-07-12 12:36 - 00000000 ____D () C:\FRST
2014-07-09 08:22 - 2014-07-09 08:23 - 00045340 _____ () C:\Users\........\Downloads\FRST.txt
2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\........\Desktop\FRST64.exe
2014-07-09 00:06 - 2014-02-19 11:57 - 93612840 _____ (GOG.com ) C:\Users\........\Downloads\setup_banished_2.0.0.3.exe
2014-07-08 23:41 - 2014-07-12 11:18 - 00000000 ____D () C:\Users\Admin
2014-07-08 23:41 - 2014-07-08 23:41 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Vorlagen
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Startmenü
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Netzwerkumgebung
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Lokale Einstellungen
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Eigene Dateien
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Druckumgebung
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Documents\Eigene Musik
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Documents\Eigene Bilder
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Local\Verlauf
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Local\Anwendungsdaten
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Anwendungsdaten
2014-07-08 23:41 - 2014-05-16 19:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-07-08 23:41 - 2014-05-16 18:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-08 23:41 - 2014-03-18 12:31 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-08 23:41 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-08 23:41 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-08 23:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-08 23:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\........\Downloads\hitmanpro_x64.exe
2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\........\Downloads\avira_pc_cleaner_de.exe
2014-07-08 20:56 - 2014-07-08 20:57 - 01889616 _____ (SurfRight B.V.) C:\Users\........\Downloads\hmpalert.exe
2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\........\AppData\Local\Secunia PSI
2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 23:34 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 23:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 23:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-04 23:10 - 2014-07-05 09:26 - 00000000 ____D () C:\Users\........\Downloads\Malwaretools
2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 22:20 - 2014-07-12 11:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 22:20 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 22:20 - 2014-07-04 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-04 22:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 21:53 - 2014-07-04 21:53 - 718638958 _____ () C:\Windows\MEMORY.DMP
2014-07-04 21:53 - 2014-07-04 21:53 - 00302056 _____ () C:\Windows\Minidump\070414-5976750-01.dmp
2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\........\Downloads\OTL.Txt
2014-07-04 16:24 - 2014-07-04 17:00 - 1017118720 _____ () C:\Users\........\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-04 15:54 - 2014-07-04 22:50 - 00001590 _____ () C:\Windows\setupact.log
2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\........\Desktop\Anno 1404 - Venice.lnk
2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\........\Desktop\Anno1404.lnk
2014-07-04 13:40 - 2014-07-12 12:15 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 00:25 - 2014-07-04 00:26 - 00018511 _____ () C:\Windows\DirectX.log
2014-07-03 23:58 - 2014-07-04 00:48 - 00000000 ____D () C:\Users\........\Downloads\venedig
2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\........\AppData\Roaming\WinRAR
2014-07-03 23:34 - 2014-07-09 00:06 - 00000000 ____D () C:\Users\........\Downloads\Anno Venedig
2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\........\AppData\Roaming\QuickScan
2014-07-02 22:39 - 2014-07-02 22:41 - 00000000 ____D () C:\Users\........\Downloads\LibreOfficePortable
2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\........\AppData\Roaming\NVIDIA
2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\........\Desktop\Minecraft.exe
2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-30 00:04 - 2014-07-12 12:09 - 00029062 _____ () C:\Windows\PFRO.log
2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\system32\NV
2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-29 23:53 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-29 23:53 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-29 23:53 - 2014-05-20 04:44 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-06-29 23:49 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\LastGood
2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-29 23:46 - 2014-06-29 23:47 - 29677544 _____ (Mozilla) C:\Users\........\Downloads\Firefox Setup 30.0.exe
2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-06-29 23:30 - 2014-06-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-29 23:29 - 2014-07-04 13:33 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-29 23:29 - 2014-06-29 23:33 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-29 23:29 - 2014-06-29 23:33 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578
2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578
2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578
2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk
2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell
2014-06-29 21:48 - 2014-07-12 11:19 - 01072015 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\........\AppData\Roaming\LibreOffice
2014-06-17 21:24 - 2014-06-17 21:26 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-17 16:51 - 2014-06-17 16:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\MFAData
