| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe ich einen Virus ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.10.2014, 13:55
| #1 |
 |  Habe ich einen Virus ? Hallo, vor ein paar Tagen war ich im Internet unterwegs, als plötzlich ein Windows-Fenster oben links für zirka 2 Sekunden erscheint und irgendwas macht (sah aus wie ne Datenübertragung). Da es so schnell vorbei war, hab ich nicht gesehen was es genau war. Nun meine Frage: Kann es ein Virus sein? Kann ich es irgendwie überprüfen ? Avira Antivirus hab ich schon durchlaufen lassen, hat nichts gefunden. Trotzdem bin ich noch besorgt. Weiß einer Rat ? |
|
11.10.2014, 14:17
| #2 |
| /// the machine /// TB-Ausbilder    | Habe ich einen Virus ? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.10.2014, 12:32
| #3 |
| | Habe ich einen Virus ? FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by klopsi (administrator) on KLOPSI-PC on 11-10-2014 23:41:11
Running from C:\Users\klopsi\Downloads
Loaded Profile: klopsi (Available profiles: klopsi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default
FF Homepage: hxxp://encrypted.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\user.js
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: FastestFox - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-08-01]
FF Extension: Adblock Plus - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\klopsi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 23:41 - 2014-10-11 23:41 - 00008980 _____ () C:\Users\klopsi\Downloads\FRST.txt
2014-10-11 23:40 - 2014-10-11 23:41 - 00000000 ____D () C:\FRST
2014-10-11 23:40 - 2014-10-11 23:40 - 02109952 _____ (Farbar) C:\Users\klopsi\Downloads\FRST64.exe
2014-10-06 20:20 - 2014-10-06 21:16 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\TS3Client
2014-10-06 20:20 - 2014-10-06 20:20 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-06 20:20 - 2014-10-06 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-10-06 20:20 - 2014-10-06 20:20 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-10-06 20:16 - 2014-10-06 20:17 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\klopsi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-10-06 15:05 - 2014-10-06 15:05 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard
2014-10-06 14:59 - 2014-10-06 15:05 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-06 14:59 - 2014-10-06 14:59 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-10-06 14:59 - 2014-10-06 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-10-06 14:58 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-11 23:37 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Battle.net
2014-10-06 14:57 - 2014-10-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 14:57 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-06 14:56 - 2014-10-06 14:56 - 03099552 _____ (Blizzard Entertainment) C:\Users\klopsi\Downloads\Hearthstone-Setup-deDE.exe
2014-10-05 12:00 - 2014-10-05 12:00 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 18:49 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Avira
2014-09-25 18:45 - 2014-10-09 11:40 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-25 18:42 - 2014-10-09 11:40 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-25 18:42 - 2014-10-09 11:40 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-25 18:42 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-25 18:40 - 2014-09-25 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\ProgramData\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-25 18:40 - 2014-09-25 18:40 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\klopsi\Downloads\avira_de_av___ws.exe
2014-09-25 18:40 - 2014-09-25 18:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-25 18:40 - 2014-09-25 18:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 17:55 - 2014-09-21 17:55 - 00000403 _____ () C:\Windows\ODBC.INI
2014-09-21 17:55 - 2014-09-21 17:55 - 00000035 _____ () C:\Windows\vbaddin.ini
2014-09-21 17:55 - 2014-09-21 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verwaltung
2014-09-21 17:54 - 2014-09-21 17:54 - 00002775 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002715 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002687 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002675 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002635 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002619 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002615 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-21 17:53 - 2014-09-21 17:53 - 00000000 ____D () C:\Windows\Msagent
2014-09-21 17:53 - 2014-09-21 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft FrontPage
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Microsoft Web Folders
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-21 17:38 - 2014-09-21 17:38 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 23:37 - 2014-08-02 20:26 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Skype
2014-10-11 23:37 - 2014-08-01 22:25 - 01342672 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 14:08 - 2009-07-14 06:51 - 00028865 _____ () C:\Windows\setupact.log
2014-10-09 12:22 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 12:22 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 12:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 20:48 - 2014-08-01 22:30 - 00000000 ____D () C:\Users\klopsi\AppData\Local\VirtualStore
