MSE meldet während Youtube-Besuch Virus DOS/Dexo

frajoti · 16.09.2014, 21:04

Hallo,

während des Besuchs bei Youtube meldet Microsoft Security Essentials eine Bedrohung namens DOS/Dexo, die auch bereinigt werden kann. Allerdings kommt die Meldung immer wieder, sodass der Befall wohl nicht bereinigt wurde.

Im Folgenden die Logfiles:

defogger_disable.log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:22 on 16/09/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by ***** (administrator) on VOSTRO1320 on 16-09-2014 21:24:17
Running from C:\Users\*****\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKU\S-1-5-21-568454323-3860998050-1635722913-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80E1198BD312CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Classic Theme Restorer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-01]
FF Extension: Classic Toolbar Buttons - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-05]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\firefox@ghostery.com.xpi [2013-10-27]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2013-02-24] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl88499ce7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6D8B147-3168-409C-9927-E470B6E769F7}\MpKsl88499ce7.sys [39464 2014-09-16] (Microsoft Corporation)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 21:24 - 2014-09-16 21:24 - 00006184 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-16 21:24 - 2014-09-16 21:24 - 00000000 ____D () C:\FRST
2014-09-16 21:23 - 2014-09-16 21:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-09-16 21:22 - 2014-09-16 21:22 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-16 21:22 - 2014-09-16 21:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-16 21:21 - 2014-09-16 21:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-16 21:11 - 2014-09-16 21:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 21:11 - 2014-09-16 21:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 21:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-16 21:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-16 21:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-16 21:10 - 2014-09-16 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 20:45 - 2014-09-16 20:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 20:44 - 2014-09-16 20:44 - 00000056 _____ () C:\Windows\setupact.log
2014-09-16 20:44 - 2014-09-16 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 20:43 - 2014-09-16 20:44 - 00315632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-16 20:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 20:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 20:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 20:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 20:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 20:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 20:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 20:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 20:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 20:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 20:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 20:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 20:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 20:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 20:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 20:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 20:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-16 20:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 20:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 20:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 20:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 20:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 20:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 20:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 20:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 20:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 20:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-16 20:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 20:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 20:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 18:28 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-14 21:25 - 2014-09-14 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 23:00 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 23:00 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 23:00 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 23:00 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 22:59 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 22:59 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 21:26 - 2014-09-09 21:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-08-27 19:06 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:06 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 19:37 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 19:37 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 19:37 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 19:37 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 19:37 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 19:37 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 19:37 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 19:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 19:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 08:47 - 2014-08-24 08:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 21:24 - 2014-09-16 21:24 - 00006184 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-16 21:24 - 2014-09-16 21:24 - 00000000 ____D () C:\FRST
2014-09-16 21:23 - 2014-09-16 21:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-09-16 21:22 - 2014-09-16 21:22 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-16 21:22 - 2014-09-16 21:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-16 21:22 - 2013-02-24 09:12 - 00000000 ____D () C:\Users\*****
2014-09-16 21:21 - 2014-09-16 21:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-16 21:16 - 2013-02-24 09:08 - 01699019 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 21:12 - 2014-09-16 21:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 21:11 - 2014-09-16 21:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 21:10 - 2014-09-16 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 21:01 - 2013-02-24 09:15 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 20:49 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:49 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:45 - 2014-09-16 20:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 20:44 - 2014-09-16 20:44 - 00000056 _____ () C:\Windows\setupact.log
2014-09-16 20:44 - 2014-09-16 20:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 20:44 - 2014-09-16 20:43 - 00315632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-16 20:44 - 2013-02-24 22:42 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2014-09-16 20:44 - 2013-02-24 09:04 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-09-16 20:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-16 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-16 20:26 - 2013-02-25 23:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 20:24 - 2013-02-24 09:05 - 00017920 _____ () C:\Windows\system32\rpcnetp.dll
2014-09-16 20:23 - 2013-02-24 23:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-16 18:28 - 2013-08-16 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 18:24 - 2013-02-24 23:03 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-16 18:23 - 2013-02-24 21:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-16 18:23 - 2013-02-24 21:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-16 18:23 - 2013-02-24 21:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-16 18:22 - 2014-05-11 06:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 21:23 - 2013-06-16 21:33 - 00000000 ____D () C:\ProgramData\tmp
2014-09-14 21:26 - 2014-09-14 21:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-09 21:26 - 2014-09-09 21:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-09 21:26 - 2013-02-25 23:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-09 21:26 - 2013-02-25 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-05 03:52 - 2014-09-12 22:59 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-12 22:59 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 20:38 - 2013-02-24 22:36 - 00000000 ____D () C:\Users\*****\Documents\Kündigung Adressänderung u.a
2014-08-29 22:08 - 2013-03-07 22:57 - 00002254 ____H () C:\Users\*****\Documents\Default.rdp
2014-08-24 08:47 - 2014-08-24 08:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-08-24 08:47 - 2013-02-24 22:37 - 00000000 ____D () C:\Users\*****\Documents\Wichtiges
2014-08-23 03:46 - 2014-08-27 19:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-27 19:06 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 19:39 - 2014-09-16 20:30 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-16 20:30 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-16 20:30 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-16 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-16 20:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-16 20:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-16 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-16 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-16 20:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-16 20:30 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-16 20:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-16 20:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-16 20:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-16 20:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-16 20:30 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-16 20:30 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-16 20:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-16 20:30 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-16 20:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-16 20:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-16 20:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-16 20:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-16 20:30 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-16 20:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-16 20:30 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-16 20:30 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-16 20:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-16 20:30 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-16 20:30 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-16 20:30 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-05 23:00

==================== End Of Log ============================

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by ***** at 2014-09-16 21:24:57
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC-3 ACM Codec 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
cam2pc Freeware Edition (remove only) (HKLM\...\cam2pc) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Cyberduck 4.3.1 (11008) (HKLM\...\Cyberduck) (Version: 4.3.1 (11008) - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Kreuzworträtsel Freeware (HKLM\...\Kreuzworträtsel Freeware) (Version:  - )
LameXP (HKLM\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version:  - )
LibreOffice 4.0.6.2 (HKLM\...\{85595843-720E-4344-8210-F1ACAE87B459}) (Version: 4.0.6.2 - The Document Foundation)
Logitech Harmony Remote Software (x86) (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Meine CEWE FOTOWELT (HKLM\...\Meine CEWE FOTOWELT) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Money 2000 (HKLM\...\MSMONEYV80) (Version:  - )
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.54 (HKLM\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}) (Version: 2.0.09 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.09 - O2Micro International LTD.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29272 - TeamViewer)
TextPad 7 (HKLM\...\{91504075-2461-45C6-9FED-04CAFDA4069F}) (Version: 7.1.0 - Helios)
XAMPP (HKLM\...\xampp) (Version: 1.8.3-2 - BitNami)
XMedia Recode Version 3.1.7.9 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
XnView 2.04 (HKLM\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-568454323-3860998050-1635722913-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-568454323-3860998050-1635722913-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext32.dll (Helios Software Solutions)

==================== Restore Points  =========================

19-08-2014 20:18:50 Windows Update
23-08-2014 18:00:43 Windows Update
24-08-2014 17:36:06 Windows Update
27-08-2014 16:59:40 Windows Update
28-08-2014 17:08:25 Windows Update
31-08-2014 17:34:27 Windows Update
04-09-2014 18:37:04 Windows Update
08-09-2014 19:09:57 Windows Update
12-09-2014 21:02:35 Windows Update
16-09-2014 15:35:32 Windows Update
16-09-2014 18:28:01 Windows Update
16-09-2014 19:05:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AF99A65-183D-4B41-916D-C4E1A9D313B5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {9B27BEB8-1E86-4035-A002-C7DB69618A49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {A065A5D0-5E00-481B-8836-98A0E6BB6CB3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B3150868-05D9-4B57-97DA-962995B38F7F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CBDCE9A9-2581-4179-8347-68B4E6CD6D3E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {D55A804E-1A99-48C4-A83C-156310EC1C50} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F397CFC0-E537-45EC-91AA-4DDEFED1AF3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-14 21:25 - 2014-09-14 21:26 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 09:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/19/2014 10:19:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/07/2014 08:57:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/05/2014 10:04:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/05/2014 09:52:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/02/2014 08:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/27/2014 07:36:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/27/2014 05:08:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/16/2014 08:46:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/16/2014 08:37:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.185.1.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/16/2014 08:29:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 SP1 x86 (KB2972211)

Error: (09/16/2014 08:25:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/16/2014 08:24:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎09.‎2014 um 18:29:13 unerwartet heruntergefahren.