2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\Avg2014
2014-06-16 21:14 - 2014-06-29 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484
2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484
2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys
2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687
2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687
2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-16 09:30 - 2014-05-27 18:12 - 00918952 _____ (Oracle Corporation) C:\Users\........\Downloads\jxpiinstall.exe
2014-06-16 08:56 - 2014-06-29 22:49 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-06-12 13:18 - 2014-06-12 13:18 - 00000000 ____D () C:\Users\........\AppData\Roaming\java
==================== One Month Modified Files and Folders =======
2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\........\AppData\Roaming\AVAST Software
2014-07-12 12:36 - 2014-07-12 12:36 - 02084864 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-12 12:36 - 2014-07-12 12:36 - 00013818 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-12 12:36 - 2014-07-09 08:22 - 00000000 ____D () C:\FRST
2014-07-12 12:23 - 2014-07-10 23:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245838751-742312130-2388482474-1006
2014-07-12 12:21 - 2014-07-12 12:21 - 00001341 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ClassicShell
2014-07-12 12:15 - 2014-07-04 13:40 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 12:15 - 2014-03-18 11:25 - 00773008 _____ () C:\Windows\system32\perfh007.dat
2014-07-12 12:15 - 2014-03-18 11:25 - 00162310 _____ () C:\Windows\system32\perfc007.dat
2014-07-12 12:14 - 2014-07-12 12:14 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-07-12 12:10 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-12 12:09 - 2014-07-12 12:08 - 00000000 ____D () C:\AdwCleaner
2014-07-12 12:09 - 2014-06-30 00:04 - 00029062 _____ () C:\Windows\PFRO.log
2014-07-12 12:09 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-12 12:07 - 2014-07-12 12:07 - 01348263 _____ () C:\Users\Admin\Desktop\adwcleaner_3.215.exe
2014-07-12 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-12 11:59 - 2014-07-12 11:59 - 00001145 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-07-12 11:41 - 2014-01-03 11:07 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245838751-742312130-2388482474-1002
2014-07-12 11:37 - 2014-07-04 22:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 11:36 - 2014-07-12 11:36 - 00001143 _____ () C:\Users\........\Desktop\mbam.txt
2014-07-12 11:36 - 2013-12-20 16:14 - 00000000 ____D () C:\Users\........\AppData\Roaming\ClassicShell
2014-07-12 11:21 - 2014-04-25 22:30 - 00000000 ____D () C:\Users\........\AppData\Local\LogMeIn Hamachi
2014-07-12 11:19 - 2014-07-12 11:19 - 00001177 _____ () C:\Users\Admin\Desktop\AdwCleaner[S1].txt
2014-07-12 11:19 - 2014-07-12 11:18 - 00001115 _____ () C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2014-07-12 11:19 - 2014-06-29 21:48 - 01072015 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 11:18 - 2014-07-12 11:18 - 01348263 _____ () C:\Users\........\Downloads\adwcleaner_3.215.exe
2014-07-12 11:18 - 2014-07-08 23:41 - 00000000 ____D () C:\Users\Admin
2014-07-11 00:05 - 2014-07-11 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2014-07-11 00:05 - 2014-07-11 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-07-10 23:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-10 23:36 - 2014-07-10 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2014-07-10 23:36 - 2014-07-10 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-07-10 23:35 - 2014-07-10 23:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\Documents\Bluetooth Folder
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Atheros
2014-07-10 23:32 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\BMExplorer
2014-07-10 23:31 - 2014-07-10 23:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-07-10 23:19 - 2014-07-10 23:19 - 05217324 _____ (Swearware) C:\Users\........\Desktop\ComboFix.exe
2014-07-09 10:03 - 2014-07-09 10:03 - 00000000 ____D () C:\Users\........\Desktop\Neuer Ordner
2014-07-09 08:23 - 2014-07-09 08:23 - 00032074 _____ () C:\Users\........\Downloads\Addition.txt
2014-07-09 08:23 - 2014-07-09 08:22 - 00045340 _____ () C:\Users\........\Downloads\FRST.txt
2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\........\Desktop\FRST64.exe
2014-07-09 07:29 - 2014-04-26 20:25 - 00000000 ____D () C:\Users\........\AppData\Roaming\.minecraft
2014-07-09 00:06 - 2014-07-03 23:34 - 00000000 ____D () C:\Users\........\Downloads\Anno Venedig
2014-07-08 23:41 - 2014-07-08 23:41 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Vorlagen
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Startmenü
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Netzwerkumgebung
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Lokale Einstellungen
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Eigene Dateien
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Druckumgebung
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Documents\Eigene Musik
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Documents\Eigene Bilder
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Local\Verlauf
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\AppData\Local\Anwendungsdaten
2014-07-08 23:41 - 2014-07-08 23:41 - 00000000 _SHDL () C:\Users\Admin\Anwendungsdaten
2014-07-08 23:35 - 2014-05-16 18:19 - 00000660 __RSH () C:\Users\........\ntuser.pol
2014-07-08 23:35 - 2014-05-16 17:53 - 00000000 ____D () C:\Users\........
