| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unsichtbares InternetexplorerfensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.09.2014, 15:03
| #1 |
 |  Unsichtbares Internetexplorerfenster Hey, seit kurzem öffnet sich im Hintergrund ein Iexplorerfenster im Hintergrund, das ich sehen kann wenn ich den Computer herunterfahre. Anfangs hat dieses Fenster noch mit mir geredet und nur deshalb habe ich es überhaupt gemerkt. Wäre toll wenn mir jemand helfen kann, ich fühle mich an dem Computer bei Onlinekäufen nicht mehr sicher und möchte diesen "virus?" nicht einfach so aussitzen . |
|
09.09.2014, 15:05
| #2 |
| /// the machine /// TB-Ausbilder    | Unsichtbares Internetexplorerfenster hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.09.2014, 15:10
| #3 |
| | Unsichtbares InternetexplorerfensterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01 Ran by Sebastian (administrator) on SEBASTIAN-PC on 09-09-2014 16:07:24 Running from C:\Users\Sebastian\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-22] (Microsoft Corporation) HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\Run: [InetStat] => C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-15] () HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\MountPoints2: {7966b4e0-b11e-11e3-80e1-00256489b9d5} - K:\setup.exe HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [InetStat] => C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-15] () HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7966b4e0-b11e-11e3-80e1-00256489b9d5} - K:\setup.exe HKU\S-1-5-21-2532947452-1858761559-3390100972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3172B1316744CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {B3BDAE2A-737D-4D9A-92D9-B51ADC242E32} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\amazon-icon@giga.de [2014-04-20] FF Extension: Securita Scout - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\isec@securitascout.com [2014-04-20] FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\sparpilot@sparpilot.com [2014-04-20] FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27] Chrome: ======= CHR HomePage: Default -> 4402EC7686F10B1BB287109286A83A92D5A671A7D06D18C0757BC78B5604FF9E CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8" CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSearchProvider: Default -> Trovi search CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M7D8F0070-D06D-4D1F-941F-1F3057A97FD4&SearchSource=58&CUI=&UM=6&UP=SP1E911EA5-0E78-4787-8D27-584136421595&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (Amazon-Icon) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-23] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Sebastian\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-09] (Malwarebytes Corporation) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 16:07 - 2014-09-09 16:07 - 00013361 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2014-09-09 16:07 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST 2014-09-09 16:06 - 2014-09-09 16:06 - 02105344 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java 2014-09-08 15:08 - 2014-09-08 15:34 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft 2014-09-08 15:00 - 2014-09-08 15:49 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype 2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype 2014-09-08 14:47 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy 2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk 2014-09-07 11:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-07 11:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-07 11:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11 2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur 2014-08-23 18:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-23 18:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-23 18:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-23 18:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-23 18:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-23 18:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-23 18:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-23 18:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-23 18:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-23 18:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-23 18:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-23 18:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-23 18:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-23 18:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-16 17:59 - 2014-08-16 17:59 - 00013753 _____ () C:\Users\Sebastian\Downloads\EasyLoot-v2.2.6.1.zip 2014-08-16 17:30 - 2014-08-16 17:30 - 00032778 _____ () C:\Users\Sebastian\Downloads\SmartLoot.zip 2014-08-14 14:17 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 14:17 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 14:17 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 14:17 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 14:17 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 14:17 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 14:17 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 14:17 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 11:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 11:04 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 11:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 11:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-14 11:04 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 11:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 11:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-14 11:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 11:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 11:04 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 11:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-14 11:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 11:04 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 11:04 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-14 11:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-14 11:04 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 11:04 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 11:04 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 11:04 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-14 11:04 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-14 11:04 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-14 11:04 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 11:04 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 11:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 11:04 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 11:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 11:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 11:04 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 11:04 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 11:04 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 11:04 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 11:04 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-14 11:04 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 11:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 11:04 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 11:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 11:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-14 11:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-14 11:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 11:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 11:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 11:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-14 11:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-14 11:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-14 11:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-14 11:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 11:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 11:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 11:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 11:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-14 11:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 11:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 11:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 11:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-14 11:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-14 11:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 10:57 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 10:57 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 10:57 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-14 10:47 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-14 10:47 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-14 10:47 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-14 10:47 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-14 10:47 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-14 10:43 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 10:43 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 10:42 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 10:42 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 10:42 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 10:42 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 10:42 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-14 10:42 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-14 10:42 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-14 10:41 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 10:41 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-14 10:36 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-14 10:36 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-14 10:16 - 2014-09-09 15:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 10:16 - 2014-08-14 10:16 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 10:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 10:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 10:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 10:10 - 2014-08-14 10:10 - 01101648 _____ () C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 16:07 - 2014-09-09 16:07 - 00013361 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2014-09-09 16:07 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST 2014-09-09 16:06 - 2014-09-09 16:06 - 02105344 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2014-09-09 15:54 - 2014-08-14 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-09 15:49 - 2014-03-20 21:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net 2014-09-09 15:42 - 2014-04-23 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-09 15:42 - 2014-03-20 20:15 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job 2014-09-09 15:31 - 2014-03-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-09 12:42 - 2014-03-20 19:07 - 01171040 _____ () C:\Windows\WindowsUpdate.log 2014-09-09 12:05 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-09 12:05 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-09 12:04 - 2014-03-20 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-09 12:04 - 2014-03-20 20:47 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-09 12:04 - 2014-03-20 20:32 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-09 11:58 - 2014-06-07 16:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi 2014-09-09 11:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-09 11:57 - 2009-07-14 06:51 - 00076178 _____ () C:\Windows\setupact.log 2014-09-09 00:41 - 2014-03-20 21:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client 2014-09-08 22:33 - 2014-07-30 21:12 - 00000000 ____D () C:\Users\Conni\AppData\Local\LogMeIn Hamachi 2014-09-08 22:10 - 2014-04-15 12:44 - 00000000 ____D () C:\Program Files (x86)\League of Legends 2014-09-08 15:49 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype 2014-09-08 15:34 - 2014-09-08 15:08 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft 2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java 2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype 2014-09-08 14:56 - 2014-07-22 11:06 - 00000000 ____D () C:\Users\Conni\AppData\Local\Battle.net 2014-09-08 14:51 - 2014-09-08 14:47 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy 2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk 2014-09-08 12:39 - 2009-07-14 06:45 - 00315352 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-07 11:42 - 2014-03-20 20:14 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job 2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-08-26 20:20 - 2014-07-19 20:09 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-08-25 18:56 - 2014-05-04 15:11 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-08-25 16:29 - 2014-07-22 20:45 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\TS3Client 2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11 2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur 2014-08-23 19:09 - 2014-03-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-23 04:07 - 2014-09-07 11:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-09-07 11:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-09-07 11:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-17 11:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-16 17:59 - 2014-08-16 17:59 - 00013753 _____ () C:\Users\Sebastian\Downloads\EasyLoot-v2.2.6.1.zip 2014-08-16 17:30 - 2014-08-16 17:30 - 00032778 _____ () C:\Users\Sebastian\Downloads\SmartLoot.zip 2014-08-15 17:56 - 2014-03-21 04:01 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-08-15 17:56 - 2014-03-21 04:01 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-08-15 17:56 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 10:12 - 2014-03-20 22:15 - 00186512 _____ () C:\Windows\PFRO.log 2014-08-14 16:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-14 14:27 - 2014-04-04 16:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 14:22 - 2014-04-04 16:21 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-14 14:17 - 2014-05-06 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-14 10:16 - 2014-08-14 10:16 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 10:10 - 2014-08-14 10:10 - 01101648 _____ () C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-08-11 17:47 - 2014-03-20 20:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\Die HübscheBoy Saga Some content of TEMP: ==================== C:\Users\Conni\AppData\Local\Temp\avgnt.exe C:\Users\Conni\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sebastian\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe C:\Users\Sebastian\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Sebastian\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe C:\Users\Sebastian\AppData\Local\Temp\MW3HackzZ4PC.exe C:\Users\Sebastian\AppData\Local\Temp\sdanircmdc.exe C:\Users\Sebastian\AppData\Local\Temp\sdapskill.exe C:\Users\Sebastian\AppData\Local\Temp\sdaspwn.exe C:\Users\Sebastian\AppData\Local\Temp\securitascout_3.exe C:\Users\Sebastian\AppData\Local\Temp\setup_292.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 11:38 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Sebastian at 2014-09-09 16:07:58
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version: - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fragen-Lern-CD 4.5 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB) (Version: 4.5.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.5 (x32 Version: 4.5.0 - Wendel-Verlag GmbH) Hidden
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
S4 League_EU (HKLM-x32\...\{B4D144E3-B498-4539-9E52-014E061D7A78}) (Version: 1.00.0000 - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
23-08-2014 16:59:12 Windows Update
24-08-2014 22:05:40 Windows Update
07-09-2014 21:57:43 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4FEEE190-9705-4EC8-9B9C-37AF7CC9F31D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {942BE680-5702-4D5A-9182-79BAA42949FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {F8F81793-EF39-4FD1-9B16-03D83C7A9D08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-15 20:17 - 2014-07-15 20:17 - 01325536 _____ () C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe
2014-03-20 20:54 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-27 17:39 - 2014-08-07 10:27 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/07/2014 11:15:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ts3client_win64.exe, Version 3.0.14.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 984
Startzeit: 01cfcae0a59eecd0
Endzeit: 40
Anwendungspfad: C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
Berichts-ID: 1e5e28a9-36d4-11e4-9fc9-00256489b9d5
Error: (09/07/2014 06:09:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sebastian-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/09/2014 09:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x728
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (07/24/2014 10:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x7ec
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (07/23/2014 06:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HOpsGame.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f30
Startzeit: 01cfa69153762d0a
Endzeit: 38
Anwendungspfad: C:\Program Files (x86)\Hazard Ops\UnrealEngine3\Binaries\Win32\HOpsGame.exe
Berichts-ID:
Error: (07/22/2014 08:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.17.31000, Zeitstempel: 0x53ba89c2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6f8
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (07/22/2014 08:40:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
bei System.Reflection.RuntimeConstructorInfo.Invoke(System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.CreateInstance(System.Reflection.ConstructorInfo, System.Object[])
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.GetInstanceActivatingIfNeeded()
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.NotifyImportSatisfied()
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.Activate()
bei System.ComponentModel.Composition.Hosting.ImportEngine+PartManager.TryOnComposed()
bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImportsStateMachine(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart)
bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImports(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart, Boolean)
bei System.ComponentModel.Composition.Hosting.ImportEngine.SatisfyImports(System.ComponentModel.Composition.Primitives.ComposablePart)
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.<get_AvStatusReporterFactory>b__0()
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (07/19/2014 11:27:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 8.0.5.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d28
Startzeit: 01cfa333a1596dee
Endzeit: 11
Anwendungspfad: C:\Program Files\Java\jre8\bin\javaw.exe
Berichts-ID: f54d06c9-0f26-11e4-8ee9-00256489b9d5
Error: (07/18/2014 09:12:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Name des fehlerhaften Moduls: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Ausnahmecode: 0xc0000417
Fehleroffset: 0x01194140
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xUplay.exe0
Pfad der fehlerhaften Anwendung: Uplay.exe1
Pfad des fehlerhaften Moduls: Uplay.exe2
Berichtskennung: Uplay.exe3
Error: (07/18/2014 09:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Name des fehlerhaften Moduls: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Ausnahmecode: 0xc0000417
Fehleroffset: 0x01194140
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xUplay.exe0
Pfad der fehlerhaften Anwendung: Uplay.exe1
Pfad des fehlerhaften Moduls: Uplay.exe2
Berichtskennung: Uplay.exe3
System errors:
=============
Error: (09/08/2014 09:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/08/2014 09:58:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (09/07/2014 10:55:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/25/2014 02:45:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.08.2014 um 00:10:13 unerwartet heruntergefahren.