2014-10-07 14:34 - 2010-11-21 05:47 - 00279684 _____ () C:\Windows\PFRO.log
2014-10-05 12:02 - 2014-08-03 20:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-05 12:01 - 2014-08-02 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 11:57 - 2014-08-22 12:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-05 11:57 - 2014-08-22 12:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-25 18:49 - 2014-08-22 12:16 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Avg2014
2014-09-25 18:48 - 2014-08-22 12:22 - 00000000 ___HD () C:\$AVG
2014-09-25 18:41 - 2014-08-01 22:35 - 00062312 _____ () C:\Users\klopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-24 09:51 - 2009-07-14 06:45 - 00284104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-21 17:54 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-09-21 17:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Windows\ShellNew
2014-09-21 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-09-21 11:52 - 2014-08-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 11:52 - 2014-08-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\klopsi\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\klopsi\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\avgnt.exe
C:\Users\klopsi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe
C:\Users\klopsi\AppData\Local\Temp\sdanircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\sdapskill.exe
C:\Users\klopsi\AppData\Local\Temp\sdaspwn.exe
C:\Users\klopsi\AppData\Local\Temp\sfamcc00001.dll
C:\Users\klopsi\AppData\Local\Temp\sfextra.dll
C:\Users\klopsi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\klopsi\AppData\Local\Temp\UNINSTALL.exe
C:\Users\klopsi\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-08 11:48
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by klopsi at 2014-10-11 23:41:51
Running from C:\Users\klopsi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version: - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
08-09-2014 09:55:04 Geplanter Prüfpunkt
21-09-2014 15:49:08 Microsoft Office 2000 Premium wird installiert
25-09-2014 16:44:04 Removed AVG 2014
25-09-2014 16:49:04 Removed AVG 2014
09-10-2014 09:48:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {DA4A0661-015A-4A9B-877E-FC6C5925347B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
==================== Loaded Modules (whitelisted) =============
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-01 22:38 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\klopsi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libcef.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libGLESv2.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\platforms\qwindows.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libEGL.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qgif.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qico.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qjpeg.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qmng.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qtiff.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick.2\qtquick2plugin.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-08 22:21 - 2014-10-08 22:21 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQml\Models.2\modelsplugin.dll
2014-09-21 11:52 - 2014-09-21 11:52 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-08-01 22:36 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2515552902-1029408911-2965342807-500 - Administrator - Disabled)
Gast (S-1-5-21-2515552902-1029408911-2965342807-501 - Limited - Disabled)
klopsi (S-1-5-21-2515552902-1029408911-2965342807-1000 - Administrator - Enabled) => C:\Users\klopsi
==================== Faulty Device Manager Devices =============
Name: WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/09/2014 10:21:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1178
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/09/2014 00:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/07/2014 02:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 11:59:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/05/2014 11:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/24/2014 09:52:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2014 05:38:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/21/2014 11:53:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/21/2014 11:45:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 01:20:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/24/2014 09:51:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753636.
Error: (09/14/2014 01:17:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (09/08/2014 01:58:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/26/2014 08:53:09 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Error: (08/26/2014 08:53:09 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (08/26/2014 08:53:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (08/26/2014 08:52:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405
Error: (08/26/2014 08:49:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/05/2014 09:56:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/05/2014 09:56:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Microsoft Office Sessions:
=========================
Error: (10/09/2014 10:21:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b117801cfe3b7afcf5ad5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle6afda66-4ff1-11e4-b5b7-dc0ea1a3207a