2014-07-08 23:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Vss
2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\........\Downloads\hitmanpro_x64.exe
2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\........\Downloads\avira_pc_cleaner_de.exe
2014-07-08 20:57 - 2014-07-08 20:56 - 01889616 _____ (SurfRight B.V.) C:\Users\........\Downloads\hmpalert.exe
2014-07-06 17:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-06 17:46 - 2013-12-20 15:53 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-05 09:26 - 2014-07-04 23:10 - 00000000 ____D () C:\Users\........\Downloads\Malwaretools
2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\........\AppData\Local\Secunia PSI
2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 23:34 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 23:23 - 2014-05-17 22:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 22:50 - 2014-07-04 15:54 - 00001590 _____ () C:\Windows\setupact.log
2014-07-04 22:30 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-04 21:53 - 2014-07-04 21:53 - 718638958 _____ () C:\Windows\MEMORY.DMP
2014-07-04 21:53 - 2014-07-04 21:53 - 00302056 _____ () C:\Windows\Minidump\070414-5976750-01.dmp
2014-07-04 21:53 - 2014-05-18 18:16 - 00000000 ____D () C:\Windows\Minidump
2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\........\Downloads\OTL.Txt
2014-07-04 17:00 - 2014-07-04 16:24 - 1017118720 _____ () C:\Users\........\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\........\Desktop\Anno 1404 - Venice.lnk
2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\........\Desktop\Anno1404.lnk
2014-07-04 13:33 - 2014-06-29 23:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-04 00:48 - 2014-07-03 23:58 - 00000000 ____D () C:\Users\........\Downloads\venedig
2014-07-04 00:35 - 2014-01-01 21:51 - 00000000 ____D () C:\Users\........\AppData\Roaming\Ubisoft
2014-07-04 00:29 - 2014-01-25 21:52 - 00000000 ____D () C:\ProgramData\Solidshield
2014-07-04 00:28 - 2013-07-19 16:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-04 00:26 - 2014-07-04 00:25 - 00018511 _____ () C:\Windows\DirectX.log
2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\........\AppData\Roaming\WinRAR
2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\........\AppData\Roaming\QuickScan
2014-07-02 22:41 - 2014-07-02 22:39 - 00000000 ____D () C:\Users\........\Downloads\LibreOfficePortable
2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\........\AppData\Roaming\NVIDIA
2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\........\Desktop\Minecraft.exe
2014-07-01 13:32 - 2014-01-18 11:29 - 00000000 ____D () C:\ProgramData\Origin
2014-07-01 13:24 - 2014-01-18 11:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\system32\NV
2014-07-01 07:05 - 2014-05-21 20:10 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CB70B38-EF3C-4BFD-BB6B-48498E7F25B3}
2014-06-30 15:01 - 2014-03-29 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-29 23:57 - 2014-01-04 14:08 - 00000000 ____D () C:\Users\........\AppData\Local\NVIDIA Corporation
2014-06-29 23:57 - 2014-01-04 14:05 - 00000000 ____D () C:\Users\........\AppData\Local\NVIDIA
2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-29 23:54 - 2014-06-29 23:49 - 00000000 ____D () C:\Windows\LastGood
2014-06-29 23:54 - 2014-05-16 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-29 23:47 - 2014-06-29 23:46 - 29677544 _____ (Mozilla) C:\Users\........\Downloads\Firefox Setup 30.0.exe
2014-06-29 23:40 - 2014-04-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-06-29 23:40 - 2014-01-31 22:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-29 23:34 - 2014-06-29 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-29 23:33 - 2014-06-29 23:29 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-29 23:33 - 2014-06-29 23:29 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578
2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578
2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578
2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk
2014-06-29 23:18 - 2013-04-26 01:17 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-29 23:18 - 2012-07-26 11:43 - 00000000 ____D () C:\Windows\en-GB
2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell
2014-06-29 22:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-29 22:49 - 2014-06-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-06-29 22:49 - 2014-06-16 08:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-06-29 22:49 - 2014-06-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2014-06-29 22:49 - 2014-05-16 19:19 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-06-29 22:49 - 2014-05-16 17:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-06-29 22:49 - 2014-01-31 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\security
2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
2014-06-29 22:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-06-29 22:49 - 2013-07-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-06-29 22:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration
2014-06-29 22:35 - 2014-05-15 21:47 - 00000000 ____D () C:\Users\........\AppData\Local\Mozilla
2014-06-29 22:35 - 2013-12-17 21:12 - 00000000 ____D () C:\Users\........\AppData\Local\Packages
2014-06-29 22:34 - 2014-01-19 17:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-29 18:56 - 2014-02-07 17:41 - 00000000 ____D () C:\Users\........\Desktop\Mods
2014-06-29 17:25 - 2014-06-03 15:16 - 00000000 ____D () C:\Users\........\Documents\Battlefield 3
2014-06-29 17:25 - 2014-03-15 19:57 - 00000000 ____D () C:\Users\........\Documents\!DOKUMENTE!