Error: (08/23/2014 06:54:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 17.08.2014 um 12:44:15 unerwartet heruntergefahren.
Error: (08/17/2014 00:27:27 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (08/16/2014 02:24:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/15/2014 02:40:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/15/2014 02:40:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (08/06/2014 11:13:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/07/2014 11:15:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ts3client_win64.exe3.0.14.098401cfcae0a59eecd040C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe1e5e28a9-36d4-11e4-9fc9-00256489b9d5
Error: (09/07/2014 06:09:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sebastian-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/09/2014 09:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b72801cfb3f62a91a32aC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe2eda1e6e-1ffa-11e4-9a6f-00256489b9d5
Error: (07/24/2014 10:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e47ec01cfa77c4d671e2aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllb47ad498-136f-11e4-8376-00256489b9d5
Error: (07/23/2014 06:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HOpsGame.exe0.0.0.0f3001cfa69153762d0a38C:\Program Files (x86)\Hazard Ops\UnrealEngine3\Binaries\Win32\HOpsGame.exe
Error: (07/22/2014 08:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.17.3100053ba89c2KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d6f801cfa5dc512f6c94C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dllb29e5efa-11cf-11e4-821a-00256489b9d5
Error: (07/22/2014 08:40:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
bei System.Reflection.RuntimeConstructorInfo.Invoke(System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.CreateInstance(System.Reflection.ConstructorInfo, System.Object[])
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.GetInstanceActivatingIfNeeded()
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.NotifyImportSatisfied()
bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.Activate()
bei System.ComponentModel.Composition.Hosting.ImportEngine+PartManager.TryOnComposed()
bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImportsStateMachine(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart)
bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImports(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart, Boolean)
bei System.ComponentModel.Composition.Hosting.ImportEngine.SatisfyImports(System.ComponentModel.Composition.Primitives.ComposablePart)
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.<get_AvStatusReporterFactory>b__0()
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (07/19/2014 11:27:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.5.13d2801cfa333a1596dee11C:\Program Files\Java\jre8\bin\javaw.exef54d06c9-0f26-11e4-8ee9-00256489b9d5
Error: (07/18/2014 09:12:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uplay.exe4.6.1.321753b41990Uplay.exe4.6.1.321753b41990c0000417011941408a001cfa25771155d05C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exee270744b-0e4a-11e4-8e7a-00256489b9d5
Error: (07/18/2014 09:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uplay.exe4.6.1.321753b41990Uplay.exe4.6.1.321753b41990c0000417011941407e801cfa256742e7fffC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe3a5b6c93-0e4a-11e4-8e7a-00256489b9d5
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 8190.98 MB
Available physical RAM: 6406.89 MB
Total Pagefile: 16380.15 MB
Available Pagefile: 14276.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:920.46 GB) (Free:659.4 GB) NTFS
Drive d: (Fragen-Lern-CD) (CDROM) (Total:0.73 GB) (Free:0 GB) UDF
Drive e: (RECOVERY) (Fixed) (Total:10.98 GB) (Free:4.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.09.2014, 10:39
| #4 |
| /// the machine /// TB-Ausbilder | Unsichtbares Internetexplorerfenster hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2014, 11:10
| #5 |
| | Unsichtbares InternetexplorerfensterCode:
ATTFilter 11:59:35.0758 0x091c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:59:40.0727 0x091c ============================================================
11:59:40.0727 0x091c Current date / time: 2014/09/17 11:59:40.0727
11:59:40.0727 0x091c SystemInfo:
11:59:40.0727 0x091c
11:59:40.0727 0x091c OS Version: 6.1.7601 ServicePack: 1.0
11:59:40.0727 0x091c Product type: Workstation
11:59:40.0728 0x091c ComputerName: SEBASTIAN-PC
11:59:40.0728 0x091c UserName: Sebastian
11:59:40.0728 0x091c Windows directory: C:\Windows
11:59:40.0728 0x091c System windows directory: C:\Windows
11:59:40.0728 0x091c Running under WOW64
11:59:40.0728 0x091c Processor architecture: Intel x64
11:59:40.0728 0x091c Number of processors: 4
11:59:40.0728 0x091c Page size: 0x1000
11:59:40.0728 0x091c Boot type: Normal boot
11:59:40.0728 0x091c ============================================================
11:59:42.0680 0x091c KLMD registered as C:\Windows\system32\drivers\99288566.sys
11:59:45.0300 0x091c System UUID: {B0ADBDD4-A938-659E-A212-FCCB93AAB822}
11:59:46.0926 0x091c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:46.0942 0x091c ============================================================
11:59:46.0942 0x091c \Device\Harddisk0\DR0:
11:59:46.0942 0x091c MBR partitions:
11:59:46.0942 0x091c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x15F5000
11:59:46.0942 0x091c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x161C800, BlocksNum 0x730E9800
11:59:46.0942 0x091c ============================================================
11:59:46.0979 0x091c C: <-> \Device\Harddisk0\DR0\Partition2
11:59:47.0015 0x091c E: <-> \Device\Harddisk0\DR0\Partition1
11:59:47.0015 0x091c ============================================================
11:59:47.0015 0x091c Initialize success
11:59:47.0015 0x091c ============================================================
11:59:56.0813 0x0b18 ============================================================
11:59:56.0813 0x0b18 Scan started
11:59:56.0813 0x0b18 Mode: Manual; SigCheck; TDLFS;
11:59:56.0813 0x0b18 ============================================================
11:59:56.0813 0x0b18 KSN ping started
12:00:17.0608 0x0b18 KSN ping finished: true
12:00:18.0696 0x0b18 ================ Scan system memory ========================
12:00:18.0696 0x0b18 System memory - ok
12:00:18.0697 0x0b18 ================ Scan services =============================
12:00:18.0886 0x0b18 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:00:18.0994 0x0b18 1394ohci - ok
12:00:19.0037 0x0b18 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:00:19.0058 0x0b18 ACPI - ok
12:00:19.0076 0x0b18 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:00:19.0142 0x0b18 AcpiPmi - ok
12:00:19.0226 0x0b18 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:00:19.0239 0x0b18 AdobeARMservice - ok
12:00:19.0363 0x0b18 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:00:19.0381 0x0b18 AdobeFlashPlayerUpdateSvc - ok
12:00:19.0428 0x0b18 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:00:19.0452 0x0b18 adp94xx - ok
12:00:19.0476 0x0b18 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:00:19.0496 0x0b18 adpahci - ok
12:00:19.0521 0x0b18 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:00:19.0537 0x0b18 adpu320 - ok
12:00:19.0575 0x0b18 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:00:19.0709 0x0b18 AeLookupSvc - ok
12:00:19.0761 0x0b18 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
12:00:19.0877 0x0b18 AFD - ok
12:00:19.0898 0x0b18 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:00:19.0917 0x0b18 agp440 - ok
12:00:19.0927 0x0b18 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:00:19.0999 0x0b18 ALG - ok
12:00:20.0029 0x0b18 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:00:20.0041 0x0b18 aliide - ok
12:00:20.0078 0x0b18 [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:00:20.0154 0x0b18 AMD External Events Utility - ok
12:00:20.0170 0x0b18 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:00:20.0185 0x0b18 amdide - ok
12:00:20.0241 0x0b18 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:00:20.0290 0x0b18 AmdK8 - ok
12:00:20.0664 0x0b18 [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:00:21.0170 0x0b18 amdkmdag - ok
12:00:21.0227 0x0b18 [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:00:21.0272 0x0b18 amdkmdap - ok
12:00:21.0293 0x0b18 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:00:21.0323 0x0b18 AmdPPM - ok
12:00:21.0344 0x0b18 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:00:21.0359 0x0b18 amdsata - ok
12:00:21.0406 0x0b18 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:00:21.0422 0x0b18 amdsbs - ok
12:00:21.0439 0x0b18 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:00:21.0451 0x0b18 amdxata - ok
12:00:21.0547 0x0b18 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:00:21.0587 0x0b18 AntiVirSchedulerService - ok
12:00:21.0632 0x0b18 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:00:21.0655 0x0b18 AntiVirService - ok
12:00:21.0691 0x0b18 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:00:21.0813 0x0b18 AppID - ok
12:00:21.0844 0x0b18 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:00:21.0913 0x0b18 AppIDSvc - ok
12:00:21.0946 0x0b18 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:00:22.0013 0x0b18 Appinfo - ok
12:00:22.0051 0x0b18 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
12:00:22.0087 0x0b18 AppMgmt - ok
12:00:22.0109 0x0b18 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:00:22.0122 0x0b18 arc - ok
12:00:22.0141 0x0b18 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:00:22.0155 0x0b18 arcsas - ok
12:00:22.0274 0x0b18 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:00:22.0320 0x0b18 aspnet_state - ok
12:00:22.0337 0x0b18 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:00:22.0396 0x0b18 AsyncMac - ok
12:00:22.0429 0x0b18 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:00:22.0441 0x0b18 atapi - ok
12:00:22.0470 0x0b18 [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:00:22.0529 0x0b18 AtiHDAudioService - ok