Error: (09/14/2014 11:30:14 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/14/2014 11:21:37 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (09/13/2014 09:12:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/10/2014 10:54:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/10/2014 10:52:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎09.‎2014 um 22:48:34 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (08/23/2014 09:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9c801cfbf0b6bbd7bfeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllaf0564a4-2afe-11e4-9bff-0024e8e9699f

Error: (08/19/2014 10:19:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (06/07/2014 08:57:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (06/05/2014 10:04:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (06/05/2014 09:52:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (06/02/2014 08:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/27/2014 07:36:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/27/2014 05:08:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3032.96 MB
Available physical RAM: 1779.41 MB
Total Pagefile: 6064.2 MB
Available Pagefile: 4905.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:81.28 GB) NTFS
Drive d: (NOTFALL_DVD_FREE) (CDROM) (Total:0.83 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Gmer.txt

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-16 21:38:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160310AS rev.DE06 149,05GB
Running: 9pip5jep.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxdorfow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D  82A45A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82A7F212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- EOF - GMER 2.1 ----

Was ich noch anbieten kann ist das Log von MSE

Code:

ATTFilter

Virus:DOS/Dexo

Der folgende Fehler ist aufgetreten: Fehlercode: 0x80508023. Auf dem Computer wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden. 

Kategorie: Virus

Beschreibung: Dieses Programm ist gefährlich. Es repliziert sich, indem es andere Dateien infiziert.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
boot:\Device\Harddisk0\DR0

Online weitere Informationen zu diesem Element abrufen

Und von Malwarebytes Anti-Malware

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 16.09.2014
Scan Time: 21:12:25
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.07
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274871
Time Elapsed: 7 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Vielen Dank im Voraus an alle Helfer und Helfeshelfer.

schrauber · 17.09.2014, 05:31

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

frajoti · 17.09.2014, 16:16

Hallo schrauber,

erst mal danke für Deine Hilfe. Beim Scan mit dem TDSSKiller kam mehrmals die Meldung von MSE, dass der Virus wieder gefunden wurde.

Hier das Log:

Code:

ATTFilter

17:11:14.0752 0x0630  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:11:17.0045 0x0630  ============================================================
17:11:17.0045 0x0630  Current date / time: 2014/09/17 17:11:17.0045
17:11:17.0045 0x0630  SystemInfo:
17:11:17.0045 0x0630  
17:11:17.0045 0x0630  OS Version: 6.1.7601 ServicePack: 1.0
17:11:17.0045 0x0630  Product type: Workstation
17:11:17.0045 0x0630  ComputerName: VOSTRO1320
17:11:17.0045 0x0630  UserName: Frank
17:11:17.0045 0x0630  Windows directory: C:\Windows
17:11:17.0045 0x0630  System windows directory: C:\Windows
17:11:17.0045 0x0630  Processor architecture: Intel x86
17:11:17.0045 0x0630  Number of processors: 2
17:11:17.0045 0x0630  Page size: 0x1000
17:11:17.0045 0x0630  Boot type: Normal boot
17:11:17.0045 0x0630  ============================================================
17:11:20.0165 0x0630  KLMD registered as C:\Windows\system32\drivers\24677541.sys
17:11:20.0493 0x0630  System UUID: {D8634A0D-71E6-C030-0734-98DF3CCFA4EF}
17:11:21.0101 0x0630  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:11:21.0101 0x0630  ============================================================
17:11:21.0101 0x0630  \Device\Harddisk0\DR0:
17:11:21.0101 0x0630  MBR partitions:
17:11:21.0101 0x0630  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:11:21.0101 0x0630  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
17:11:21.0101 0x0630  ============================================================
17:11:21.0132 0x0630  C: <-> \Device\Harddisk0\DR0\Partition2
17:11:21.0132 0x0630  ============================================================
17:11:21.0132 0x0630  Initialize success
17:11:21.0132 0x0630  ============================================================
17:11:26.0327 0x0edc  ============================================================
17:11:26.0327 0x0edc  Scan started
17:11:26.0327 0x0edc  Mode: Manual; SigCheck; TDLFS; 
17:11:26.0327 0x0edc  ============================================================
17:11:26.0327 0x0edc  KSN ping started
17:11:41.0600 0x0edc  KSN ping finished: true
17:11:43.0565 0x0edc  ================ Scan system memory ========================
17:11:43.0565 0x0edc  System memory - ok
17:11:43.0565 0x0edc  ================ Scan services =============================
17:11:43.0815 0x0edc  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:11:43.0924 0x0edc  1394ohci - ok
17:11:43.0971 0x0edc  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:11:44.0002 0x0edc  ACPI - ok
17:11:44.0033 0x0edc  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:11:44.0049 0x0edc  AcpiPmi - ok
17:11:44.0205 0x0edc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:11:44.0220 0x0edc  AdobeARMservice - ok
17:11:44.0408 0x0edc  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:11:44.0423 0x0edc  AdobeFlashPlayerUpdateSvc - ok
17:11:44.0517 0x0edc  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:11:44.0564 0x0edc  adp94xx - ok
17:11:44.0579 0x0edc  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:11:44.0610 0x0edc  adpahci - ok
17:11:44.0626 0x0edc  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:11:44.0642 0x0edc  adpu320 - ok
17:11:44.0688 0x0edc  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:11:44.0751 0x0edc  AeLookupSvc - ok
17:11:44.0829 0x0edc  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
17:11:44.0876 0x0edc  AFD - ok
17:11:44.0922 0x0edc  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:11:44.0938 0x0edc  agp440 - ok
17:11:45.0016 0x0edc  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:11:45.0047 0x0edc  aic78xx - ok
17:11:45.0110 0x0edc  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
17:11:45.0141 0x0edc  ALG - ok
17:11:45.0203 0x0edc  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:11:45.0234 0x0edc  aliide - ok
17:11:45.0297 0x0edc  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:11:45.0328 0x0edc  amdagp - ok
17:11:45.0375 0x0edc  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:11:45.0406 0x0edc  amdide - ok
17:11:45.0453 0x0edc  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:11:45.0468 0x0edc  AmdK8 - ok
17:11:45.0468 0x0edc  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:11:45.0484 0x0edc  AmdPPM - ok
17:11:45.0546 0x0edc  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:11:45.0578 0x0edc  amdsata - ok
17:11:45.0593 0x0edc  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:11:45.0609 0x0edc  amdsbs - ok
17:11:45.0624 0x0edc  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:11:45.0640 0x0edc  amdxata - ok
17:11:45.0718 0x0edc  [ D7723A101C5CB4C0FA979E4DDA732EC0, 9CCF59C30972805A111F1557E178CBAF6BB7ADC8CA015A2B380A0C940FD14632 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
17:11:45.0749 0x0edc  ApfiltrService - ok
17:11:45.0812 0x0edc  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
17:11:45.0874 0x0edc  AppID - ok
17:11:45.0952 0x0edc  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:11:45.0968 0x0edc  AppIDSvc - ok
17:11:45.0999 0x0edc  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
17:11:46.0030 0x0edc  Appinfo - ok
17:11:46.0077 0x0edc  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:11:46.0092 0x0edc  arc - ok
17:11:46.0108 0x0edc  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:11:46.0124 0x0edc  arcsas - ok
17:11:46.0592 0x0edc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:11:46.0607 0x0edc  aspnet_state - ok
17:11:46.0638 0x0edc  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:11:46.0670 0x0edc  AsyncMac - ok
17:11:46.0701 0x0edc  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:11:46.0716 0x0edc  atapi - ok
17:11:46.0779 0x0edc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:11:46.0810 0x0edc  AudioEndpointBuilder - ok
17:11:46.0857 0x0edc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:11:46.0904 0x0edc  Audiosrv - ok
17:11:46.0950 0x0edc  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:11:46.0982 0x0edc  AxInstSV - ok
17:11:47.0044 0x0edc  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:11:47.0075 0x0edc  b06bdrv - ok
17:11:47.0184 0x0edc  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:11:47.0216 0x0edc  b57nd60x - ok
17:11:47.0294 0x0edc  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
17:11:47.0325 0x0edc  BDESVC - ok
17:11:47.0356 0x0edc  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:11:47.0387 0x0edc  Beep - ok
17:11:47.0496 0x0edc  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
17:11:47.0543 0x0edc  BFE - ok
17:11:47.0871 0x0edc  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
17:11:47.0933 0x0edc  BITS - ok
17:11:47.0980 0x0edc  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:11:47.0996 0x0edc  blbdrive - ok
17:11:48.0042 0x0edc  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:11:48.0058 0x0edc  bowser - ok
17:11:48.0074 0x0edc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:11:48.0089 0x0edc  BrFiltLo - ok
17:11:48.0089 0x0edc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:11:48.0105 0x0edc  BrFiltUp - ok
17:11:48.0152 0x0edc  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
17:11:48.0167 0x0edc  Browser - ok
17:11:48.0183 0x0edc  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:11:48.0198 0x0edc  Brserid - ok
17:11:48.0214 0x0edc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:11:48.0230 0x0edc  BrSerWdm - ok
17:11:48.0245 0x0edc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:11:48.0261 0x0edc  BrUsbMdm - ok
17:11:48.0261 0x0edc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:11:48.0276 0x0edc  BrUsbSer - ok
17:11:48.0308 0x0edc  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:11:48.0339 0x0edc  BTHMODEM - ok
17:11:48.0417 0x0edc  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
17:11:48.0464 0x0edc  bthserv - ok
17:11:48.0495 0x0edc  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:11:48.0526 0x0edc  cdfs - ok
17:11:48.0588 0x0edc  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:11:48.0620 0x0edc  cdrom - ok
17:11:48.0666 0x0edc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:11:48.0698 0x0edc  CertPropSvc - ok
17:11:48.0729 0x0edc  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:11:48.0744 0x0edc  circlass - ok
17:11:48.0776 0x0edc  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
17:11:48.0807 0x0edc  CLFS - ok
17:11:48.0900 0x0edc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:11:48.0916 0x0edc  clr_optimization_v2.0.50727_32 - ok
17:11:49.0025 0x0edc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:11:49.0041 0x0edc  clr_optimization_v4.0.30319_32 - ok
17:11:49.0088 0x0edc  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:11:49.0103 0x0edc  CmBatt - ok
17:11:49.0134 0x0edc  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:11:49.0150 0x0edc  cmdide - ok
17:11:49.0197 0x0edc  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:11:49.0228 0x0edc  CNG - ok
17:11:49.0275 0x0edc  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:11:49.0290 0x0edc  Compbatt - ok
17:11:49.0353 0x0edc  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:11:49.0368 0x0edc  CompositeBus - ok
17:11:49.0384 0x0edc  COMSysApp - ok
17:11:49.0400 0x0edc  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:11:49.0415 0x0edc  crcdisk - ok
17:11:49.0462 0x0edc  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:11:49.0478 0x0edc  CryptSvc - ok
17:11:49.0524 0x0edc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:11:49.0571 0x0edc  DcomLaunch - ok
17:11:49.0602 0x0edc  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
17:11:49.0649 0x0edc  defragsvc - ok