2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\........\AppData\Roaming\LibreOffice
2014-06-17 21:26 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-17 16:52 - 2014-06-17 16:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\MFAData
2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\Avg2014
2014-06-16 22:17 - 2014-05-07 22:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-16 22:17 - 2014-04-28 20:08 - 00000000 ____D () C:\Users\........\AppData\Local\Android
2014-06-16 22:16 - 2014-05-18 21:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484
2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484
2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys
2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687
2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687
2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-16 09:24 - 2013-04-26 01:16 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-06-16 08:56 - 2014-05-16 17:45 - 00153969 _____ () C:\Windows\system32\Drivers\RTWAVES30.dat
2014-06-15 23:11 - 2014-03-25 22:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2245838751-742312130-2388482474-1005
2014-06-12 13:18 - 2014-06-12 13:18 - 00000000 ____D () C:\Users\........\AppData\Roaming\java
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\........\.gdocs.dat
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\........\AppData\Local\Temp\hitmanpro_x64.exe
C:\Users\........\AppData\Local\Temp\Quarantine.exe
C:\Users\........\AppData\Local\Temp\ubi26D9.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-09 12:04
==================== End Of Log ============================
|
|
13.07.2014, 08:17
| #8 |
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytesESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2014, 13:52
| #9 |
| | Dropper- und Trojanerfund durch avast und malware bytes sec check Code:
ATTFilter Results of screen317's Security Check version 0.99.85 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Mobile Partner OnlineUpdate ouc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dbb97658751f364380d985484ef1c4f6
# engine=19157
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-13 09:55:44
# local_time=2014-07-13 11:55:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 96 1209050 1211153 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1213249 5030353 0 0
# scanned=210939
# found=2
# cleaned=0
# scan_time=5717
sh=CC5DA4CF0697E1747D81C4D09838DE4C92354DD0 ft=1 fh=ceecdeac6d7b9dfb vn="Variante von Win32/InstallCore.NU evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1002\$RMZ59SM.exe"
sh=6276F390A7013814D21A2C86E2CDE726DE9DD673 ft=1 fh=4e01f83b5f9d4dcd vn="Win32/Packed.VMProtect.D Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2245838751-742312130-2388482474-1006\$RAAMP1Q.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014 Ran by ........ (ATTENTION: The logged in user is not administrator) on ........PC on 14-07-2014 00:12:58 Running from C:\Users\TEMP\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-29] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.) HKLM-x32\...\Run: [EMET Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-12] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] ( (Atheros Communications)) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicyUsers\S-1-5-21-2245838751-742312130-2388482474-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{9F07244D-7427-439B-95FB-32926EF0840D}: [NameServer]213.162.69.170 213.162.69.2 Tcpip\..\Interfaces\{B857F7ED-0985-4E7C-95F4-11FBF6CD5111}: [NameServer]213.162.69.170 213.162.69.2 Tcpip\..\Interfaces\{DCCC6BCF-D2E9-413D-A111-815E6C12B145}: [NameServer]213.162.69.1 213.162.69.169 FireFox: ======== FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\6ff0w6nc.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-29] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-29] (AVAST Software) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2013-12-20] () [File not signed] R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-16] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-29] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-29] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-29] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-29] (AVAST Software) S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-16] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-29] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-05] () S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-22] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2013-12-20] (Huawei Technologies Co., Ltd.) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-02-05] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-16] (Microsoft Corporation) S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\........