Error: (10/09/2014 00:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/07/2014 02:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2014 11:59:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (10/05/2014 11:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/24/2014 09:52:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2014 05:38:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/21/2014 11:53:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: klopsi-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/21/2014 11:45:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 01:20:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 31%
Total physical RAM: 7862.7 MB
Available physical RAM: 5372.25 MB
Total Pagefile: 19860.88 MB
Available Pagefile: 16965.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:652.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 35C812CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by klopsi (administrator) on KLOPSI-PC on 12-10-2014 13:31:28
Running from C:\Users\klopsi\Downloads
Loaded Profile: klopsi (Available profiles: klopsi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default
FF Homepage: hxxp://encrypted.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\user.js
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: FastestFox - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-08-01]
FF Extension: Adblock Plus - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\klopsi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 23:41 - 2014-10-12 13:31 - 00009255 _____ () C:\Users\klopsi\Downloads\FRST.txt
2014-10-11 23:41 - 2014-10-11 23:42 - 00018143 _____ () C:\Users\klopsi\Downloads\Addition.txt
2014-10-11 23:40 - 2014-10-12 13:31 - 00000000 ____D () C:\FRST
2014-10-11 23:40 - 2014-10-11 23:40 - 02109952 _____ (Farbar) C:\Users\klopsi\Downloads\FRST64.exe
2014-10-06 20:20 - 2014-10-06 21:16 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\TS3Client
2014-10-06 20:20 - 2014-10-06 20:20 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-06 20:20 - 2014-10-06 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-10-06 20:20 - 2014-10-06 20:20 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-10-06 20:16 - 2014-10-06 20:17 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\klopsi\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-10-06 15:05 - 2014-10-06 15:05 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard
2014-10-06 14:59 - 2014-10-06 15:05 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-06 14:59 - 2014-10-06 14:59 - 00001159 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-10-06 14:59 - 2014-10-06 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-10-06 14:58 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-12 13:31 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Battle.net
2014-10-06 14:57 - 2014-10-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 14:57 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-06 14:56 - 2014-10-06 14:56 - 03099552 _____ (Blizzard Entertainment) C:\Users\klopsi\Downloads\Hearthstone-Setup-deDE.exe
2014-10-05 12:00 - 2014-10-05 12:00 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 18:49 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Avira
2014-09-25 18:45 - 2014-10-09 11:40 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-25 18:42 - 2014-10-09 11:40 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-25 18:42 - 2014-10-09 11:40 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-25 18:42 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-25 18:40 - 2014-09-25 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\ProgramData\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-25 18:40 - 2014-09-25 18:40 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\klopsi\Downloads\avira_de_av___ws.exe
2014-09-25 18:40 - 2014-09-25 18:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-25 18:40 - 2014-09-25 18:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 17:55 - 2014-09-21 17:55 - 00000403 _____ () C:\Windows\ODBC.INI
2014-09-21 17:55 - 2014-09-21 17:55 - 00000035 _____ () C:\Windows\vbaddin.ini
2014-09-21 17:55 - 2014-09-21 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verwaltung
2014-09-21 17:54 - 2014-09-21 17:54 - 00002775 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002715 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002687 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002675 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002635 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002619 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00002615 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-21 17:53 - 2014-09-21 17:53 - 00000000 ____D () C:\Windows\Msagent
2014-09-21 17:53 - 2014-09-21 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft FrontPage
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Microsoft Web Folders
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-21 17:38 - 2014-09-21 17:38 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 13:29 - 2014-08-02 20:26 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Skype
2014-10-12 13:14 - 2014-08-01 22:25 - 01343666 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 14:08 - 2009-07-14 06:51 - 00028865 _____ () C:\Windows\setupact.log