17:11:49.0696 0x0edc  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:11:49.0727 0x0edc  DfsC - ok
17:11:49.0774 0x0edc  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:11:49.0805 0x0edc  Dhcp - ok
17:11:49.0836 0x0edc  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
17:11:49.0868 0x0edc  discache - ok
17:11:49.0899 0x0edc  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:11:49.0914 0x0edc  Disk - ok
17:11:49.0946 0x0edc  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:11:49.0961 0x0edc  Dnscache - ok
17:11:50.0008 0x0edc  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:11:50.0039 0x0edc  dot3svc - ok
17:11:50.0086 0x0edc  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
17:11:50.0133 0x0edc  DPS - ok
17:11:50.0180 0x0edc  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:11:50.0195 0x0edc  drmkaud - ok
17:11:50.0289 0x0edc  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:11:50.0320 0x0edc  DXGKrnl - ok
17:11:50.0367 0x0edc  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
17:11:50.0398 0x0edc  EapHost - ok
17:11:50.0570 0x0edc  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:11:50.0679 0x0edc  ebdrv - ok
17:11:50.0726 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
17:11:50.0757 0x0edc  EFS - ok
17:11:50.0835 0x0edc  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:11:50.0866 0x0edc  ehRecvr - ok
17:11:50.0897 0x0edc  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
17:11:50.0913 0x0edc  ehSched - ok
17:11:51.0006 0x0edc  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:11:51.0022 0x0edc  elxstor - ok
17:11:51.0069 0x0edc  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:11:51.0084 0x0edc  ErrDev - ok
17:11:51.0147 0x0edc  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
17:11:51.0178 0x0edc  EventSystem - ok
17:11:51.0209 0x0edc  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:11:51.0240 0x0edc  exfat - ok
17:11:51.0256 0x0edc  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:11:51.0287 0x0edc  fastfat - ok
17:11:51.0381 0x0edc  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
17:11:51.0443 0x0edc  Fax - ok
17:11:51.0443 0x0edc  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:11:51.0459 0x0edc  fdc - ok
17:11:51.0506 0x0edc  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
17:11:51.0552 0x0edc  fdPHost - ok
17:11:51.0552 0x0edc  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:11:51.0584 0x0edc  FDResPub - ok
17:11:51.0599 0x0edc  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:11:51.0615 0x0edc  FileInfo - ok
17:11:51.0615 0x0edc  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:11:51.0646 0x0edc  Filetrace - ok
17:11:51.0646 0x0edc  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:11:51.0662 0x0edc  flpydisk - ok
17:11:51.0708 0x0edc  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:11:51.0755 0x0edc  FltMgr - ok
17:11:51.0818 0x0edc  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
17:11:51.0864 0x0edc  FontCache - ok
17:11:51.0974 0x0edc  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:11:51.0989 0x0edc  FontCache3.0.0.0 - ok
17:11:52.0005 0x0edc  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:11:52.0020 0x0edc  FsDepends - ok
17:11:52.0052 0x0edc  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:11:52.0083 0x0edc  Fs_Rec - ok
17:11:52.0145 0x0edc  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:11:52.0161 0x0edc  fvevol - ok
17:11:52.0208 0x0edc  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:11:52.0239 0x0edc  gagp30kx - ok
17:11:52.0301 0x0edc  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:11:52.0348 0x0edc  gpsvc - ok
17:11:52.0379 0x0edc  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:11:52.0395 0x0edc  hcw85cir - ok
17:11:52.0488 0x0edc  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:11:52.0535 0x0edc  HdAudAddService - ok
17:11:52.0582 0x0edc  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:11:52.0598 0x0edc  HDAudBus - ok
17:11:52.0644 0x0edc  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:11:52.0660 0x0edc  HidBatt - ok
17:11:52.0676 0x0edc  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:11:52.0707 0x0edc  HidBth - ok
17:11:52.0754 0x0edc  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:11:52.0769 0x0edc  HidIr - ok
17:11:52.0800 0x0edc  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
17:11:52.0832 0x0edc  hidserv - ok
17:11:52.0878 0x0edc  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:11:52.0894 0x0edc  HidUsb - ok
17:11:52.0925 0x0edc  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:11:52.0956 0x0edc  hkmsvc - ok
17:11:53.0003 0x0edc  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:11:53.0034 0x0edc  HomeGroupListener - ok
17:11:53.0081 0x0edc  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:11:53.0097 0x0edc  HomeGroupProvider - ok
17:11:53.0159 0x0edc  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:11:53.0175 0x0edc  HpSAMD - ok
17:11:53.0393 0x0edc  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:11:53.0456 0x0edc  HTTP - ok
17:11:53.0534 0x0edc  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:11:53.0549 0x0edc  hwpolicy - ok
17:11:53.0643 0x0edc  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:11:53.0674 0x0edc  i8042prt - ok
17:11:53.0721 0x0edc  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:11:53.0752 0x0edc  iaStorV - ok
17:11:53.0892 0x0edc  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:11:53.0939 0x0edc  idsvc - ok
17:11:54.0080 0x0edc  IEEtwCollectorService - ok
17:11:54.0298 0x0edc  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:11:54.0470 0x0edc  igfx - ok
17:11:54.0532 0x0edc  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:11:54.0548 0x0edc  iirsp - ok
17:11:54.0626 0x0edc  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:11:54.0672 0x0edc  IKEEXT - ok
17:11:54.0719 0x0edc  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:11:54.0735 0x0edc  intelide - ok
17:11:54.0766 0x0edc  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:11:54.0782 0x0edc  intelppm - ok
17:11:54.0813 0x0edc  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:11:54.0844 0x0edc  IPBusEnum - ok
17:11:54.0844 0x0edc  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:11:54.0891 0x0edc  IpFilterDriver - ok
17:11:54.0953 0x0edc  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:11:54.0984 0x0edc  iphlpsvc - ok
17:11:55.0031 0x0edc  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:11:55.0047 0x0edc  IPMIDRV - ok
17:11:55.0156 0x0edc  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:11:55.0250 0x0edc  IPNAT - ok
17:11:55.0296 0x0edc  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:11:55.0312 0x0edc  IRENUM - ok
17:11:55.0359 0x0edc  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:11:55.0374 0x0edc  isapnp - ok
17:11:55.0577 0x0edc  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:11:55.0593 0x0edc  iScsiPrt - ok
17:11:55.0905 0x0edc  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:11:56.0030 0x0edc  kbdclass - ok
17:11:56.0092 0x0edc  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:11:56.0139 0x0edc  kbdhid - ok
17:11:56.0170 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
17:11:56.0186 0x0edc  KeyIso - ok
17:11:56.0248 0x0edc  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:11:56.0264 0x0edc  KSecDD - ok
17:11:56.0279 0x0edc  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:11:56.0295 0x0edc  KSecPkg - ok
17:11:56.0342 0x0edc  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:11:56.0466 0x0edc  KtmRm - ok
17:11:56.0513 0x0edc  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:11:56.0544 0x0edc  LanmanServer - ok
17:11:56.0576 0x0edc  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:11:56.0607 0x0edc  LanmanWorkstation - ok
17:11:56.0700 0x0edc  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:11:56.0732 0x0edc  lltdio - ok
17:11:56.0763 0x0edc  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:11:56.0794 0x0edc  lltdsvc - ok
17:11:56.0810 0x0edc  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:11:56.0825 0x0edc  lmhosts - ok
17:11:56.0856 0x0edc  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:11:56.0872 0x0edc  LSI_FC - ok
17:11:56.0888 0x0edc  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:11:56.0903 0x0edc  LSI_SAS - ok
17:11:56.0903 0x0edc  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:11:56.0919 0x0edc  LSI_SAS2 - ok
17:11:56.0934 0x0edc  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:11:56.0950 0x0edc  LSI_SCSI - ok
17:11:56.0950 0x0edc  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:11:56.0981 0x0edc  luafv - ok
17:11:57.0028 0x0edc  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:11:57.0044 0x0edc  Mcx2Svc - ok
17:11:57.0044 0x0edc  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:11:57.0059 0x0edc  megasas - ok
17:11:57.0090 0x0edc  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:11:57.0106 0x0edc  MegaSR - ok
17:11:57.0122 0x0edc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
17:11:57.0153 0x0edc  MMCSS - ok
17:11:57.0168 0x0edc  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
17:11:57.0184 0x0edc  Modem - ok
17:11:57.0215 0x0edc  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:11:57.0231 0x0edc  monitor - ok
17:11:57.0262 0x0edc  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:11:57.0278 0x0edc  mouclass - ok
17:11:57.0293 0x0edc  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:11:57.0402 0x0edc  mouhid - ok
17:11:57.0434 0x0edc  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:11:57.0465 0x0edc  mountmgr - ok