\AppData\Roaming\AVAST Software 2014-07-14 00:12 - 2014-07-14 00:12 - 02086912 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe 2014-07-14 00:12 - 2014-07-14 00:12 - 00011964 _____ () C:\Users\TEMP\Downloads\FRST.txt 2014-07-14 00:07 - 2014-07-14 00:07 - 00854390 _____ () C:\Users\TEMP\Downloads\SecurityCheck.exe 2014-07-13 17:32 - 2014-07-13 20:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\.minecraft 2014-07-13 17:32 - 2014-07-13 17:32 - 00001104 _____ () C:\Users\TEMP\Desktop\Minecraft - Verknüpfung.lnk 2014-07-13 15:30 - 2014-07-13 15:30 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu(2).exe 2014-07-13 13:32 - 2014-07-13 13:32 - 00001062 _____ () C:\eset.txt 2014-07-13 11:23 - 2014-07-13 11:23 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu(1).exe 2014-07-13 11:09 - 2014-07-13 11:09 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu.exe 2014-07-13 11:00 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla 2014-07-13 11:00 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Mozilla 2014-07-13 10:56 - 2014-07-14 00:10 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ClassicShell 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\Documents\Bluetooth Folder 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVAST Software 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Local\BMExplorer 2014-07-13 10:55 - 2014-07-13 19:28 - 00000000 ____D () C:\Users\TEMP\AppData\Local\VirtualStore 2014-07-13 10:55 - 2014-07-13 10:55 - 00000660 __RSH () C:\Users\TEMP\ntuser.pol 2014-07-13 10:55 - 2014-07-13 10:55 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Startmenü 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Atheros 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP 2014-07-13 10:55 - 2014-05-16 19:51 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia 2014-07-13 10:55 - 2014-05-16 18:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-07-13 10:55 - 2014-03-18 12:31 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-13 10:55 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-07-13 10:55 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-07-13 10:55 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-13 10:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-13 10:54 - 2014-07-13 21:15 - 00239732 _____ () C:\Windows\WindowsUpdate.log 2014-07-12 12:08 - 2014-07-12 12:09 - 00000000 ____D () C:\AdwCleaner 2014-07-12 11:36 - 2014-07-12 11:36 - 00001143 _____ () C:\Users\........\Desktop\mbam.txt 2014-07-12 11:18 - 2014-07-12 11:18 - 01348263 _____ () C:\Users\........\Downloads\adwcleaner_3.215.exe 2014-07-10 23:19 - 2014-07-10 23:19 - 05217324 _____ (Swearware) C:\Users\........\Desktop\ComboFix.exe 2014-07-09 10:03 - 2014-07-09 10:03 - 00000000 ____D () C:\Users\........\Desktop\Neuer Ordner 2014-07-09 08:23 - 2014-07-09 08:23 - 00032074 _____ () C:\Users\........\Downloads\Addition.txt 2014-07-09 08:22 - 2014-07-14 00:13 - 00000000 ____D () C:\FRST 2014-07-09 08:22 - 2014-07-09 08:23 - 00045340 _____ () C:\Users\........\Downloads\FRST.txt 2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\........\Desktop\FRST64.exe 2014-07-09 00:06 - 2014-02-19 11:57 - 93612840 _____ (GOG.com ) C:\Users\........\Downloads\setup_banished_2.0.0.3.exe 2014-07-08 23:41 - 2014-07-12 11:18 - 00000000 ____D () C:\Users\Admin 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\........\Downloads\hitmanpro_x64.exe 2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\........\Downloads\avira_pc_cleaner_de.exe 2014-07-08 20:56 - 2014-07-08 20:57 - 01889616 _____ (SurfRight B.V.) C:\Users\........\Downloads\hmpalert.exe 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\........\AppData\Local\Secunia PSI 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-04 23:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-04 23:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-04 23:10 - 2014-07-05 09:26 - 00000000 ____D () C:\Users\........\Downloads\Malwaretools 2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT 2014-07-04 22:20 - 2014-07-12 11:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 22:20 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 22:20 - 2014-07-04 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-04 22:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\........\Downloads\OTL.Txt 2014-07-04 16:24 - 2014-07-04 17:00 - 1017118720 _____ () C:\Users\........\Downloads\ubuntu-14.04-desktop-i386.iso 2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\........\Desktop\Anno 1404 - Venice.lnk 2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\........\Desktop\Anno1404.lnk 2014-07-04 13:40 - 2014-07-13 10:57 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-03 23:58 - 2014-07-13 15:32 - 00000000 ____D () C:\Users\........\Downloads\venedig 2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\........\AppData\Roaming\WinRAR 2014-07-03 23:34 - 2014-07-13 15:24 - 00000000 ____D () C:\Users\........\Downloads\Anno Venedig 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1 2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\........\AppData\Roaming\QuickScan 2014-07-02 22:39 - 2014-07-02 22:41 - 00000000 ____D () C:\Users\........\Downloads\LibreOfficePortable 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\........\AppData\Roaming\NVIDIA 2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\........\Desktop\Minecraft.exe 2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-06-29 23:54 - 2014-07-01 07:06 - 00000000 ____D () C:\Windows\system32\NV 2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-06-29 23:53 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-06-29 23:53 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-06-29 23:53 - 2014-05-20 04:44 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2014-06-29 23:49 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\LastGood 2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-29 23:46 - 2014-06-29 23:47 - 29677544 _____ (Mozilla) C:\Users\........