12:00:22.0578 0x0b18 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:00:22.0664 0x0b18 AudioEndpointBuilder - ok
12:00:22.0683 0x0b18 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:00:22.0732 0x0b18 AudioSrv - ok
12:00:22.0770 0x0b18 [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:00:22.0798 0x0b18 avgntflt - ok
12:00:22.0840 0x0b18 [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:00:22.0853 0x0b18 avipbb - ok
12:00:22.0919 0x0b18 [ 05ABC09DC0DFA5DF79A0BB39F60636B7, FEDE900D991F1FB40BA0A44E05181A6A506DC8B5F365E78E523CB6DF2CDACC15 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
12:00:22.0936 0x0b18 Avira.OE.ServiceHost - ok
12:00:22.0967 0x0b18 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:00:22.0980 0x0b18 avkmgr - ok
12:00:23.0021 0x0b18 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:00:23.0109 0x0b18 AxInstSV - ok
12:00:23.0143 0x0b18 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:00:23.0210 0x0b18 b06bdrv - ok
12:00:23.0238 0x0b18 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:00:23.0274 0x0b18 b57nd60a - ok
12:00:23.0307 0x0b18 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:00:23.0348 0x0b18 BDESVC - ok
12:00:23.0352 0x0b18 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:00:23.0403 0x0b18 Beep - ok
12:00:23.0450 0x0b18 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:00:23.0495 0x0b18 BFE - ok
12:00:23.0535 0x0b18 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:00:23.0611 0x0b18 BITS - ok
12:00:23.0633 0x0b18 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:00:23.0677 0x0b18 blbdrive - ok
12:00:23.0704 0x0b18 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:00:23.0739 0x0b18 bowser - ok
12:00:23.0762 0x0b18 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:00:23.0812 0x0b18 BrFiltLo - ok
12:00:23.0817 0x0b18 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:00:23.0833 0x0b18 BrFiltUp - ok
12:00:23.0861 0x0b18 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:00:23.0914 0x0b18 Browser - ok
12:00:23.0939 0x0b18 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:00:24.0015 0x0b18 Brserid - ok
12:00:24.0036 0x0b18 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:00:24.0066 0x0b18 BrSerWdm - ok
12:00:24.0071 0x0b18 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:00:24.0108 0x0b18 BrUsbMdm - ok
12:00:24.0112 0x0b18 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:00:24.0143 0x0b18 BrUsbSer - ok
12:00:24.0149 0x0b18 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:00:24.0183 0x0b18 BTHMODEM - ok
12:00:24.0206 0x0b18 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:00:24.0249 0x0b18 bthserv - ok
12:00:24.0268 0x0b18 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:00:24.0316 0x0b18 cdfs - ok
12:00:24.0339 0x0b18 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:00:24.0375 0x0b18 cdrom - ok
12:00:24.0413 0x0b18 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:00:24.0472 0x0b18 CertPropSvc - ok
12:00:24.0493 0x0b18 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:00:24.0522 0x0b18 circlass - ok
12:00:24.0563 0x0b18 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:00:24.0583 0x0b18 CLFS - ok
12:00:24.0658 0x0b18 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:00:24.0674 0x0b18 clr_optimization_v2.0.50727_32 - ok
12:00:24.0731 0x0b18 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:00:24.0745 0x0b18 clr_optimization_v2.0.50727_64 - ok
12:00:24.0847 0x0b18 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:00:24.0921 0x0b18 clr_optimization_v4.0.30319_32 - ok
12:00:24.0944 0x0b18 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:00:24.0966 0x0b18 clr_optimization_v4.0.30319_64 - ok
12:00:25.0001 0x0b18 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:00:25.0092 0x0b18 CmBatt - ok
12:00:25.0120 0x0b18 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:00:25.0132 0x0b18 cmdide - ok
12:00:25.0179 0x0b18 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
12:00:25.0226 0x0b18 CNG - ok
12:00:25.0232 0x0b18 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:00:25.0244 0x0b18 Compbatt - ok
12:00:25.0278 0x0b18 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:00:25.0313 0x0b18 CompositeBus - ok
12:00:25.0318 0x0b18 COMSysApp - ok
12:00:25.0324 0x0b18 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:00:25.0339 0x0b18 crcdisk - ok
12:00:25.0366 0x0b18 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:00:25.0421 0x0b18 CryptSvc - ok
12:00:25.0459 0x0b18 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
12:00:25.0544 0x0b18 CSC - ok
12:00:25.0600 0x0b18 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
12:00:25.0652 0x0b18 CscService - ok
12:00:25.0720 0x0b18 [ 80861969541971176E005D2C09DAE851, F82A054DE0425ACB758A3792D902A38D01BE0ADEE933B5878C8F8017C148063A ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:00:25.0730 0x0b18 DAUpdaterSvc - ok
12:00:25.0782 0x0b18 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:00:25.0844 0x0b18 DcomLaunch - ok
12:00:25.0883 0x0b18 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:00:25.0945 0x0b18 defragsvc - ok
12:00:25.0982 0x0b18 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:00:26.0038 0x0b18 DfsC - ok
12:00:26.0073 0x0b18 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:00:26.0139 0x0b18 Dhcp - ok
12:00:26.0158 0x0b18 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:00:26.0215 0x0b18 discache - ok
12:00:26.0262 0x0b18 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:00:26.0280 0x0b18 Disk - ok
12:00:26.0306 0x0b18 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:00:26.0335 0x0b18 Dnscache - ok
12:00:26.0378 0x0b18 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:00:26.0436 0x0b18 dot3svc - ok
12:00:26.0477 0x0b18 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:00:26.0528 0x0b18 DPS - ok
12:00:26.0564 0x0b18 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:00:26.0599 0x0b18 drmkaud - ok
12:00:26.0627 0x0b18 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:00:26.0647 0x0b18 dtsoftbus01 - ok
12:00:26.0710 0x0b18 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:00:26.0765 0x0b18 DXGKrnl - ok
12:00:26.0772 0x0b18 EagleX64 - ok
12:00:26.0808 0x0b18 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:00:26.0849 0x0b18 EapHost - ok
12:00:26.0956 0x0b18 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:00:27.0106 0x0b18 ebdrv - ok
12:00:27.0144 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
12:00:27.0174 0x0b18 EFS - ok
12:00:27.0230 0x0b18 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:00:27.0316 0x0b18 ehRecvr - ok
12:00:27.0350 0x0b18 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:00:27.0402 0x0b18 ehSched - ok
12:00:27.0449 0x0b18 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:00:27.0480 0x0b18 elxstor - ok
12:00:27.0507 0x0b18 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:00:27.0561 0x0b18 ErrDev - ok
12:00:27.0590 0x0b18 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:00:27.0653 0x0b18 EventSystem - ok
12:00:27.0679 0x0b18 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:00:27.0723 0x0b18 exfat - ok
12:00:27.0762 0x0b18 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:00:27.0817 0x0b18 fastfat - ok
12:00:27.0884 0x0b18 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:00:27.0964 0x0b18 Fax - ok
12:00:27.0979 0x0b18 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:00:28.0006 0x0b18 fdc - ok
12:00:28.0011 0x0b18 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:00:28.0064 0x0b18 fdPHost - ok
12:00:28.0085 0x0b18 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:00:28.0135 0x0b18 FDResPub - ok
12:00:28.0154 0x0b18 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:00:28.0173 0x0b18 FileInfo - ok
12:00:28.0182 0x0b18 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:00:28.0232 0x0b18 Filetrace - ok
12:00:28.0248 0x0b18 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:00:28.0262 0x0b18 flpydisk - ok
12:00:28.0305 0x0b18 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:00:28.0332 0x0b18 FltMgr - ok
12:00:28.0405 0x0b18 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:00:28.0480 0x0b18 FontCache - ok
12:00:28.0539 0x0b18 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:00:28.0553 0x0b18 FontCache3.0.0.0 - ok
12:00:28.0570 0x0b18 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:00:28.0591 0x0b18 FsDepends - ok
12:00:28.0610 0x0b18 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:00:28.0626 0x0b18 Fs_Rec - ok
12:00:28.0650 0x0b18 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:00:28.0680 0x0b18 fvevol - ok
12:00:28.0692 0x0b18 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:00:28.0705 0x0b18 gagp30kx - ok
12:00:28.0755 0x0b18 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:00:28.0838 0x0b18 gpsvc - ok
12:00:28.0904 0x0b18 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:00:28.0914 0x0b18 hamachi - ok
12:00:29.0021 0x0b18 [ CD926C6DE583ADBE1A3A9A62C310FDE2, 9E5E2D9F3342ACBAD6E0F6A1DEFC369A30E5CB6743EF2178A886A95263E5B7EF ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:00:29.0111 0x0b18 Hamachi2Svc - ok
12:00:29.0137 0x0b18 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:00:29.0206 0x0b18 hcw85cir - ok
12:00:29.0275 0x0b18 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:00:29.0330 0x0b18 HdAudAddService - ok
12:00:29.0382 0x0b18 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:00:29.0419 0x0b18 HDAudBus - ok
12:00:29.0444 0x0b18 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:00:29.0491 0x0b18 HidBatt - ok
12:00:29.0515 0x0b18 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:00:29.0553 0x0b18 HidBth - ok
12:00:29.0601 0x0b18 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:00:29.0618 0x0b18 HidIr - ok
12:00:29.0673 0x0b18 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:00:29.0728 0x0b18 hidserv - ok
12:00:29.0809 0x0b18 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:00:29.0869 0x0b18 HidUsb - ok
12:00:29.0917 0x0b18 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:00:30.0126 0x0b18 hkmsvc - ok