17:11:57.0527 0x0edc  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:11:57.0558 0x0edc  MozillaMaintenance - ok
17:11:57.0714 0x0edc  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:11:57.0746 0x0edc  MpFilter - ok
17:11:58.0026 0x0edc  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:11:58.0073 0x0edc  mpio - ok
17:11:58.0292 0x0edc  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:11:58.0323 0x0edc  mpsdrv - ok
17:11:58.0448 0x0edc  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:11:58.0510 0x0edc  MpsSvc - ok
17:11:58.0869 0x0edc  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:11:58.0916 0x0edc  MRxDAV - ok
17:11:58.0978 0x0edc  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:11:58.0994 0x0edc  mrxsmb - ok
17:11:59.0025 0x0edc  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:11:59.0040 0x0edc  mrxsmb10 - ok
17:11:59.0072 0x0edc  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:11:59.0087 0x0edc  mrxsmb20 - ok
17:11:59.0134 0x0edc  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:11:59.0150 0x0edc  msahci - ok
17:11:59.0181 0x0edc  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:11:59.0196 0x0edc  msdsm - ok
17:11:59.0321 0x0edc  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
17:11:59.0352 0x0edc  MSDTC - ok
17:11:59.0493 0x0edc  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:11:59.0524 0x0edc  Msfs - ok
17:11:59.0524 0x0edc  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:11:59.0555 0x0edc  mshidkmdf - ok
17:11:59.0664 0x0edc  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:11:59.0680 0x0edc  msisadrv - ok
17:11:59.0758 0x0edc  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:11:59.0789 0x0edc  MSiSCSI - ok
17:11:59.0805 0x0edc  msiserver - ok
17:11:59.0852 0x0edc  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:11:59.0898 0x0edc  MSKSSRV - ok
17:12:00.0132 0x0edc  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:12:00.0195 0x0edc  MsMpSvc - ok
17:12:00.0242 0x0edc  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:12:00.0273 0x0edc  MSPCLOCK - ok
17:12:00.0288 0x0edc  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:12:00.0320 0x0edc  MSPQM - ok
17:12:00.0335 0x0edc  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:12:00.0351 0x0edc  MsRPC - ok
17:12:00.0413 0x0edc  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:12:00.0429 0x0edc  mssmbios - ok
17:12:00.0444 0x0edc  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:12:00.0476 0x0edc  MSTEE - ok
17:12:00.0476 0x0edc  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:12:00.0491 0x0edc  MTConfig - ok
17:12:00.0507 0x0edc  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:12:00.0522 0x0edc  Mup - ok
17:12:00.0569 0x0edc  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
17:12:00.0616 0x0edc  napagent - ok
17:12:00.0944 0x0edc  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:12:00.0990 0x0edc  NativeWifiP - ok
17:12:01.0084 0x0edc  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:12:01.0131 0x0edc  NDIS - ok
17:12:01.0162 0x0edc  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:12:01.0193 0x0edc  NdisCap - ok
17:12:01.0224 0x0edc  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:12:01.0240 0x0edc  NdisTapi - ok
17:12:01.0287 0x0edc  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:12:01.0349 0x0edc  Ndisuio - ok
17:12:01.0380 0x0edc  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:12:01.0427 0x0edc  NdisWan - ok
17:12:01.0505 0x0edc  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:12:01.0521 0x0edc  NDProxy - ok
17:12:01.0568 0x0edc  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:12:01.0614 0x0edc  NetBIOS - ok
17:12:01.0661 0x0edc  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:12:01.0692 0x0edc  NetBT - ok
17:12:01.0739 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
17:12:01.0770 0x0edc  Netlogon - ok
17:12:01.0817 0x0edc  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
17:12:01.0864 0x0edc  Netman - ok
17:12:01.0926 0x0edc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:12:01.0958 0x0edc  NetMsmqActivator - ok
17:12:02.0004 0x0edc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:12:02.0036 0x0edc  NetPipeActivator - ok
17:12:02.0098 0x0edc  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
17:12:02.0160 0x0edc  netprofm - ok
17:12:02.0238 0x0edc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:12:02.0285 0x0edc  NetTcpActivator - ok
17:12:02.0285 0x0edc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:12:02.0332 0x0edc  NetTcpPortSharing - ok
17:12:02.0847 0x0edc  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
17:12:02.0987 0x0edc  netw5v32 - ok
17:12:03.0050 0x0edc  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:12:03.0081 0x0edc  nfrd960 - ok
17:12:03.0128 0x0edc  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:12:03.0174 0x0edc  NisDrv - ok
17:12:03.0268 0x0edc  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:12:03.0299 0x0edc  NisSrv - ok
17:12:03.0330 0x0edc  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:12:03.0346 0x0edc  NlaSvc - ok
17:12:03.0362 0x0edc  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:12:03.0393 0x0edc  Npfs - ok
17:12:03.0440 0x0edc  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
17:12:03.0486 0x0edc  nsi - ok
17:12:03.0502 0x0edc  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:12:03.0533 0x0edc  nsiproxy - ok
17:12:03.0658 0x0edc  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:12:03.0689 0x0edc  Ntfs - ok
17:12:03.0783 0x0edc  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
17:12:03.0830 0x0edc  Null - ok
17:12:03.0892 0x0edc  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:12:03.0908 0x0edc  nvraid - ok
17:12:03.0923 0x0edc  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:12:03.0954 0x0edc  nvstor - ok
17:12:03.0986 0x0edc  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:12:04.0001 0x0edc  nv_agp - ok
17:12:04.0048 0x0edc  [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
17:12:04.0079 0x0edc  O2FLASH - ok
17:12:04.0095 0x0edc  [ 07AD3CDDF8984F56652CCE6BE8946526, 9F43F656A7B97C0D3F8D5EC4D85F287CA95857610D4FF058FF5BCCA57B62FC61 ] O2MDGRDR        C:\Windows\system32\DRIVERS\o2mdg.sys
17:12:04.0110 0x0edc  O2MDGRDR - ok
17:12:04.0173 0x0edc  [ 45E4FE55DB8C0549B8CEF1B107F87B70, 64F036E4A0D6C8365972607B0DAB5DBF51BE6B9B27C04749E2DF2FD7D311F30A ] O2SDGRDR        C:\Windows\system32\DRIVERS\o2sdg.sys
17:12:04.0204 0x0edc  O2SDGRDR - ok
17:12:04.0235 0x0edc  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:12:04.0266 0x0edc  ohci1394 - ok
17:12:04.0313 0x0edc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:12:04.0360 0x0edc  p2pimsvc - ok
17:12:04.0438 0x0edc  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:12:04.0469 0x0edc  p2psvc - ok
17:12:04.0672 0x0edc  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:12:04.0703 0x0edc  Parport - ok
17:12:04.0750 0x0edc  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:12:04.0781 0x0edc  partmgr - ok
17:12:04.0812 0x0edc  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:12:04.0828 0x0edc  Parvdm - ok
17:12:04.0859 0x0edc  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:12:04.0875 0x0edc  PcaSvc - ok
17:12:04.0922 0x0edc  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
17:12:04.0953 0x0edc  pci - ok
17:12:05.0000 0x0edc  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:12:05.0031 0x0edc  pciide - ok
17:12:05.0187 0x0edc  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:12:05.0218 0x0edc  pcmcia - ok
17:12:05.0218 0x0edc  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:12:05.0234 0x0edc  pcw - ok
17:12:05.0280 0x0edc  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:12:05.0327 0x0edc  PEAUTH - ok
17:12:05.0546 0x0edc  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
17:12:05.0608 0x0edc  pla - ok
17:12:05.0670 0x0edc  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:12:05.0702 0x0edc  PlugPlay - ok
17:12:05.0764 0x0edc  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:12:05.0795 0x0edc  PNRPAutoReg - ok
17:12:05.0811 0x0edc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:12:05.0842 0x0edc  PNRPsvc - ok
17:12:05.0904 0x0edc  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:12:05.0998 0x0edc  PolicyAgent - ok
17:12:06.0092 0x0edc  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
17:12:06.0154 0x0edc  Power - ok
17:12:06.0248 0x0edc  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:12:06.0294 0x0edc  PptpMiniport - ok
17:12:06.0326 0x0edc  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:12:06.0341 0x0edc  Processor - ok
17:12:06.0388 0x0edc  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:12:06.0435 0x0edc  ProfSvc - ok
17:12:06.0466 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:12:06.0497 0x0edc  ProtectedStorage - ok
17:12:06.0528 0x0edc  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:12:06.0575 0x0edc  Psched - ok
17:12:06.0638 0x0edc  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:12:06.0684 0x0edc  ql2300 - ok
17:12:06.0731 0x0edc  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:12:06.0747 0x0edc  ql40xx - ok
17:12:06.0825 0x0edc  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
17:12:06.0856 0x0edc  QWAVE - ok
17:12:06.0872 0x0edc  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:12:06.0887 0x0edc  QWAVEdrv - ok
17:12:06.0887 0x0edc  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:12:06.0918 0x0edc  RasAcd - ok
17:12:06.0981 0x0edc  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:12:07.0028 0x0edc  RasAgileVpn - ok
17:12:07.0074 0x0edc  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