\Downloads\Firefox Setup 30.0.exe 2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-06-29 23:30 - 2014-06-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-29 23:29 - 2014-07-04 13:33 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-29 23:29 - 2014-06-29 23:33 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-29 23:29 - 2014-06-29 23:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578 2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell 2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\........\AppData\Roaming\LibreOffice 2014-06-17 21:24 - 2014-06-17 21:26 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-06-17 16:51 - 2014-06-17 16:52 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\Avg2014 2014-06-16 21:14 - 2014-06-29 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle 2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys 2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687 2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687 2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-16 09:30 - 2014-05-27 18:12 - 00918952 _____ (Oracle Corporation) C:\Users\........\Downloads\jxpiinstall.exe 2014-06-16 08:56 - 2014-06-29 22:49 - 00000000 ____D () C:\Windows\LastGood.Tmp ==================== One Month Modified Files and Folders ======= 2018-06-16 22:04 - 2018-06-16 22:04 - 00000000 ____D () C:\Users\........\AppData\Roaming\AVAST Software 2014-07-14 00:13 - 2014-07-14 00:12 - 00011964 _____ () C:\Users\TEMP\Downloads\FRST.txt 2014-07-14 00:13 - 2014-07-09 08:22 - 00000000 ____D () C:\FRST 2014-07-14 00:12 - 2014-07-14 00:12 - 02086912 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe 2014-07-14 00:10 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ClassicShell 2014-07-14 00:07 - 2014-07-14 00:07 - 00854390 _____ () C:\Users\TEMP\Downloads\SecurityCheck.exe 2014-07-14 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-07-13 21:15 - 2014-07-13 10:54 - 00239732 _____ () C:\Windows\WindowsUpdate.log 2014-07-13 20:05 - 2014-07-13 17:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\.minecraft 2014-07-13 19:28 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP\AppData\Local\VirtualStore 2014-07-13 17:32 - 2014-07-13 17:32 - 00001104 _____ () C:\Users\TEMP\Desktop\Minecraft - Verknüpfung.lnk 2014-07-13 15:32 - 2014-07-03 23:58 - 00000000 ____D () C:\Users\........\Downloads\venedig 2014-07-13 15:30 - 2014-07-13 15:30 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu(2).exe 2014-07-13 15:24 - 2014-07-03 23:34 - 00000000 ____D () C:\Users\........\Downloads\Anno Venedig 2014-07-13 13:32 - 2014-07-13 13:32 - 00001062 _____ () C:\eset.txt 2014-07-13 11:24 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-07-13 11:23 - 2014-07-13 11:23 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu(1).exe 2014-07-13 11:09 - 2014-07-13 11:09 - 02347384 _____ (ESET) C:\Users\TEMP\Downloads\esetsmartinstaller_deu.exe 2014-07-13 11:00 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla 2014-07-13 11:00 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Mozilla 2014-07-13 10:57 - 2014-07-04 13:40 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-13 10:57 - 2014-03-18 11:25 - 00773008 _____ () C:\Windows\system32\perfh007.dat 2014-07-13 10:57 - 2014-03-18 11:25 - 00162310 _____ () C:\Windows\system32\perfc007.dat 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\Documents\Bluetooth Folder 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVAST Software 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe 2014-07-13 10:56 - 2014-07-13 10:56 - 00000000 ____D () C:\Users\TEMP\AppData\Local\BMExplorer 2014-07-13 10:55 - 2014-07-13 10:55 - 00000660 __RSH () C:\Users\TEMP\ntuser.pol 2014-07-13 10:55 - 2014-07-13 10:55 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Startmenü 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Atheros 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages 2014-07-13 10:55 - 2014-07-13 10:55 - 00000000 ____D () C:\Users\TEMP 2014-07-12 21:39 - 2014-05-18 18:16 - 00000000 ____D () C:\Windows\Minidump 2014-07-12 12:10 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-12 12:09 - 2014-07-12 12:08 - 00000000 ____D () C:\AdwCleaner 2014-07-12 11:37 - 2014-07-04 22:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-12 11:36 - 2014-07-12 11:36 - 00001143 _____ () C:\Users\........\Desktop\mbam.txt 2014-07-12 11:36 - 2013-12-20 16:14 - 00000000 ____D () C:\Users\........\AppData\Roaming\ClassicShell 2014-07-12 11:21 - 2014-04-25 22:30 - 00000000 ____D () C:\Users\........\AppData\Local\LogMeIn Hamachi 2014-07-12 11:18 - 2014-07-12 11:18 - 01348263 _____ () C:\Users\........\Downloads\adwcleaner_3.215.exe 2014-07-12 11:18 - 2014-07-08 23:41 - 00000000 ____D () C:\Users\Admin 2014-07-10 23:19 - 2014-07-10 23:19 - 05217324 _____ (Swearware) C:\Users\........\Desktop\ComboFix.exe 2014-07-09 10:03 - 2014-07-09 10:03 - 00000000 ____D () C:\Users\........\Desktop\Neuer Ordner 2014-07-09 08:23 - 2014-07-09 08:23 - 00032074 _____ () C:\Users\........\Downloads\Addition.txt 2014-07-09 08:23 - 2014-07-09 08:22 - 00045340 _____ () C:\Users\........\Downloads\FRST.txt 2014-07-09 08:22 - 2014-07-09 08:22 - 02084352 _____ (Farbar) C:\Users\........\Desktop\FRST64.exe 2014-07-09 07:29 - 2014-04-26 20:25 - 00000000 ____D () C:\Users\........\AppData\Roaming\.minecraft 2014-07-08 23:35 - 2014-05-16 18:19 - 00000660 __RSH () C:\Users\........