2014-10-09 12:22 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 12:22 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 12:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 20:48 - 2014-08-01 22:30 - 00000000 ____D () C:\Users\klopsi\AppData\Local\VirtualStore
2014-10-07 14:34 - 2010-11-21 05:47 - 00279684 _____ () C:\Windows\PFRO.log
2014-10-05 12:02 - 2014-08-03 20:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-05 12:01 - 2014-08-02 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 11:57 - 2014-08-22 12:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-05 11:57 - 2014-08-22 12:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-25 18:49 - 2014-08-22 12:16 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Avg2014
2014-09-25 18:48 - 2014-08-22 12:22 - 00000000 ___HD () C:\$AVG
2014-09-25 18:41 - 2014-08-01 22:35 - 00062312 _____ () C:\Users\klopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-24 09:51 - 2009-07-14 06:45 - 00284104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-21 17:54 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-09-21 17:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Windows\ShellNew
2014-09-21 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-09-21 11:52 - 2014-08-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 11:52 - 2014-08-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\klopsi\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\klopsi\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\avgnt.exe
C:\Users\klopsi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe
C:\Users\klopsi\AppData\Local\Temp\sdanircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\sdapskill.exe
C:\Users\klopsi\AppData\Local\Temp\sdaspwn.exe
C:\Users\klopsi\AppData\Local\Temp\sfamcc00001.dll
C:\Users\klopsi\AppData\Local\Temp\sfextra.dll
C:\Users\klopsi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\klopsi\AppData\Local\Temp\UNINSTALL.exe
C:\Users\klopsi\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-08 11:48
==================== End Of Log ============================
--- --- --- |
|
13.10.2014, 09:19
| #4 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ? hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 17:13
| #5 |
| | Habe ich einen Virus ? Hab jetzt 2 Dateien bekommen : Code:
ATTFilter 18:09:46.0644 0x0bec TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
18:09:50.0392 0x0bec ============================================================
18:09:50.0392 0x0bec Current date / time: 2014/10/14 18:09:50.0392
18:09:50.0392 0x0bec SystemInfo:
18:09:50.0392 0x0bec
18:09:50.0392 0x0bec OS Version: 6.1.7601 ServicePack: 1.0
18:09:50.0392 0x0bec Product type: Workstation
18:09:50.0392 0x0bec ComputerName: KLOPSI-PC
18:09:50.0392 0x0bec UserName: klopsi
18:09:50.0392 0x0bec Windows directory: C:\Windows
18:09:50.0392 0x0bec System windows directory: C:\Windows
18:09:50.0392 0x0bec Running under WOW64
18:09:50.0392 0x0bec Processor architecture: Intel x64
18:09:50.0392 0x0bec Number of processors: 2
18:09:50.0392 0x0bec Page size: 0x1000
18:09:50.0392 0x0bec Boot type: Normal boot
18:09:50.0392 0x0bec ============================================================
18:09:53.0409 0x0bec KLMD registered as C:\Windows\system32\drivers\92955884.sys
18:09:53.0673 0x0bec System UUID: {A7ED6027-D90F-4AEC-4950-786047F43A44}
18:09:54.0219 0x0bec Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:09:54.0230 0x0bec ============================================================
18:09:54.0230 0x0bec \Device\Harddisk0\DR0:
18:09:54.0230 0x0bec MBR partitions:
18:09:54.0230 0x0bec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:09:54.0230 0x0bec \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x575136F0
18:09:54.0230 0x0bec ============================================================
18:09:54.0250 0x0bec C: <-> \Device\Harddisk0\DR0\Partition2
18:09:54.0250 0x0bec ============================================================
18:09:54.0250 0x0bec Initialize success
18:09:54.0250 0x0bec ============================================================
18:09:55.0619 0x0c70 ============================================================
18:09:55.0619 0x0c70 Scan started
18:09:55.0619 0x0c70 Mode: Manual;
18:09:55.0619 0x0c70 ============================================================
18:09:55.0619 0x0c70 KSN ping started
18:09:58.0299 0x0c70 KSN ping finished: true
18:09:58.0860 0x0c70 ================ Scan system memory ========================
18:09:58.0861 0x0c70 System memory - ok
18:09:58.0862 0x0c70 ================ Scan services =============================
18:09:59.0054 0x0c70 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:09:59.0061 0x0c70 1394ohci - ok
18:09:59.0117 0x0c70 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:09:59.0127 0x0c70 ACPI - ok
18:09:59.0146 0x0c70 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:09:59.0148 0x0c70 AcpiPmi - ok
18:09:59.0327 0x0c70 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:09:59.0329 0x0c70 AdobeARMservice - ok
18:09:59.0378 0x0c70 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:09:59.0392 0x0c70 adp94xx - ok
18:09:59.0416 0x0c70 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:09:59.0425 0x0c70 adpahci - ok
18:09:59.0458 0x0c70 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:09:59.0463 0x0c70 adpu320 - ok