17:12:07.0121 0x0edc  RasAuto - ok
17:12:07.0152 0x0edc  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:12:07.0199 0x0edc  Rasl2tp - ok
17:12:07.0246 0x0edc  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
17:12:07.0293 0x0edc  RasMan - ok
17:12:07.0308 0x0edc  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:12:07.0340 0x0edc  RasPppoe - ok
17:12:07.0371 0x0edc  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:12:07.0418 0x0edc  RasSstp - ok
17:12:07.0480 0x0edc  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:12:07.0527 0x0edc  rdbss - ok
17:12:07.0574 0x0edc  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:12:07.0589 0x0edc  rdpbus - ok
17:12:07.0605 0x0edc  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:12:07.0636 0x0edc  RDPCDD - ok
17:12:07.0667 0x0edc  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:12:07.0698 0x0edc  RDPENCDD - ok
17:12:07.0698 0x0edc  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:12:07.0730 0x0edc  RDPREFMP - ok
17:12:07.0776 0x0edc  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:12:07.0792 0x0edc  RDPWD - ok
17:12:07.0854 0x0edc  [ B39424595C95C3A0AA6B5913EB207276, E19365B8F7795DE3D3320030A37AEAB1FD2FA111C4EA2CE5662B123341846162 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:12:07.0901 0x0edc  rdyboost - ok
17:12:07.0979 0x0edc  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:12:08.0026 0x0edc  RemoteAccess - ok
17:12:08.0073 0x0edc  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:12:08.0120 0x0edc  RemoteRegistry - ok
17:12:08.0182 0x0edc  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:12:08.0229 0x0edc  RpcEptMapper - ok
17:12:08.0260 0x0edc  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
17:12:08.0276 0x0edc  RpcLocator - ok
17:12:08.0385 0x0edc  [ 6684437F3628EF237C354F77D33426D1, ABFCB62E688303373E3898ED479271F4F1133A64ED58868969CE314B7D871BC9 ] rpcnet          C:\Windows\system32\rpcnet.exe
17:12:08.0400 0x0edc  rpcnet - ok
17:12:08.0510 0x0edc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
17:12:08.0572 0x0edc  RpcSs - ok
17:12:08.0650 0x0edc  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:12:08.0681 0x0edc  rspndr - ok
17:12:08.0728 0x0edc  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:12:08.0759 0x0edc  RTL8167 - ok
17:12:08.0790 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
17:12:08.0806 0x0edc  SamSs - ok
17:12:08.0868 0x0edc  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:12:08.0884 0x0edc  sbp2port - ok
17:12:08.0931 0x0edc  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:12:08.0962 0x0edc  SCardSvr - ok
17:12:09.0009 0x0edc  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:12:09.0056 0x0edc  scfilter - ok
17:12:09.0165 0x0edc  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
17:12:09.0212 0x0edc  Schedule - ok
17:12:09.0243 0x0edc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:12:09.0274 0x0edc  SCPolicySvc - ok
17:12:09.0368 0x0edc  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:12:09.0399 0x0edc  sdbus - ok
17:12:09.0430 0x0edc  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:12:09.0446 0x0edc  SDRSVC - ok
17:12:09.0492 0x0edc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:12:09.0524 0x0edc  secdrv - ok
17:12:09.0570 0x0edc  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
17:12:09.0633 0x0edc  seclogon - ok
17:12:09.0742 0x0edc  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
17:12:09.0804 0x0edc  SENS - ok
17:12:09.0851 0x0edc  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:12:09.0882 0x0edc  SensrSvc - ok
17:12:09.0929 0x0edc  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:12:09.0960 0x0edc  Serenum - ok
17:12:10.0007 0x0edc  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:12:10.0023 0x0edc  Serial - ok
17:12:10.0054 0x0edc  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:12:10.0070 0x0edc  sermouse - ok
17:12:10.0132 0x0edc  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:12:10.0194 0x0edc  SessionEnv - ok
17:12:10.0226 0x0edc  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:12:10.0241 0x0edc  sffdisk - ok
17:12:10.0428 0x0edc  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:12:10.0460 0x0edc  sffp_mmc - ok
17:12:10.0506 0x0edc  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:12:10.0538 0x0edc  sffp_sd - ok
17:12:10.0631 0x0edc  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:12:10.0662 0x0edc  sfloppy - ok
17:12:10.0756 0x0edc  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:12:10.0803 0x0edc  SharedAccess - ok
17:12:10.0928 0x0edc  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:12:10.0990 0x0edc  ShellHWDetection - ok
17:12:11.0052 0x0edc  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:12:11.0099 0x0edc  sisagp - ok
17:12:11.0146 0x0edc  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:12:11.0177 0x0edc  SiSRaid2 - ok
17:12:11.0193 0x0edc  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:12:11.0224 0x0edc  SiSRaid4 - ok
17:12:11.0240 0x0edc  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:12:11.0302 0x0edc  Smb - ok
17:12:11.0349 0x0edc  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:12:11.0380 0x0edc  SNMPTRAP - ok
17:12:11.0396 0x0edc  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:12:11.0427 0x0edc  spldr - ok
17:12:11.0505 0x0edc  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
17:12:11.0536 0x0edc  Spooler - ok
17:12:11.0692 0x0edc  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
17:12:11.0817 0x0edc  sppsvc - ok
17:12:11.0895 0x0edc  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:12:11.0942 0x0edc  sppuinotify - ok
17:12:12.0066 0x0edc  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:12:12.0113 0x0edc  srv - ok
17:12:12.0160 0x0edc  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:12:12.0207 0x0edc  srv2 - ok
17:12:12.0222 0x0edc  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:12:12.0254 0x0edc  srvnet - ok
17:12:12.0378 0x0edc  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:12:12.0441 0x0edc  SSDPSRV - ok
17:12:12.0456 0x0edc  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:12:12.0503 0x0edc  SstpSvc - ok
17:12:12.0550 0x0edc  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:12:12.0566 0x0edc  stexstor - ok
17:12:12.0909 0x0edc  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:12:12.0956 0x0edc  StiSvc - ok
17:12:13.0018 0x0edc  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:12:13.0049 0x0edc  swenum - ok
17:12:13.0143 0x0edc  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
17:12:13.0205 0x0edc  swprv - ok
17:12:13.0361 0x0edc  [ ED3177B14DB39CD26CF7EE7E077BB6A2, 376E11D23A8C937E15344B3AFEF4C3E6B9CDB5B3CBADD648B76D61186585D5C0 ] SysMain         C:\Windows\system32\sysmain.dll
17:12:13.0408 0x0edc  SysMain - ok
17:12:13.0486 0x0edc  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:12:13.0502 0x0edc  TabletInputService - ok
17:12:13.0548 0x0edc  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:12:13.0580 0x0edc  TapiSrv - ok
17:12:13.0720 0x0edc  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
17:12:13.0767 0x0edc  TBS - ok
17:12:13.0892 0x0edc  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:12:13.0954 0x0edc  Tcpip - ok
17:12:14.0048 0x0edc  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:12:14.0094 0x0edc  TCPIP6 - ok
17:12:14.0141 0x0edc  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:12:14.0172 0x0edc  tcpipreg - ok
17:12:14.0219 0x0edc  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:12:14.0250 0x0edc  TDPIPE - ok
17:12:14.0328 0x0edc  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:12:14.0360 0x0edc  TDTCP - ok
17:12:14.0406 0x0edc  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:12:14.0422 0x0edc  tdx - ok
17:12:15.0202 0x0edc  [ AB2CB86BB4046B6C68A95EDC2760F9DC, 9E99CAE125CEE04940BB1D7E0ADE18F9D69F19A98B5BE09923BAC143323C08DC ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
17:12:15.0342 0x0edc  TeamViewer9 - ok
17:12:15.0405 0x0edc  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:12:15.0436 0x0edc  TermDD - ok
17:12:15.0561 0x0edc  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
17:12:15.0608 0x0edc  TermService - ok
17:12:15.0686 0x0edc  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
17:12:15.0717 0x0edc  Themes - ok
17:12:15.0748 0x0edc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:12:15.0795 0x0edc  THREADORDER - ok
17:12:15.0826 0x0edc  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
17:12:15.0873 0x0edc  TrkWks - ok
17:12:15.0951 0x0edc  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:12:15.0998 0x0edc  TrustedInstaller - ok
17:12:16.0076 0x0edc  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:12:16.0107 0x0edc  tssecsrv - ok
17:12:16.0154 0x0edc  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:12:16.0185 0x0edc  TsUsbFlt - ok
17:12:16.0247 0x0edc  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:12:16.0278 0x0edc  tunnel - ok
17:12:16.0372 0x0edc  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:12:16.0403 0x0edc  uagp35 - ok
17:12:16.0419 0x0edc  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:12:16.0466 0x0edc  udfs - ok
17:12:16.0497 0x0edc  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:12:16.0512 0x0edc  UI0Detect - ok
17:12:16.0544 0x0edc  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:12:16.0559 0x0edc  uliagpkx - ok
17:12:16.0606 0x0edc  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:12:16.0622 0x0edc  umbus - ok
17:12:16.0668 0x0edc  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:12:16.0684 0x0edc  UmPass - ok