\ntuser.pol 2014-07-08 23:35 - 2014-05-16 17:53 - 00000000 ____D () C:\Users\........ 2014-07-08 23:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Vss 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-08 21:45 - 2014-07-08 21:45 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-08 21:44 - 2014-07-08 21:44 - 09755584 _____ (SurfRight B.V.) C:\Users\........\Downloads\hitmanpro_x64.exe 2014-07-08 21:22 - 2014-07-08 21:22 - 02278856 _____ () C:\Users\........\Downloads\avira_pc_cleaner_de.exe 2014-07-08 20:57 - 2014-07-08 20:56 - 01889616 _____ (SurfRight B.V.) C:\Users\........\Downloads\hmpalert.exe 2014-07-06 17:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-06 17:46 - 2013-12-20 15:53 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-05 09:26 - 2014-07-04 23:10 - 00000000 ____D () C:\Users\........\Downloads\Malwaretools 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Users\........\AppData\Local\Secunia PSI 2014-07-05 09:10 - 2014-07-05 09:10 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-07-04 23:54 - 2014-07-04 23:54 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-04 23:34 - 2014-07-04 23:34 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 23:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 23:34 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 23:23 - 2014-05-17 22:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-04 23:09 - 2014-07-04 23:09 - 00000000 ____D () C:\Windows\ERUNT 2014-07-04 22:30 - 2014-07-04 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-04 20:05 - 2014-07-04 20:05 - 00140626 _____ () C:\Users\........\Downloads\OTL.Txt 2014-07-04 17:00 - 2014-07-04 16:24 - 1017118720 _____ () C:\Users\........\Downloads\ubuntu-14.04-desktop-i386.iso 2014-07-04 14:12 - 2014-07-04 14:12 - 00000136 _____ () C:\Users\........\Desktop\Anno 1404 - Venice.lnk 2014-07-04 14:07 - 2014-07-04 14:07 - 00001790 _____ () C:\Users\........\Desktop\Anno1404.lnk 2014-07-04 13:33 - 2014-06-29 23:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-04 00:35 - 2014-01-01 21:51 - 00000000 ____D () C:\Users\........\AppData\Roaming\Ubisoft 2014-07-04 00:29 - 2014-01-25 21:52 - 00000000 ____D () C:\ProgramData\Solidshield 2014-07-04 00:28 - 2013-07-19 16:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-03 23:41 - 2014-07-03 23:41 - 00000000 ____D () C:\Users\........\AppData\Roaming\WinRAR 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit 2014-07-03 23:25 - 2014-07-03 23:25 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1 2014-07-03 22:30 - 2014-07-03 22:30 - 00000000 ____D () C:\Users\........\AppData\Roaming\QuickScan 2014-07-02 22:41 - 2014-07-02 22:39 - 00000000 ____D () C:\Users\........\Downloads\LibreOfficePortable 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-02 13:29 - 2014-07-02 13:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-01 14:16 - 2014-07-01 14:16 - 00000000 ____D () C:\Users\........\AppData\Roaming\NVIDIA 2014-07-01 14:13 - 2014-07-01 14:13 - 00675988 _____ () C:\Users\........\Desktop\Minecraft.exe 2014-07-01 13:32 - 2014-01-18 11:29 - 00000000 ____D () C:\ProgramData\Origin 2014-07-01 13:24 - 2014-01-18 11:29 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-07-01 07:06 - 2014-06-29 23:54 - 00000000 ____D () C:\Windows\system32\NV 2014-06-30 00:05 - 2014-06-30 00:05 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-29 23:57 - 2014-05-16 17:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-29 23:57 - 2014-01-04 14:08 - 00000000 ____D () C:\Users\........\AppData\Local\NVIDIA Corporation 2014-06-29 23:57 - 2014-01-04 14:05 - 00000000 ____D () C:\Users\........\AppData\Local\NVIDIA 2014-06-29 23:54 - 2014-06-29 23:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-06-29 23:54 - 2014-06-29 23:49 - 00000000 ____D () C:\Windows\LastGood 2014-06-29 23:54 - 2014-05-16 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-29 23:48 - 2014-06-29 23:48 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-29 23:48 - 2014-06-29 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-29 23:47 - 2014-06-29 23:46 - 29677544 _____ (Mozilla) C:\Users\........\Downloads\Firefox Setup 30.0.exe 2014-06-29 23:40 - 2014-04-28 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-06-29 23:40 - 2014-01-31 22:30 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-29 23:34 - 2014-06-29 23:34 - 00001990 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-06-29 23:34 - 2014-06-29 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-29 23:33 - 2014-06-29 23:33 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-06-29 23:33 - 2014-06-29 23:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-29 23:33 - 2014-06-29 23:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-29 23:33 - 2014-06-29 23:29 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-29 23:33 - 2014-06-29 23:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-29 23:29 - 2014-06-29 23:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404077405578 2014-06-29 23:29 - 2014-06-29 23:29 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1404077405578 2014-06-29 23:25 - 2014-06-29 23:25 - 00001348 _____ () C:\Users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Anno 1404.lnk 2014-06-29 23:18 - 2013-04-26 01:17 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-06-29 23:18 - 2012-07-26 11:43 - 00000000 ____D () C:\Windows\en-GB 