12:00:30.0281 0x0b18 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:00:30.0449 0x0b18 HomeGroupListener - ok
12:00:30.0640 0x0b18 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:00:30.0766 0x0b18 HomeGroupProvider - ok
12:00:30.0908 0x0b18 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:00:30.0922 0x0b18 HpSAMD - ok
12:00:31.0258 0x0b18 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:00:31.0508 0x0b18 HTTP - ok
12:00:31.0612 0x0b18 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:00:31.0713 0x0b18 hwpolicy - ok
12:00:31.0765 0x0b18 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:00:31.0790 0x0b18 i8042prt - ok
12:00:31.0937 0x0b18 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:00:31.0958 0x0b18 iaStorV - ok
12:00:32.0227 0x0b18 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:00:32.0263 0x0b18 idsvc - ok
12:00:32.0289 0x0b18 IEEtwCollectorService - ok
12:00:32.0324 0x0b18 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:00:32.0337 0x0b18 iirsp - ok
12:00:32.0408 0x0b18 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:00:32.0460 0x0b18 IKEEXT - ok
12:00:32.0495 0x0b18 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:00:32.0507 0x0b18 intelide - ok
12:00:32.0522 0x0b18 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:00:32.0558 0x0b18 intelppm - ok
12:00:32.0605 0x0b18 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:00:32.0685 0x0b18 IPBusEnum - ok
12:00:32.0729 0x0b18 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:00:32.0794 0x0b18 IpFilterDriver - ok
12:00:32.0881 0x0b18 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:00:32.0937 0x0b18 iphlpsvc - ok
12:00:32.0964 0x0b18 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:00:32.0996 0x0b18 IPMIDRV - ok
12:00:33.0023 0x0b18 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:00:33.0087 0x0b18 IPNAT - ok
12:00:33.0125 0x0b18 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:00:33.0369 0x0b18 IRENUM - ok
12:00:33.0379 0x0b18 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:00:33.0394 0x0b18 isapnp - ok
12:00:33.0419 0x0b18 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:00:33.0445 0x0b18 iScsiPrt - ok
12:00:33.0461 0x0b18 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:00:33.0479 0x0b18 kbdclass - ok
12:00:33.0501 0x0b18 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:00:33.0518 0x0b18 kbdhid - ok
12:00:33.0528 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
12:00:33.0542 0x0b18 KeyIso - ok
12:00:33.0645 0x0b18 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:00:33.0683 0x0b18 KSecDD - ok
12:00:33.0789 0x0b18 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:00:33.0816 0x0b18 KSecPkg - ok
12:00:33.0828 0x0b18 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:00:33.0884 0x0b18 ksthunk - ok
12:00:33.0923 0x0b18 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:00:33.0990 0x0b18 KtmRm - ok
12:00:34.0025 0x0b18 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:00:34.0079 0x0b18 LanmanServer - ok
12:00:34.0119 0x0b18 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:00:34.0168 0x0b18 LanmanWorkstation - ok
12:00:34.0205 0x0b18 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:00:34.0255 0x0b18 lltdio - ok
12:00:34.0292 0x0b18 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:00:34.0360 0x0b18 lltdsvc - ok
12:00:34.0374 0x0b18 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:00:34.0412 0x0b18 lmhosts - ok
12:00:34.0435 0x0b18 [ 367B044CC3A056242D85F4D26975E6C3, EA989217E91377535A8AECF2C0C23F1A183493CAD1EDE9B19541A93FD9AE290A ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
12:00:34.0451 0x0b18 LMIGuardianSvc - ok
12:00:34.0482 0x0b18 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:00:34.0496 0x0b18 LSI_FC - ok
12:00:34.0503 0x0b18 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:00:34.0516 0x0b18 LSI_SAS - ok
12:00:34.0521 0x0b18 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:00:34.0535 0x0b18 LSI_SAS2 - ok
12:00:34.0541 0x0b18 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:00:34.0555 0x0b18 LSI_SCSI - ok
12:00:34.0584 0x0b18 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:00:34.0637 0x0b18 luafv - ok
12:00:34.0672 0x0b18 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:00:34.0714 0x0b18 Mcx2Svc - ok
12:00:34.0734 0x0b18 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:00:34.0746 0x0b18 megasas - ok
12:00:34.0757 0x0b18 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:00:34.0775 0x0b18 MegaSR - ok
12:00:34.0810 0x0b18 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:00:34.0863 0x0b18 MMCSS - ok
12:00:34.0945 0x0b18 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:00:35.0088 0x0b18 Modem - ok
12:00:35.0181 0x0b18 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:00:35.0212 0x0b18 monitor - ok
12:00:35.0244 0x0b18 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:00:35.0259 0x0b18 mouclass - ok
12:00:35.0275 0x0b18 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:00:35.0322 0x0b18 mouhid - ok
12:00:35.0353 0x0b18 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:00:35.0368 0x0b18 mountmgr - ok
12:00:35.0415 0x0b18 [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:00:35.0446 0x0b18 MozillaMaintenance - ok
12:00:35.0466 0x0b18 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:00:35.0489 0x0b18 mpio - ok
12:00:35.0516 0x0b18 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:00:35.0555 0x0b18 mpsdrv - ok
12:00:35.0605 0x0b18 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:00:35.0678 0x0b18 MpsSvc - ok
12:00:35.0718 0x0b18 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:00:35.0762 0x0b18 MRxDAV - ok
12:00:35.0787 0x0b18 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:00:35.0841 0x0b18 mrxsmb - ok
12:00:35.0865 0x0b18 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:00:35.0907 0x0b18 mrxsmb10 - ok
12:00:35.0915 0x0b18 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:00:35.0937 0x0b18 mrxsmb20 - ok
12:00:35.0958 0x0b18 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:00:35.0970 0x0b18 msahci - ok
12:00:36.0004 0x0b18 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:00:36.0026 0x0b18 msdsm - ok
12:00:36.0051 0x0b18 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:00:36.0077 0x0b18 MSDTC - ok
12:00:36.0098 0x0b18 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:00:36.0134 0x0b18 Msfs - ok
12:00:36.0146 0x0b18 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:00:36.0198 0x0b18 mshidkmdf - ok
12:00:36.0227 0x0b18 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:00:36.0242 0x0b18 msisadrv - ok
12:00:36.0283 0x0b18 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:00:36.0329 0x0b18 MSiSCSI - ok
12:00:36.0332 0x0b18 msiserver - ok
12:00:36.0366 0x0b18 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:00:36.0402 0x0b18 MSKSSRV - ok
12:00:36.0426 0x0b18 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:00:36.0484 0x0b18 MSPCLOCK - ok
12:00:36.0488 0x0b18 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:00:36.0542 0x0b18 MSPQM - ok
12:00:36.0566 0x0b18 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:00:36.0593 0x0b18 MsRPC - ok
12:00:36.0618 0x0b18 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:00:36.0631 0x0b18 mssmbios - ok
12:00:36.0646 0x0b18 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:00:36.0684 0x0b18 MSTEE - ok
12:00:36.0699 0x0b18 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:00:36.0715 0x0b18 MTConfig - ok
12:00:36.0730 0x0b18 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:00:36.0746 0x0b18 Mup - ok
12:00:36.0777 0x0b18 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:00:36.0840 0x0b18 napagent - ok
12:00:36.0871 0x0b18 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:00:36.0902 0x0b18 NativeWifiP - ok
12:00:36.0964 0x0b18 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:00:37.0011 0x0b18 NDIS - ok
12:00:37.0027 0x0b18 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:00:37.0089 0x0b18 NdisCap - ok
12:00:37.0105 0x0b18 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:00:37.0136 0x0b18 NdisTapi - ok
12:00:37.0183 0x0b18 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:37.0221 0x0b18 Ndisuio - ok
12:00:37.0256 0x0b18 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:37.0312 0x0b18 NdisWan - ok
12:00:37.0344 0x0b18 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:00:37.0381 0x0b18 NDProxy - ok
12:00:37.0392 0x0b18 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:00:37.0448 0x0b18 NetBIOS - ok
12:00:37.0478 0x0b18 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:00:37.0543 0x0b18 NetBT - ok
12:00:37.0561 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
12:00:37.0574 0x0b18 Netlogon - ok
12:00:37.0617 0x0b18 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:00:37.0714 0x0b18 Netman - ok
12:00:37.0771 0x0b18 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0799 0x0b18 NetMsmqActivator - ok
12:00:37.0805 0x0b18 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0821 0x0b18 NetPipeActivator - ok
12:00:37.0856 0x0b18 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:00:37.0917 0x0b18 netprofm - ok
12:00:37.0924 0x0b18 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0940 0x0b18 NetTcpActivator - ok
12:00:37.0945 0x0b18 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0961 0x0b18 NetTcpPortSharing - ok
12:00:37.0991 0x0b18 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:38.0021 0x0b18 nfrd960 - ok
12:00:38.0044 0x0b18 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:00:38.0084 0x0b18 NlaSvc - ok
12:00:38.0089 0x0b18 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:00:38.0140 0x0b18 Npfs - ok
12:00:38.0166 0x0b18 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:00:38.0212 0x0b18 nsi - ok
12:00:38.0229 0x0b18 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:00:38.0282 0x0b18 nsiproxy - ok
12:00:38.0351 0x0b18 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:00:38.0457 0x0b18 Ntfs - ok
12:00:38.0469 0x0b18 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:00:38.0539 0x0b18 Null - ok
12:00:38.0587 0x0b18 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:00:38.0601 0x0b18 nvraid - ok