17:12:16.0793 0x0edc  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
17:12:16.0856 0x0edc  upnphost - ok
17:12:16.0903 0x0edc  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
17:12:16.0918 0x0edc  usbccgp - ok
17:12:16.0996 0x0edc  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:12:17.0027 0x0edc  usbcir - ok
17:12:17.0074 0x0edc  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:12:17.0105 0x0edc  usbehci - ok
17:12:17.0230 0x0edc  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:12:17.0246 0x0edc  usbhub - ok
17:12:17.0293 0x0edc  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:12:17.0308 0x0edc  usbohci - ok
17:12:17.0339 0x0edc  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:12:17.0355 0x0edc  usbprint - ok
17:12:17.0449 0x0edc  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:12:17.0480 0x0edc  USBSTOR - ok
17:12:17.0527 0x0edc  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:12:17.0558 0x0edc  usbuhci - ok
17:12:17.0605 0x0edc  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
17:12:17.0651 0x0edc  UxSms - ok
17:12:17.0683 0x0edc  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
17:12:17.0698 0x0edc  VaultSvc - ok
17:12:17.0729 0x0edc  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:12:17.0745 0x0edc  vdrvroot - ok
17:12:17.0839 0x0edc  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
17:12:17.0901 0x0edc  vds - ok
17:12:17.0995 0x0edc  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:12:18.0041 0x0edc  vga - ok
17:12:18.0057 0x0edc  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:12:18.0104 0x0edc  VgaSave - ok
17:12:18.0213 0x0edc  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:12:18.0244 0x0edc  vhdmp - ok
17:12:18.0322 0x0edc  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:12:18.0353 0x0edc  viaagp - ok
17:12:18.0385 0x0edc  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:12:18.0416 0x0edc  ViaC7 - ok
17:12:18.0431 0x0edc  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:12:18.0447 0x0edc  viaide - ok
17:12:18.0478 0x0edc  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:12:18.0494 0x0edc  volmgr - ok
17:12:18.0509 0x0edc  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:12:18.0541 0x0edc  volmgrx - ok
17:12:18.0556 0x0edc  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:12:18.0587 0x0edc  volsnap - ok
17:12:18.0634 0x0edc  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:12:18.0665 0x0edc  vsmraid - ok
17:12:18.0790 0x0edc  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
17:12:18.0853 0x0edc  VSS - ok
17:12:18.0899 0x0edc  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:12:18.0915 0x0edc  vwifibus - ok
17:12:19.0040 0x0edc  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
17:12:19.0087 0x0edc  W32Time - ok
17:12:19.0102 0x0edc  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:12:19.0118 0x0edc  WacomPen - ok
17:12:19.0180 0x0edc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:12:19.0211 0x0edc  WANARP - ok
17:12:19.0227 0x0edc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:12:19.0258 0x0edc  Wanarpv6 - ok
17:12:19.0461 0x0edc  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
17:12:19.0508 0x0edc  wbengine - ok
17:12:19.0570 0x0edc  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:12:19.0601 0x0edc  WbioSrvc - ok
17:12:19.0711 0x0edc  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:12:19.0742 0x0edc  wcncsvc - ok
17:12:19.0773 0x0edc  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:12:19.0789 0x0edc  WcsPlugInService - ok
17:12:19.0835 0x0edc  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:12:19.0851 0x0edc  Wd - ok
17:12:19.0913 0x0edc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:12:19.0945 0x0edc  Wdf01000 - ok
17:12:19.0960 0x0edc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:12:19.0976 0x0edc  WdiServiceHost - ok
17:12:20.0007 0x0edc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:12:20.0023 0x0edc  WdiSystemHost - ok
17:12:20.0116 0x0edc  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
17:12:20.0147 0x0edc  WebClient - ok
17:12:20.0241 0x0edc  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:12:20.0288 0x0edc  Wecsvc - ok
17:12:20.0413 0x0edc  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:12:20.0444 0x0edc  wercplsupport - ok
17:12:20.0615 0x0edc  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
17:12:20.0662 0x0edc  WerSvc - ok
17:12:20.0725 0x0edc  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:12:20.0787 0x0edc  WfpLwf - ok
17:12:20.0787 0x0edc  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:12:20.0818 0x0edc  WIMMount - ok
17:12:20.0943 0x0edc  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:12:20.0990 0x0edc  WinDefend - ok
17:12:21.0005 0x0edc  WinHttpAutoProxySvc - ok
17:12:21.0099 0x0edc  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:12:21.0146 0x0edc  Winmgmt - ok
17:12:21.0349 0x0edc  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:12:21.0427 0x0edc  WinRM - ok
17:12:21.0505 0x0edc  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:12:21.0536 0x0edc  WinUsb - ok
17:12:21.0661 0x0edc  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:12:21.0707 0x0edc  Wlansvc - ok
17:12:21.0770 0x0edc  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:12:21.0801 0x0edc  WmiAcpi - ok
17:12:21.0863 0x0edc  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:12:21.0895 0x0edc  wmiApSrv - ok
17:12:22.0066 0x0edc  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:12:22.0129 0x0edc  WMPNetworkSvc - ok
17:12:22.0191 0x0edc  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:12:22.0222 0x0edc  WPCSvc - ok
17:12:22.0300 0x0edc  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:12:22.0316 0x0edc  WPDBusEnum - ok
17:12:22.0378 0x0edc  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:12:22.0425 0x0edc  ws2ifsl - ok
17:12:22.0550 0x0edc  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:12:22.0581 0x0edc  wscsvc - ok
17:12:22.0628 0x0edc  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
17:12:22.0675 0x0edc  WSDPrintDevice - ok
17:12:22.0706 0x0edc  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
17:12:22.0721 0x0edc  WSDScan - ok
17:12:22.0737 0x0edc  WSearch - ok
17:12:22.0862 0x0edc  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
17:12:22.0940 0x0edc  wuauserv - ok
17:12:22.0971 0x0edc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:12:23.0002 0x0edc  WudfPf - ok
17:12:23.0065 0x0edc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:12:23.0080 0x0edc  WUDFRd - ok
17:12:23.0143 0x0edc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:12:23.0174 0x0edc  wudfsvc - ok
17:12:23.0236 0x0edc  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:12:23.0267 0x0edc  WwanSvc - ok
17:12:23.0299 0x0edc  ================ Scan global ===============================
17:12:23.0345 0x0edc  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:12:23.0408 0x0edc  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:12:23.0455 0x0edc  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:12:23.0470 0x0edc  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:12:23.0533 0x0edc  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:12:23.0548 0x0edc  [ Global ] - ok
17:12:23.0548 0x0edc  ================ Scan MBR ==================================
17:12:23.0579 0x0edc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:12:24.0625 0x0edc  \Device\Harddisk0\DR0 - ok
17:12:24.0625 0x0edc  ================ Scan VBR ==================================
17:12:24.0640 0x0edc  [ 2DF868BA06933E8BF9490FD1378A40DA ] \Device\Harddisk0\DR0\Partition1
17:12:24.0640 0x0edc  \Device\Harddisk0\DR0\Partition1 - ok
17:12:24.0656 0x0edc  [ D535F6F8C82DBB0A40D9CDCF9116CC15 ] \Device\Harddisk0\DR0\Partition2
17:12:24.0656 0x0edc  \Device\Harddisk0\DR0\Partition2 - ok
17:12:24.0671 0x0edc  ================ Scan generic autorun ======================
17:12:24.0796 0x0edc  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
17:12:24.0843 0x0edc  MSC - ok
17:12:24.0952 0x0edc  [ 4B5CB170A7CABCBB4E5328A8116C7816, 80404DAC87D13E0CFB7E882B8A132E28DBD3D3DBB6E926F7DB4D67DFED38356A ] C:\Program Files\DellTPad\Apoint.exe
17:12:24.0983 0x0edc  Apoint - ok
17:12:25.0358 0x0edc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:12:25.0405 0x0edc  Sidebar - ok
17:12:25.0514 0x0edc  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:12:25.0561 0x0edc  mctadmin - ok
17:12:25.0607 0x0edc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:12:25.0654 0x0edc  Sidebar - ok
17:12:25.0670 0x0edc  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:12:25.0685 0x0edc  mctadmin - ok
17:12:25.0857 0x0edc  [ A8D6F4F2AF68837CA77C51C0F0BACB34, 1CEB737F885C9E2A8353335AAACEE8F933637B297B5D14B8B5F52046630388FB ] C:\Program Files\BatteryBar\ShowBatteryBar.exe
17:12:25.0857 0x0edc  ShowBatteryBar - detected UnsignedFile.Multi.Generic ( 1 )
17:12:26.0169 0x0edc  ShowBatteryBar ( UnsignedFile.Multi.Generic ) - warning
17:12:26.0185 0x0edc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
17:12:26.0185 0x0edc  Win FW state via NFP2: enabled
17:12:26.0185 0x0edc  ============================================================
17:12:26.0185 0x0edc  Scan finished
17:12:26.0185 0x0edc  ============================================================
17:12:26.0200 0x0d08  Detected object count: 1
17:12:26.0200 0x0d08  Actual detected object count: 1
17:13:01.0253 0x0d08  ShowBatteryBar ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:01.0253 0x0d08  ShowBatteryBar ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber · 18.09.2014, 08:14