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-06-29 23:13 - 2014-06-29 23:13 - 00000000 ____D () C:\Program Files\Classic Shell 2014-06-29 22:49 - 2014-06-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle 2014-06-29 22:49 - 2014-06-16 08:56 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-06-29 22:49 - 2014-06-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery 2014-06-29 22:49 - 2014-05-16 19:19 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-06-29 22:49 - 2014-05-16 17:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-06-29 22:49 - 2014-01-31 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\security 2014-06-29 22:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help 2014-06-29 22:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-06-29 22:49 - 2013-07-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite 2014-06-29 22:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\registration 2014-06-29 22:35 - 2014-05-15 21:47 - 00000000 ____D () C:\Users\........\AppData\Local\Mozilla 2014-06-29 22:35 - 2013-12-17 21:12 - 00000000 ____D () C:\Users\........\AppData\Local\Packages 2014-06-29 22:34 - 2014-01-19 17:33 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-29 18:56 - 2014-02-07 17:41 - 00000000 ____D () C:\Users\........\Desktop\Mods 2014-06-29 17:25 - 2014-06-03 15:16 - 00000000 ____D () C:\Users\........\Documents\Battlefield 3 2014-06-29 17:25 - 2014-03-15 19:57 - 00000000 ____D () C:\Users\........\Documents\!DOKUMENTE! 2014-06-17 21:28 - 2014-06-17 21:28 - 00000000 ____D () C:\Users\........\AppData\Roaming\LibreOffice 2014-06-17 21:26 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-06-17 16:52 - 2014-06-17 16:51 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\MFAData 2014-06-17 16:51 - 2014-06-17 16:51 - 00000000 ____D () C:\Users\........\AppData\Local\Avg2014 2014-06-16 22:17 - 2014-05-07 22:55 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-16 22:17 - 2014-04-28 20:08 - 00000000 ____D () C:\Users\........\AppData\Local\Android 2014-06-16 22:16 - 2014-05-18 21:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-16 21:08 - 2014-06-16 21:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402945752484 2014-06-16 21:08 - 2014-06-16 21:08 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys 2014-06-16 18:15 - 2014-06-16 18:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402935353687 2014-06-16 18:15 - 2014-06-16 18:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402935353687 2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2014-06-16 09:40 - 2014-06-16 09:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-16 09:40 - 2014-06-16 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-16 09:24 - 2013-04-26 01:16 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-06-16 08:56 - 2014-05-16 17:45 - 00153969 _____ () C:\Windows\system32\Drivers\RTWAVES30.dat Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS C:\Users\........\.gdocs.dat Some content of TEMP: ==================== C:\Users\........\AppData\Local\Temp\hitmanpro_x64.exe C:\Users\........\AppData\Local\Temp\Quarantine.exe C:\Users\........\AppData\Local\Temp\ubi26D9.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- --- --- --- |
|
14.07.2014, 18:02
| #10 |
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytes Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\........\.gdocs.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2014, 19:53
| #11 |
| | Dropper- und Trojanerfund durch avast und malware bytesCode:
ATTFilter => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-14 20:40:52)<=
==> ATTENTION: System is not rebooted.
C:\$Recycle.Bin => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
==== End of Fixlog ====
----------- Aber nun hast du dir noch mein Dankeschön verdient!  Ne Frage hätte ich noch: Bist du zufällig bei emsisoft tätig? Ah noch was: Ist Firefox wirklich eindeutig ein sicherer Browser? Ich benutz ihn zwar wirklich immer, aber mir kommt vor das die Browserunsicherheitsrate mit den Nutzern zunimmt. Zuerst hatten alle IE und er war unsicher (ich glaub er hat nun auch ne activx filterung), jetzt haben alle FE und bei diesem empfiehlt man den Wechsel (nun ja das BSI tut's mal) zu chrome. Dann wird mal dieser folgen. Nach der Verbreitungs-Sicherheitstheorie, die gerne bei Linux<->Windows verwendet wird, müsst doch Opera recht sicher sein? Geändert von Klmzt (14.07.2014 um 20:05 Uhr) Grund: rs fehler |
|
15.07.2014, 19:23
| #12 | ||
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytesZitat:
Zitat:
Opera kenne ich gar nit. Und was das BSI sagt, ist sowieso nit immer Gold
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2014, 19:10
| #13 |
| | Dropper- und Trojanerfund durch avast und malware bytes Hm, deswegen benutze ich auch FF. Sorry das ich mich so spät melde aber der Thread kann abgeschlossen werden |
|
24.07.2014, 17:21
| #14 |
| /// the machine /// TB-Ausbilder | Dropper- und Trojanerfund durch avast und malware bytes ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Dropper- und Trojanerfund durch avast und malware bytes |
| antivirus, autorun, backdoor, browser, computer, defender, detected, dxgkrnl, firewall, fontcache, generic, malware, microsoft, pup.optional.amonetize, pup.optional.installcore, pup.optional.outbrowse, realtek, required, schutz, software, tunnel, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