12:00:38.0633 0x0b18 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:00:38.0648 0x0b18 nvstor - ok
12:00:38.0662 0x0b18 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:00:38.0676 0x0b18 nv_agp - ok
12:00:38.0695 0x0b18 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:00:38.0714 0x0b18 ohci1394 - ok
12:00:38.0754 0x0b18 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:00:38.0810 0x0b18 p2pimsvc - ok
12:00:38.0839 0x0b18 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:00:38.0890 0x0b18 p2psvc - ok
12:00:38.0917 0x0b18 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:00:38.0932 0x0b18 Parport - ok
12:00:38.0968 0x0b18 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:00:39.0041 0x0b18 partmgr - ok
12:00:39.0087 0x0b18 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:00:39.0128 0x0b18 PcaSvc - ok
12:00:39.0152 0x0b18 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:00:39.0168 0x0b18 pci - ok
12:00:39.0187 0x0b18 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:00:39.0202 0x0b18 pciide - ok
12:00:39.0227 0x0b18 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:39.0243 0x0b18 pcmcia - ok
12:00:39.0261 0x0b18 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:00:39.0278 0x0b18 pcw - ok
12:00:39.0305 0x0b18 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:00:39.0399 0x0b18 PEAUTH - ok
12:00:39.0473 0x0b18 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:00:39.0627 0x0b18 PeerDistSvc - ok
12:00:39.0720 0x0b18 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:00:39.0760 0x0b18 PerfHost - ok
12:00:39.0832 0x0b18 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:00:39.0961 0x0b18 pla - ok
12:00:40.0016 0x0b18 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:00:40.0080 0x0b18 PlugPlay - ok
12:00:40.0099 0x0b18 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:00:40.0129 0x0b18 PNRPAutoReg - ok
12:00:40.0152 0x0b18 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:00:40.0168 0x0b18 PNRPsvc - ok
12:00:40.0271 0x0b18 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:00:40.0349 0x0b18 PolicyAgent - ok
12:00:40.0390 0x0b18 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:00:40.0441 0x0b18 Power - ok
12:00:40.0493 0x0b18 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:00:40.0568 0x0b18 PptpMiniport - ok
12:00:40.0595 0x0b18 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:00:40.0626 0x0b18 Processor - ok
12:00:40.0693 0x0b18 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:00:40.0740 0x0b18 ProfSvc - ok
12:00:40.0752 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:00:40.0768 0x0b18 ProtectedStorage - ok
12:00:40.0802 0x0b18 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:00:40.0855 0x0b18 Psched - ok
12:00:40.0917 0x0b18 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:00:41.0016 0x0b18 ql2300 - ok
12:00:41.0044 0x0b18 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:41.0058 0x0b18 ql40xx - ok
12:00:41.0095 0x0b18 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:00:41.0128 0x0b18 QWAVE - ok
12:00:41.0138 0x0b18 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:00:41.0182 0x0b18 QWAVEdrv - ok
12:00:41.0201 0x0b18 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:00:41.0247 0x0b18 RasAcd - ok
12:00:41.0285 0x0b18 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:41.0323 0x0b18 RasAgileVpn - ok
12:00:41.0342 0x0b18 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:00:41.0402 0x0b18 RasAuto - ok
12:00:41.0435 0x0b18 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:41.0490 0x0b18 Rasl2tp - ok
12:00:41.0526 0x0b18 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:00:41.0577 0x0b18 RasMan - ok
12:00:41.0587 0x0b18 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:41.0640 0x0b18 RasPppoe - ok
12:00:41.0666 0x0b18 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:00:41.0721 0x0b18 RasSstp - ok
12:00:41.0751 0x0b18 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:00:41.0814 0x0b18 rdbss - ok
12:00:41.0831 0x0b18 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:41.0849 0x0b18 rdpbus - ok
12:00:41.0854 0x0b18 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:41.0906 0x0b18 RDPCDD - ok
12:00:41.0951 0x0b18 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:00:42.0005 0x0b18 RDPDR - ok
12:00:42.0014 0x0b18 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:00:42.0069 0x0b18 RDPENCDD - ok
12:00:42.0095 0x0b18 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:00:42.0131 0x0b18 RDPREFMP - ok
12:00:42.0153 0x0b18 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:00:42.0208 0x0b18 RDPWD - ok
12:00:42.0244 0x0b18 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:00:42.0267 0x0b18 rdyboost - ok
12:00:42.0301 0x0b18 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:00:42.0352 0x0b18 RemoteAccess - ok
12:00:42.0360 0x0b18 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:00:42.0419 0x0b18 RemoteRegistry - ok
12:00:42.0444 0x0b18 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:00:42.0486 0x0b18 RpcEptMapper - ok
12:00:42.0518 0x0b18 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:00:42.0552 0x0b18 RpcLocator - ok
12:00:42.0599 0x0b18 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:00:42.0648 0x0b18 RpcSs - ok
12:00:42.0664 0x0b18 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:00:42.0720 0x0b18 rspndr - ok
12:00:42.0775 0x0b18 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:00:42.0796 0x0b18 RTL8167 - ok
12:00:42.0833 0x0b18 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:00:42.0858 0x0b18 s3cap - ok
12:00:42.0869 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
12:00:42.0882 0x0b18 SamSs - ok
12:00:42.0907 0x0b18 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:00:42.0937 0x0b18 sbp2port - ok
12:00:42.0970 0x0b18 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:00:43.0040 0x0b18 SCardSvr - ok
12:00:43.0076 0x0b18 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:00:43.0122 0x0b18 scfilter - ok
12:00:43.0189 0x0b18 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:00:43.0329 0x0b18 Schedule - ok
12:00:43.0371 0x0b18 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:00:43.0409 0x0b18 SCPolicySvc - ok
12:00:43.0440 0x0b18 [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus C:\Windows\system32\DRIVERS\ScpVBus.sys
12:00:43.0451 0x0b18 ScpVBus - ok
12:00:43.0493 0x0b18 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:00:43.0552 0x0b18 SDRSVC - ok
12:00:43.0576 0x0b18 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:00:43.0622 0x0b18 secdrv - ok
12:00:43.0658 0x0b18 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:00:43.0717 0x0b18 seclogon - ok
12:00:43.0749 0x0b18 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:00:43.0793 0x0b18 SENS - ok
12:00:43.0809 0x0b18 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:00:43.0848 0x0b18 SensrSvc - ok
12:00:43.0868 0x0b18 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:00:43.0885 0x0b18 Serenum - ok
12:00:43.0918 0x0b18 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:00:43.0933 0x0b18 Serial - ok
12:00:43.0943 0x0b18 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:00:43.0982 0x0b18 sermouse - ok
12:00:44.0026 0x0b18 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:00:44.0082 0x0b18 SessionEnv - ok
12:00:44.0119 0x0b18 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:00:44.0156 0x0b18 sffdisk - ok
12:00:44.0179 0x0b18 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:00:44.0198 0x0b18 sffp_mmc - ok
12:00:44.0226 0x0b18 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:00:44.0275 0x0b18 sffp_sd - ok
12:00:44.0280 0x0b18 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:44.0295 0x0b18 sfloppy - ok
12:00:44.0345 0x0b18 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:00:44.0416 0x0b18 SharedAccess - ok
12:00:44.0458 0x0b18 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:00:44.0500 0x0b18 ShellHWDetection - ok
12:00:44.0526 0x0b18 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:44.0538 0x0b18 SiSRaid2 - ok
12:00:44.0544 0x0b18 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:44.0557 0x0b18 SiSRaid4 - ok
12:00:44.0604 0x0b18 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:00:44.0625 0x0b18 SkypeUpdate - ok
12:00:44.0642 0x0b18 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:00:44.0696 0x0b18 Smb - ok
12:00:44.0705 0x0b18 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:00:44.0723 0x0b18 SNMPTRAP - ok
12:00:44.0742 0x0b18 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:00:44.0758 0x0b18 spldr - ok
12:00:44.0796 0x0b18 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:00:44.0846 0x0b18 Spooler - ok
12:00:44.0975 0x0b18 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:00:45.0168 0x0b18 sppsvc - ok
12:00:45.0207 0x0b18 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:00:45.0275 0x0b18 sppuinotify - ok
12:00:45.0306 0x0b18 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:00:45.0386 0x0b18 srv - ok
12:00:45.0411 0x0b18 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:00:45.0486 0x0b18 srv2 - ok
12:00:45.0508 0x0b18 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:00:45.0531 0x0b18 srvnet - ok
12:00:45.0544 0x0b18 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:00:45.0584 0x0b18 SSDPSRV - ok
12:00:45.0596 0x0b18 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:00:45.0637 0x0b18 SstpSvc - ok
12:00:45.0696 0x0b18 [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:00:45.0731 0x0b18 Steam Client Service - ok
12:00:45.0750 0x0b18 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:00:45.0763 0x0b18 stexstor - ok
12:00:45.0829 0x0b18 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:00:45.0892 0x0b18 stisvc - ok
12:00:45.0913 0x0b18 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:00:45.0925 0x0b18 storflt - ok
12:00:45.0958 0x0b18 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
12:00:45.0995 0x0b18 StorSvc - ok
12:00:46.0010 0x0b18 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:00:46.0022 0x0b18 storvsc - ok