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

frajoti · 19.09.2014, 14:33

Hallo schrauber, hier die FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by SYSTEM on MININT-JOAQJBO on 18-09-2014 22:21:47
Running from f:\
Platform: Windows 7 Home Premium (X86) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKU\*****\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-10] ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2013-02-24] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 07:06 - 2014-09-17 07:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-16 11:41 - 2014-09-16 11:57 - 00001047 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-16 11:41 - 2014-09-16 11:42 - 00000466 _____ () C:\Users\*****\Desktop\mse.txt
2014-09-16 11:38 - 2014-09-16 11:57 - 00000616 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-16 11:25 - 2014-09-16 11:25 - 00380416 _____ () C:\Users\*****\Desktop\9pip5jep.exe
2014-09-16 11:24 - 2014-09-18 22:21 - 00000000 ____D () C:\FRST
2014-09-16 11:24 - 2014-09-16 11:57 - 00023184 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-16 11:24 - 2014-09-16 11:56 - 00021706 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-16 11:23 - 2014-09-16 11:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-09-16 11:22 - 2014-09-16 11:56 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-16 11:22 - 2014-09-16 11:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-16 11:21 - 2014-09-16 11:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-16 11:11 - 2014-09-16 11:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-16 11:11 - 2014-09-16 11:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 11:11 - 2014-09-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 11:11 - 2014-09-16 11:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 11:11 - 2014-05-11 21:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-09-16 11:11 - 2014-05-11 21:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-16 11:11 - 2014-05-11 21:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-09-16 11:10 - 2014-09-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 10:45 - 2014-09-16 10:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 10:44 - 2014-09-16 12:08 - 00000112 _____ () C:\Windows\setupact.log
2014-09-16 10:44 - 2014-09-16 10:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 10:43 - 2014-09-16 10:44 - 00315632 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-16 10:30 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-16 10:30 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-16 10:30 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-09-16 10:30 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-16 10:30 - 2014-08-18 13:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-09-16 10:30 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-09-16 10:30 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-16 10:30 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-09-16 10:30 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-09-16 10:30 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-16 10:30 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-16 10:30 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-16 10:30 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-09-16 10:30 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-09-16 10:30 - 2014-08-18 13:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-09-16 10:30 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-09-16 10:30 - 2014-08-18 13:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-16 10:30 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-09-16 10:30 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-16 10:30 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-16 10:30 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-09-16 10:30 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-16 10:30 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-16 10:30 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-16 10:30 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-09-16 10:30 - 2014-08-18 13:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-16 10:30 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-09-16 10:30 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-09-16 10:30 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-16 10:30 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-09-16 08:28 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 11:25 - 2014-09-14 11:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 13:00 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-09-12 13:00 - 2014-07-06 17:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-12 13:00 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-12 13:00 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-09-12 12:59 - 2014-09-04 17:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-12 12:59 - 2014-09-04 17:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-09 11:26 - 2014-09-09 11:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2014-08-27 09:06 - 2014-08-22 17:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 09:06 - 2014-08-22 16:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-24 09:37 - 2014-05-14 08:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-24 09:37 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-24 09:37 - 2014-05-14 08:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-24 09:37 - 2014-05-14 08:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-24 09:37 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-24 09:37 - 2014-05-14 08:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-24 09:37 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-24 09:36 - 2014-05-13 23:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-24 09:36 - 2014-05-13 23:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-23 22:47 - 2014-08-23 22:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 22:21 - 2014-09-16 11:24 - 00000000 ____D () C:\FRST
2014-09-18 12:11 - 2013-02-23 23:08 - 01773772 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 12:04 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-18 11:49 - 2009-07-13 20:34 - 00022240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 11:49 - 2009-07-13 20:34 - 00022240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 11:47 - 2013-02-23 23:04 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2014-09-17 07:08 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-09-17 07:06 - 2014-09-17 07:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-16 12:08 - 2014-09-16 10:44 - 00000112 _____ () C:\Windows\setupact.log
2014-09-16 12:08 - 2013-02-24 12:42 - 00058288 _____ (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2014-09-16 11:57 - 2014-09-16 11:41 - 00001047 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-16 11:57 - 2014-09-16 11:38 - 00000616 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-16 11:57 - 2014-09-16 11:24 - 00023184 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-16 11:56 - 2014-09-16 11:24 - 00021706 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-16 11:56 - 2014-09-16 11:22 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-16 11:42 - 2014-09-16 11:41 - 00000466 _____ () C:\Users\*****\Desktop\mse.txt
2014-09-16 11:39 - 2014-09-16 11:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-16 11:25 - 2014-09-16 11:25 - 00380416 _____ () C:\Users\*****\Desktop\9pip5jep.exe
2014-09-16 11:23 - 2014-09-16 11:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-09-16 11:22 - 2014-09-16 11:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-16 11:22 - 2013-02-23 23:12 - 00000000 ____D () C:\users\*****
2014-09-16 11:21 - 2014-09-16 11:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-16 11:11 - 2014-09-16 11:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 11:11 - 2014-09-16 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 11:11 - 2014-09-16 11:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 11:10 - 2014-09-16 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 11:01 - 2013-02-23 23:15 - 01619284 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-16 10:45 - 2014-09-16 10:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-16 10:44 - 2014-09-16 10:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 10:44 - 2014-09-16 10:43 - 00315632 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-16 10:24 - 2013-02-23 23:05 - 00017920 _____ () C:\Windows\System32\rpcnetp.dll
2014-09-16 10:23 - 2013-02-24 13:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-16 08:28 - 2013-08-15 23:16 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-16 08:24 - 2013-02-24 13:03 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-16 08:24 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-09-16 08:23 - 2013-02-24 11:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-16 08:23 - 2013-02-24 11:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-16 08:22 - 2014-05-10 20:25 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-15 11:23 - 2013-06-16 11:33 - 00000000 ____D () C:\ProgramData\tmp
2014-09-14 11:26 - 2014-09-14 11:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-09 11:26 - 2014-09-09 11:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2014-09-09 11:26 - 2013-02-25 13:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-09-09 11:26 - 2013-02-25 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-09-04 17:52 - 2014-09-12 12:59 - 00445952 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-04 17:47 - 2014-09-12 12:59 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-01 10:38 - 2013-02-24 12:36 - 00000000 ____D () C:\Users\*****\Documents\Kündigung Adressänderung u.a
2014-08-29 12:08 - 2013-03-07 12:57 - 00002254 ____H () C:\Users\*****\Documents\Default.rdp
2014-08-23 22:47 - 2014-08-23 22:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-08-23 22:47 - 2013-02-24 12:37 - 00000000 ____D () C:\Users\*****\Documents\Wichtiges
2014-08-22 17:46 - 2014-08-27 09:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 16:42 - 2014-08-27 09:06 - 02352640 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-19 09:39 - 2014-09-16 10:30 - 00327872 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-08-19 12:19:13
Restore point made on: 2014-08-23 10:00:59
Restore point made on: 2014-08-24 09:36:29
Restore point made on: 2014-08-27 08:59:59
Restore point made on: 2014-08-28 09:08:48
Restore point made on: 2014-08-31 09:35:06
Restore point made on: 2014-09-04 10:37:24
Restore point made on: 2014-09-08 11:10:11
Restore point made on: 2014-09-12 13:02:54
Restore point made on: 2014-09-16 07:35:53
Restore point made on: 2014-09-16 10:28:42
Restore point made on: 2014-09-16 11:05:42

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 3032.96 MB
Available physical RAM: 2360.54 MB
Total Pagefile: 3031.23 MB
Available Pagefile: 2359.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:80.25 GB) NTFS
Drive f: (CORSAIR) (Removable) (Total:7.53 GB) (Free:4.99 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 6B8BCDEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)


LastRegBack: 2014-05-05 13:00

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hallo schrauber,

ich bin anscheinend einem False Postitve von MSE zum Opfer gefallen. In den Microsoft-Foren habe ich folgendes gefunden:

My PC is infected with DOS/Dexo when`I download google toolbar:
hxxp://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/my-pc-is-infected-with-dosdexo-wheni-download/5f6b4a52-62cf-4420-9746-1c0f08df5a62

Zitat:

We made some progress and found that one repro we got is caused by an inactive copy of a left-over DOS\Dexo payload in sector 15 (absolute offset 0x1E00 - 0x1FFF) of the MBR.

00001E00 FA 33 C0 8E D0 BC 00 7C 8B F4 8E D8 8E C0 FB FC ú3AZD¼.|<ôZOZAûü
00001E10 BF 00 06 B9 00 01 F3 A5 EA 21 06 00 00 05 D4 65 ¿..1..ó¥ê!....Oe
00001E20 85 BB 00 80 B9 0A 00 BA 80 00 B8 08 02 CD 13 88 .».?1..º?.,..I.^
00001E30 16 04 7C 8B FB 8B F3 B9 3C 0B 33 DB 89 1E 00 7C ..|<û<ó1<.3U%..|
00001E40 C7 06 02 7C 00 08 33 D2 4A 33 C0 AC D1 C8 03 D0 Ç..|..3OJ3A¬ÑE.D

The underlined pattern triggers MSE, but unfortunately, existing MSE signature does not remove this payload properly, causing repeated detections that folks are seeing. Also, OS reinstall normally does not change this part of the boot drive.

This issue is only seen after the MSE 4.6 update, as MSE 4.6 increases the boot sector scanning length from 512 bytes (1 sector) to 8192 bytes (16 sectors).

We are working on make a signature update to address this. We apologize for the inconvenience that this has caused for our MSE customers.

Am Ende des Themas berichten User, dass mit dem neuesten Update von MSE der Fehler behoben wurde. Dies ist auch bei mir der Fall.

Falls bei mir dennoch Handlungsbedarf besteht, warte ich geduldig...

schrauber · 20.09.2014, 14:59

nö,alles gut

20.09.2014, 14:59	#6
schrauber /// the machine /// TB-Ausbilder	MSE meldet während Youtube-Besuch Virus DOS/Dexo nö,alles gut __________________ --> MSE meldet während Youtube-Besuch Virus DOS/Dexo

MSE meldet während Youtube-Besuch Virus DOS/Dexo

Log-Analyse und Auswertung: MSE meldet während Youtube-Besuch Virus DOS/Dexo