12:00:46.0027 0x0b18 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:00:46.0039 0x0b18 swenum - ok
12:00:46.0061 0x0b18 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:00:46.0139 0x0b18 swprv - ok
12:00:46.0223 0x0b18 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:00:46.0308 0x0b18 SysMain - ok
12:00:46.0344 0x0b18 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:00:46.0388 0x0b18 TabletInputService - ok
12:00:46.0431 0x0b18 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:00:46.0505 0x0b18 TapiSrv - ok
12:00:46.0547 0x0b18 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:00:46.0587 0x0b18 TBS - ok
12:00:46.0675 0x0b18 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:00:46.0798 0x0b18 Tcpip - ok
12:00:46.0883 0x0b18 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:00:46.0936 0x0b18 TCPIP6 - ok
12:00:46.0986 0x0b18 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:00:47.0018 0x0b18 tcpipreg - ok
12:00:47.0052 0x0b18 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:00:47.0091 0x0b18 TDPIPE - ok
12:00:47.0122 0x0b18 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:00:47.0138 0x0b18 TDTCP - ok
12:00:47.0166 0x0b18 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:00:47.0211 0x0b18 tdx - ok
12:00:47.0232 0x0b18 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:00:47.0250 0x0b18 TermDD - ok
12:00:47.0322 0x0b18 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:00:47.0394 0x0b18 TermService - ok
12:00:47.0416 0x0b18 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:00:47.0454 0x0b18 Themes - ok
12:00:47.0493 0x0b18 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:00:47.0527 0x0b18 THREADORDER - ok
12:00:47.0548 0x0b18 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:00:47.0601 0x0b18 TrkWks - ok
12:00:47.0704 0x0b18 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:00:47.0747 0x0b18 TrustedInstaller - ok
12:00:47.0791 0x0b18 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:00:47.0825 0x0b18 tssecsrv - ok
12:00:47.0875 0x0b18 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:00:47.0916 0x0b18 TsUsbFlt - ok
12:00:47.0975 0x0b18 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:00:48.0029 0x0b18 tunnel - ok
12:00:48.0036 0x0b18 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:00:48.0049 0x0b18 uagp35 - ok
12:00:48.0097 0x0b18 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:00:48.0376 0x0b18 udfs - ok
12:00:48.0399 0x0b18 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:00:48.0437 0x0b18 UI0Detect - ok
12:00:48.0454 0x0b18 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:00:48.0473 0x0b18 uliagpkx - ok
12:00:48.0489 0x0b18 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:00:48.0522 0x0b18 umbus - ok
12:00:48.0532 0x0b18 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:00:48.0549 0x0b18 UmPass - ok
12:00:48.0571 0x0b18 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:00:48.0597 0x0b18 UmRdpService - ok
12:00:48.0637 0x0b18 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:00:48.0693 0x0b18 upnphost - ok
12:00:48.0740 0x0b18 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:00:49.0130 0x0b18 usbccgp - ok
12:00:49.0213 0x0b18 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:00:49.0257 0x0b18 usbcir - ok
12:00:49.0262 0x0b18 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:00:49.0296 0x0b18 usbehci - ok
12:00:49.0318 0x0b18 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:00:49.0371 0x0b18 usbhub - ok
12:00:49.0391 0x0b18 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:00:49.0411 0x0b18 usbohci - ok
12:00:49.0433 0x0b18 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:00:49.0458 0x0b18 usbprint - ok
12:00:49.0478 0x0b18 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:00:49.0512 0x0b18 USBSTOR - ok
12:00:49.0516 0x0b18 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:00:49.0535 0x0b18 usbuhci - ok
12:00:49.0551 0x0b18 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:00:49.0604 0x0b18 UxSms - ok
12:00:49.0619 0x0b18 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
12:00:49.0633 0x0b18 VaultSvc - ok
12:00:49.0637 0x0b18 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:00:49.0654 0x0b18 vdrvroot - ok
12:00:49.0699 0x0b18 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:00:49.0758 0x0b18 vds - ok
12:00:49.0778 0x0b18 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:00:49.0797 0x0b18 vga - ok
12:00:49.0814 0x0b18 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:00:49.0851 0x0b18 VgaSave - ok
12:00:49.0875 0x0b18 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:00:49.0900 0x0b18 vhdmp - ok
12:00:49.0912 0x0b18 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:00:49.0923 0x0b18 viaide - ok
12:00:49.0943 0x0b18 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:00:49.0959 0x0b18 vmbus - ok
12:00:49.0969 0x0b18 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:00:49.0992 0x0b18 VMBusHID - ok
12:00:50.0008 0x0b18 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:00:50.0026 0x0b18 volmgr - ok
12:00:50.0064 0x0b18 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:00:50.0093 0x0b18 volmgrx - ok
12:00:50.0130 0x0b18 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:00:50.0148 0x0b18 volsnap - ok
12:00:50.0177 0x0b18 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:50.0192 0x0b18 vsmraid - ok
12:00:50.0271 0x0b18 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:00:50.0382 0x0b18 VSS - ok
12:00:50.0403 0x0b18 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:00:50.0444 0x0b18 vwifibus - ok
12:00:50.0466 0x0b18 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:00:50.0510 0x0b18 W32Time - ok
12:00:50.0517 0x0b18 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:00:50.0530 0x0b18 WacomPen - ok
12:00:50.0571 0x0b18 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:00:50.0634 0x0b18 WANARP - ok
12:00:50.0638 0x0b18 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:00:50.0673 0x0b18 Wanarpv6 - ok
12:00:50.0749 0x0b18 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:00:50.0860 0x0b18 wbengine - ok
12:00:50.0880 0x0b18 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:00:50.0912 0x0b18 WbioSrvc - ok
12:00:50.0956 0x0b18 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:00:51.0011 0x0b18 wcncsvc - ok
12:00:51.0031 0x0b18 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:00:51.0063 0x0b18 WcsPlugInService - ok
12:00:51.0068 0x0b18 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:00:51.0080 0x0b18 Wd - ok
12:00:51.0132 0x0b18 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:00:51.0181 0x0b18 Wdf01000 - ok
12:00:51.0201 0x0b18 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:00:51.0274 0x0b18 WdiServiceHost - ok
12:00:51.0279 0x0b18 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:00:51.0301 0x0b18 WdiSystemHost - ok
12:00:51.0334 0x0b18 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:00:51.0362 0x0b18 WebClient - ok
12:00:51.0375 0x0b18 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:00:51.0432 0x0b18 Wecsvc - ok
12:00:51.0449 0x0b18 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:00:51.0497 0x0b18 wercplsupport - ok
12:00:51.0541 0x0b18 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:00:51.0585 0x0b18 WerSvc - ok
12:00:51.0589 0x0b18 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:51.0625 0x0b18 WfpLwf - ok
12:00:51.0629 0x0b18 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:00:51.0645 0x0b18 WIMMount - ok
12:00:51.0679 0x0b18 WinDefend - ok
12:00:51.0694 0x0b18 WinHttpAutoProxySvc - ok
12:00:51.0745 0x0b18 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:00:51.0784 0x0b18 Winmgmt - ok
12:00:51.0877 0x0b18 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:00:52.0058 0x0b18 WinRM - ok
12:00:52.0102 0x0b18 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:52.0123 0x0b18 WinUsb - ok
12:00:52.0175 0x0b18 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:00:52.0252 0x0b18 Wlansvc - ok
12:00:52.0406 0x0b18 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:00:52.0487 0x0b18 wlidsvc - ok
12:00:52.0504 0x0b18 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:00:52.0520 0x0b18 WmiAcpi - ok
12:00:52.0538 0x0b18 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:00:52.0581 0x0b18 wmiApSrv - ok
12:00:52.0601 0x0b18 WMPNetworkSvc - ok
12:00:52.0609 0x0b18 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:00:52.0633 0x0b18 WPCSvc - ok
12:00:52.0674 0x0b18 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:00:52.0702 0x0b18 WPDBusEnum - ok
12:00:52.0722 0x0b18 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:00:52.0775 0x0b18 ws2ifsl - ok
12:00:52.0800 0x0b18 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:00:52.0832 0x0b18 wscsvc - ok
12:00:52.0835 0x0b18 WSearch - ok
12:00:52.0934 0x0b18 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
12:00:53.0031 0x0b18 wuauserv - ok
12:00:53.0062 0x0b18 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:00:53.0096 0x0b18 WudfPf - ok
12:00:53.0129 0x0b18 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:00:53.0165 0x0b18 WUDFRd - ok
12:00:53.0193 0x0b18 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:00:53.0227 0x0b18 wudfsvc - ok
12:00:53.0270 0x0b18 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:00:53.0323 0x0b18 WwanSvc - ok
12:00:53.0372 0x0b18 [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:00:53.0385 0x0b18 xusb21 - ok
12:00:53.0390 0x0b18 ================ Scan global ===============================
12:00:53.0425 0x0b18 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:00:53.0465 0x0b18 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:00:53.0479 0x0b18 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:00:53.0514 0x0b18 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:00:53.0560 0x0b18 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:00:53.0569 0x0b18 [ Global ] - ok
12:00:53.0569 0x0b18 ================ Scan MBR ==================================
12:00:53.0583 0x0b18 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:00:53.0856 0x0b18 \Device\Harddisk0\DR0 - ok
12:00:53.0857 0x0b18 ================ Scan VBR ==================================
12:00:53.0860 0x0b18 [ D72C9E1D116660CC510C58D8D2A8C288 ] \Device\Harddisk0\DR0\Partition1
12:00:53.0896 0x0b18 \Device\Harddisk0\DR0\Partition1 - ok
12:00:53.0899 0x0b18 [ 6A4C240675737A1D5AA76703E7C4FE57 ] \Device\Harddisk0\DR0\Partition2
12:00:53.0923 0x0b18 \Device\Harddisk0\DR0\Partition2 - ok
12:00:53.0923 0x0b18 ================ Scan generic autorun ======================
12:00:54.0024 0x0b18 [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:00:54.0046 0x0b18 avgnt - ok
12:00:54.0164 0x0b18 [ 8BD1E47690E0A8185F95D564F005C337, F48684B087634E4CB228309706B76CDE41910AAD15E04EC78FE2CD639F2B7F0E ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
12:00:54.0279 0x0b18 LogMeIn Hamachi Ui - ok
12:00:54.0328 0x0b18 [ 845EB283583BD3C89F09636A10114EF3, BCB3002B867052FB381B1E44D31E381200751E1AD3F991EB4233B73E3E034A0E ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
12:00:54.0341 0x0b18 Avira Systray - ok
12:00:54.0432 0x0b18 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:00:54.0540 0x0b18 Sidebar - ok
12:00:54.0579 0x0b18 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:00:54.0605 0x0b18 mctadmin - ok
12:00:54.0634 0x0b18 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:00:54.0689 0x0b18 Sidebar - ok
12:00:54.0696 0x0b18 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:00:54.0715 0x0b18 mctadmin - ok
12:00:54.0916 0x0b18 [ F31ED493F4569FEE116BAD1179D14C8F, DCF859C6B424EE829A4347EB82FAB3F70957BB2C80DD26A17FEB93724131B1AB ] C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe
12:00:54.0968 0x0b18 InetStat - ok
12:00:54.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:00:55.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:00:56.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:00:57.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:00:58.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:00:59.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:01:00.0971 0x0b18 Waiting for KSN requests completion. In queue: 211
12:01:01.0972 0x0b18 Waiting for KSN requests completion. In queue: 211
12:01:02.0972 0x0b18 Waiting for KSN requests completion. In queue: 211
12:01:03.0972 0x0b18 Waiting for KSN requests completion. In queue: 211
12:01:04.0972 0x0b18 Waiting for KSN requests completion. In queue: 107
12:01:05.0972 0x0b18 Waiting for KSN requests completion. In queue: 107
12:01:06.0993 0x0b18 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x41000 ( enabled : updated )
12:01:07.0006 0x0b18 Win FW state via NFP2: enabled
12:01:27.0006 0x0b18 ============================================================
12:01:27.0006 0x0b18 Scan finished
12:01:27.0006 0x0b18 ============================================================
12:01:27.0017 0x0e14 Detected object count: 0
12:01:27.0017 0x0e14 Actual detected object count: 0
|
|
17.09.2014, 20:26
| #6 |
| /// the machine /// TB-Ausbilder | Unsichtbares Internetexplorerfenster hi, Scan mit Combofix
__________________ --> Unsichtbares Internetexplorerfenster |
|
20.09.2014, 11:19
| #7 |
| | Unsichtbares Internetexplorerfenster hey, ich habe ein Problem mit Antivir. Gerade habe ich Combofix gestartet und Antivir hat, obwohl Echtzeitscan deaktiviert, genörgelt das ein Eintrag in die Registry verweigert wurde. Ich kann den Echtzeitscan und meine Firewall zwar über Antivir beenden, aber Antivir als Prozess im Taskmanager nicht (Der Vorgang konnte nicht beendet werden. Zugriff verweigert.). Soll ich es deinstallieren, um dir komplizierte erklärungen zu ersparen? |
|
20.09.2014, 17:45
| #8 |
| /// the machine /// TB-Ausbilder | Unsichtbares Internetexplorerfenster Ja, wir installieren es nachher wieder (oder gleich was anständiges  )
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2014, 18:13
| #9 |
| | Unsichtbares Internetexplorerfenster AV ist runtergeschmissen und hier das Log. Code:
ATTFilter ComboFix 14-09-18.01 - Sebastian 20.09.2014 18:58:29.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.6987 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WINDOWS.SYS
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-20 bis 2014-09-20 ))))))))))))))))))))))))))))))
.
.
2014-09-20 17:06 . 2014-09-20 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-20 17:06 . 2014-09-20 17:06 -------- d-----w- c:\users\Conni\AppData\Local\temp
2014-09-20 09:22 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA2DF7CF-E228-4318-8CB5-B009B3BF6C4D}\mpengine.dll
2014-09-13 18:16 . 2014-09-13 18:16 3231696 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-11 21:49 . 2014-09-11 21:49 -------- d-----w- c:\program files (x86)\Origin Games
2014-09-11 21:49 . 2014-09-11 21:49 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Origin
2014-09-11 21:49 . 2014-09-11 21:49 -------- d-----w- c:\users\Sebastian\AppData\Local\Origin
2014-09-11 21:47 . 2014-09-11 21:50 -------- d-----w- c:\programdata\Origin
2014-09-11 21:47 . 2014-09-11 21:47 -------- d-----w- c:\programdata\Electronic Arts
2014-09-11 21:47 . 2014-09-11 21:49 -------- d-----w- c:\program files (x86)\Origin
2014-09-11 08:32 . 2014-09-11 08:32 -------- d-----w- c:\users\Conni\AppData\Roaming\Thunderbird
2014-09-11 08:32 . 2014-09-11 08:32 -------- d-----w- c:\users\Conni\AppData\Local\Thunderbird
2014-09-10 12:18 . 2014-08-18 22:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-10 12:18 . 2014-08-18 22:06 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-09-10 12:18 . 2014-08-18 22:05 596480 ----a-w- c:\windows\system32\ieui.dll
2014-09-10 12:18 . 2014-08-18 21:38 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-09-10 12:18 . 2014-08-18 21:38 483328 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-09-10 12:18 . 2014-08-18 21:17 470016 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2014-09-10 12:18 . 2014-08-18 20:45 360448 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-09-10 12:18 . 2014-08-18 20:41 259584 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-09-10 12:12 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 12:12 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 08:39 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 08:39 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 08:38 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 08:38 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 08:38 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 08:38 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 08:38 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 08:38 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 08:38 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 08:37 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 08:37 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-09 14:07 . 2014-09-09 14:08 -------- d-----w- C:\FRST
2014-09-08 13:09 . 2014-09-08 13:09 -------- d-----w- c:\users\Conni\AppData\Roaming\java
2014-09-08 13:08 . 2014-09-10 20:02 -------- d-----w- c:\users\Conni\AppData\Roaming\.minecraft
2014-09-08 13:00 . 2014-09-08 13:00 -------- d-----w- c:\users\Conni\AppData\Local\Skype
2014-09-08 13:00 . 2014-09-11 00:06 -------- d-----w- c:\users\Conni\AppData\Roaming\Skype
2014-09-07 09:04 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-07 09:04 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-07 09:04 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-07 08:54 . 2014-09-07 08:54 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-08-24 22:06 . 2014-08-24 22:06 -------- d-----w- C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-24 22:05 . 2014-08-24 22:05 -------- d-----w- c:\windows\CheckSur
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 12:12 . 2014-04-04 14:21 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-09 14:16 . 2014-08-14 08:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 04:53 . 2014-03-20 17:22 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 08:43 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 08:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-14 08:41 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 08:41 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 16:22 . 2014-07-09 16:22 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-09 16:22 . 2014-07-09 16:22 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-09 16:22 . 2014-07-09 16:22 190888 ----a-w- c:\windows\system32\java.exe
2014-07-09 16:22 . 2014-07-09 16:22 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-09 09:17 . 2014-04-23 16:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:17 . 2014-04-23 16:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:17 . 2014-07-09 09:17 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-09 02:03 . 2014-08-14 08:47 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 08:47 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 08:47 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 08:47 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 08:47 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 08:47 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 08:47 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-14 12:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 12:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 08:57 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 19:29 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InetStat"="c:\users\Sebastian\AppData\Roaming\InetStat\inetstat.exe" [2014-07-15 1325536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-23 09:17]
.
2014-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20 18:11]
.
2014-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 17:08 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1 - c:\program files (x86)\LucasArts\Star Wars Battlefront II\GameData\ADDON\BFX\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2532947452-1858761559-3390100972-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,fa,14,61,01,48,79,4e,fa,9a,f5,00,17,7e,b8,0c,73,c0,ae,b5,2b,
49,12,ef,29,3b,20,49,dd,60,e0,7f,b4,37,31,a2,70,dc,49,d7,a2,22,98,11,36,63,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-20 19:09:51
ComboFix-quarantined-files.txt 2014-09-20 17:09
.
Vor Suchlauf: 27 Verzeichnis(se), 715.515.711.488 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 716.888.367.104 Bytes frei
.
- - End Of File - - 497BF6C59AAA415373593965628FF491
A36C5E4F47E84449FF07ED3517B43A31
|
|
21.09.2014, 09:45
| #10 |
| /// the machine /// TB-Ausbilder | Unsichtbares Internetexplorerfenster Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2014, 11:47
| #11 |
| | Unsichtbares InternetexplorerfensterCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.09.2014 Suchlauf-Zeit: 12:09:40 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.21.02 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sebastian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 357066 Verstrichene Zeit: 8 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [e660846c89f2ef47bb4a887dfa09cc34], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 12:27:14
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Sebastian - SEBASTIAN-PC
# Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\isec@securitascout.com
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\Conni\AppData\Roaming\Mozilla\Firefox\Profiles\vgl2nc4q.default\prefs.js ]
[ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3200 octets] - [21/09/2014 12:22:28]
AdwCleaner[S0].txt - [3016 octets] - [21/09/2014 12:27:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3076 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Professional x64
Ran by Sebastian on 21.09.2014 at 12:30:04,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3BDAE2A-737D-4D9A-92D9-B51ADC242E32}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\faqgy46y.default\minidumps [100 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 12:40:48,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 21-09-2014 12:41:46
Running from C:\Users\Sebastian\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3172B1316744CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\amazon-icon@giga.de [2014-04-20]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 12:41 - 2014-09-21 12:41 - 00007319 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-09-21 12:41 - 2014-09-21 12:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion
2014-09-21 12:40 - 2014-09-21 12:40 - 00000913 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-09-21 12:30 - 2014-09-21 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 12:26 - 2014-09-21 12:29 - 00003166 _____ () C:\Users\Sebastian\Desktop\AdwCleaner.txt
2014-09-21 12:21 - 2014-09-21 12:27 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:20 - 2014-09-21 12:20 - 00001375 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:10 - 01027006 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-09-20 19:09 - 2014-09-20 19:09 - 00012796 _____ () C:\ComboFix.txt
2014-09-20 12:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-20 12:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-20 12:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-20 12:03 - 2014-09-20 12:03 - 00001427 _____ () C:\Users\Sebastian\Desktop\ComboFix - Verknüpfung.lnk
2014-09-20 12:02 - 2014-09-20 19:09 - 00000000 ____D () C:\Qoobox
2014-09-20 12:01 - 2014-09-20 19:08 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 12:00 - 2014-09-20 12:01 - 05578824 ____R (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe
2014-09-15 11:55 - 2014-09-15 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-11 23:47 - 2014-09-11 23:50 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 23:47 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-11 23:46 - 2014-09-11 23:46 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Sebastian\Downloads\OriginThinSetup.exe
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Thunderbird
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Local\Thunderbird
2014-09-11 09:52 - 2014-09-11 09:52 - 00001291 _____ () C:\Users\Conni\Desktop\Battle.net.lnk
2014-09-10 14:18 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 14:18 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 14:18 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 14:17 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 14:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 14:17 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 14:17 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 14:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 14:17 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 14:17 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 14:17 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 14:17 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 14:17 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 14:17 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 14:17 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 14:17 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 14:17 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 14:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 14:17 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 14:17 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 14:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 14:17 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 14:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 14:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 14:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 14:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 14:17 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 14:17 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 14:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 14:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 14:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 14:17 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 14:17 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 14:17 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 14:17 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 14:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 14:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 14:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 14:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 14:17 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 14:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 14:17 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 14:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 14:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 14:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 14:17 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 14:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 14:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 14:17 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 14:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 14:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:38 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:38 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 10:38 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 10:38 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 10:37 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 10:37 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 21:22 - 2014-09-09 21:23 - 105139071 _____ () C:\Users\Conni\Desktop\Sphax PureBDcraft 512x MC18.zip
2014-09-09 16:07 - 2014-09-21 12:41 - 00000000 ____D () C:\FRST
2014-09-09 16:07 - 2014-09-09 16:08 - 00035793 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:07 - 2014-09-09 16:08 - 00035516 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-09-09 16:06 - 2014-09-21 12:41 - 02105856 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:08 - 2014-09-10 22:02 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-08 15:00 - 2014-09-11 02:06 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:47 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-07 11:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 11:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 11:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 18:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 18:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 18:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 18:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 18:59 - 2014-05-14 18:17 - 00000000 _____ () C:\Windows\SysWOW64\wudriver.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 18:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 12:42 - 2014-09-21 12:41 - 00007319 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-09-21 12:42 - 2014-04-23 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 12:42 - 2014-03-20 20:15 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job
2014-09-21 12:41 - 2014-09-21 12:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion
2014-09-21 12:41 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST
2014-09-21 12:41 - 2014-09-09 16:06 - 02105856 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-09-21 12:40 - 2014-09-21 12:40 - 00000913 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-09-21 12:35 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:35 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:30 - 2014-09-21 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 12:29 - 2014-09-21 12:26 - 00003166 _____ () C:\Users\Sebastian\Desktop\AdwCleaner.txt
2014-09-21 12:28 - 2014-03-20 22:15 - 00188874 _____ () C:\Windows\PFRO.log
2014-09-21 12:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 12:28 - 2009-07-14 06:51 - 00084410 _____ () C:\Windows\setupact.log
2014-09-21 12:27 - 2014-09-21 12:21 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:27 - 2014-03-20 19:07 - 01350749 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 12:21 - 2014-06-07 16:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
2014-09-21 12:20 - 2014-09-21 12:20 - 00001375 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:10 - 01027006 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-09-21 12:09 - 2014-08-14 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 02:10 - 2014-03-20 21:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-09-20 19:09 - 2014-09-20 19:09 - 00012796 _____ () C:\ComboFix.txt
2014-09-20 19:09 - 2014-09-20 12:02 - 00000000 ____D () C:\Qoobox
2014-09-20 19:08 - 2014-09-20 12:01 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 19:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-20 19:03 - 2014-03-21 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-20 18:52 - 2014-03-20 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-20 14:54 - 2014-03-20 21:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-09-20 13:45 - 2014-04-16 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 12:06 - 2014-05-27 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-20 12:03 - 2014-09-20 12:03 - 00001427 _____ () C:\Users\Sebastian\Desktop\ComboFix - Verknüpfung.lnk
2014-09-20 12:01 - 2014-09-20 12:00 - 05578824 ____R (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe
2014-09-20 11:42 - 2014-03-20 20:14 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job
2014-09-19 13:24 - 2014-07-30 21:12 - 00000000 ____D () C:\Users\Conni\AppData\Local\LogMeIn Hamachi
2014-09-18 23:12 - 2014-03-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 20:33 - 2014-07-22 11:06 - 00000000 ____D () C:\Users\Conni\AppData\Local\Battle.net
2014-09-17 20:19 - 2014-07-22 20:45 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\TS3Client
2014-09-17 17:05 - 2014-05-27 23:58 - 00000010 _____ () C:\Users\Sebastian\Desktop\hundred waters.txt
2014-09-17 15:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 11:55 - 2014-09-15 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe
2014-09-13 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 20:26 - 2014-03-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-12 18:41 - 2014-07-20 11:00 - 00000000 ____D () C:\Users\Conni
2014-09-11 23:50 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-11 23:49 - 2014-09-11 23:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-11 23:46 - 2014-09-11 23:46 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Sebastian\Downloads\OriginThinSetup.exe
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Thunderbird
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Local\Thunderbird
2014-09-11 09:52 - 2014-09-11 09:52 - 00001291 _____ () C:\Users\Conni\Desktop\Battle.net.lnk
2014-09-11 02:06 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-10 22:02 - 2014-09-08 15:08 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-10 14:17 - 2014-03-21 04:01 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 14:17 - 2014-03-21 04:01 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 14:17 - 2014-03-20 20:38 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 14:16 - 2014-04-04 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 14:16 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 14:12 - 2014-04-04 16:21 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:11 - 2014-05-06 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 21:27 - 2014-03-20 20:06 - 00000000 ____D () C:\Program Files (x86)\Diablo 3
2014-09-09 21:23 - 2014-09-09 21:22 - 105139071 _____ () C:\Users\Conni\Desktop\Sphax PureBDcraft 512x MC18.zip
2014-09-09 21:16 - 2014-05-02 15:22 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-09-09 20:44 - 2014-04-28 15:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-09-09 16:08 - 2014-09-09 16:07 - 00035793 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:08 - 2014-09-09 16:07 - 00035516 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-09-08 22:10 - 2014-04-15 12:44 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:51 - 2014-09-08 14:47 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-08 12:39 - 2009-07-14 06:45 - 00315352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-05 04:10 - 2014-09-10 10:37 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 10:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-26 20:20 - 2014-07-19 20:09 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-25 18:56 - 2014-05-04 15:11 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 06:53 - 2014-03-20 19:22 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 04:07 - 2014-09-07 11:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-07 11:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-07 11:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 22:19
==================== End Of Log ============================
--- --- --- Kannst du mir noch ein gutes Antivirenprogramm empfehlen. Möglichst kostenlos, da ich Student bin und nicht so viel Kohle hab. |
|
22.09.2014, 07:42
| #12 |
| /// the machine /// TB-Ausbilder | Unsichtbares Internetexplorerfenster Wenn es unbedingt kostenlos sein muss, Avast oder MSE. Ich empfehle immer Emsisoft. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Unsichtbares Internetexplorerfenster |
| compu, computer, einfach, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode 0xe0434352, hintergrund, inter, interne, kurzem, nicht mehr, pup.optional.dvdvideosofttb.a, virus, virus?, überhaupt, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