18:09:59.0487 0x0c70 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:09:59.0490 0x0c70 AeLookupSvc - ok
18:09:59.0573 0x0c70 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
18:09:59.0592 0x0c70 AFD - ok
18:09:59.0633 0x0c70 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
18:09:59.0636 0x0c70 agp440 - ok
18:09:59.0652 0x0c70 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
18:09:59.0655 0x0c70 ALG - ok
18:09:59.0670 0x0c70 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
18:09:59.0672 0x0c70 aliide - ok
18:09:59.0680 0x0c70 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
18:09:59.0681 0x0c70 amdide - ok
18:09:59.0704 0x0c70 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:09:59.0707 0x0c70 AmdK8 - ok
18:09:59.0711 0x0c70 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:09:59.0714 0x0c70 AmdPPM - ok
18:09:59.0746 0x0c70 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:09:59.0750 0x0c70 amdsata - ok
18:09:59.0805 0x0c70 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:09:59.0812 0x0c70 amdsbs - ok
18:09:59.0828 0x0c70 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:09:59.0829 0x0c70 amdxata - ok
18:09:59.0888 0x0c70 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
18:09:59.0891 0x0c70 AppID - ok
18:09:59.0913 0x0c70 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:09:59.0915 0x0c70 AppIDSvc - ok
18:09:59.0948 0x0c70 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
18:09:59.0950 0x0c70 Appinfo - ok
18:10:00.0013 0x0c70 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
18:10:00.0019 0x0c70 AppMgmt - ok
18:10:00.0034 0x0c70 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
18:10:00.0037 0x0c70 arc - ok
18:10:00.0056 0x0c70 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:10:00.0059 0x0c70 arcsas - ok
18:10:00.0180 0x0c70 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:10:00.0182 0x0c70 aspnet_state - ok
18:10:00.0224 0x0c70 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:00.0226 0x0c70 AsyncMac - ok
18:10:00.0245 0x0c70 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
18:10:00.0246 0x0c70 atapi - ok
18:10:00.0372 0x0c70 [ CC406DA84E7DD3FA3AD20340DBC66CF2, 295F02AA66A3E7879329DC18A741021923C7B389AD8AC6C25A07CAAD6D9CAD33 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:10:00.0496 0x0c70 athr - ok
18:10:00.0583 0x0c70 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:10:00.0614 0x0c70 AudioEndpointBuilder - ok
18:10:00.0648 0x0c70 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:10:00.0663 0x0c70 AudioSrv - ok
18:10:00.0728 0x0c70 [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
18:10:00.0731 0x0c70 Avgdiska - ok
18:10:00.0952 0x0c70 [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
18:10:01.0065 0x0c70 AVGIDSAgent - ok
18:10:01.0104 0x0c70 [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:10:01.0109 0x0c70 AVGIDSDriver - ok
18:10:01.0146 0x0c70 [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:10:01.0151 0x0c70 AVGIDSHA - ok
18:10:01.0181 0x0c70 [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:10:01.0187 0x0c70 Avgldx64 - ok
18:10:01.0266 0x0c70 [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
18:10:01.0275 0x0c70 Avgloga - ok
18:10:01.0298 0x0c70 [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:10:01.0302 0x0c70 Avgmfx64 - ok
18:10:01.0333 0x0c70 [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:10:01.0334 0x0c70 Avgrkx64 - ok
18:10:01.0364 0x0c70 [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:10:01.0370 0x0c70 Avgtdia - ok
18:10:01.0439 0x0c70 [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
18:10:01.0441 0x0c70 avgtp - ok
18:10:01.0476 0x0c70 [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
18:10:01.0484 0x0c70 avgwd - ok
18:10:01.0550 0x0c70 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:10:01.0554 0x0c70 AxInstSV - ok
18:10:01.0621 0x0c70 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:10:01.0640 0x0c70 b06bdrv - ok
18:10:01.0717 0x0c70 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:10:01.0725 0x0c70 b57nd60a - ok
18:10:01.0784 0x0c70 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
18:10:01.0788 0x0c70 BDESVC - ok
18:10:01.0796 0x0c70 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
18:10:01.0798 0x0c70 Beep - ok
18:10:01.0878 0x0c70 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
18:10:01.0911 0x0c70 BFE - ok
18:10:01.0960 0x0c70 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
18:10:01.0993 0x0c70 BITS - ok
18:10:02.0033 0x0c70 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:02.0035 0x0c70 blbdrive - ok
18:10:02.0064 0x0c70 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:10:02.0068 0x0c70 bowser - ok
18:10:02.0114 0x0c70 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:10:02.0115 0x0c70 BrFiltLo - ok
18:10:02.0119 0x0c70 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:10:02.0120 0x0c70 BrFiltUp - ok
18:10:02.0145 0x0c70 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
18:10:02.0149 0x0c70 Browser - ok
18:10:02.0160 0x0c70 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:10:02.0168 0x0c70 Brserid - ok
18:10:02.0173 0x0c70 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:02.0175 0x0c70 BrSerWdm - ok
18:10:02.0180 0x0c70 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:02.0181 0x0c70 BrUsbMdm - ok
18:10:02.0185 0x0c70 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:02.0186 0x0c70 BrUsbSer - ok
18:10:02.0237 0x0c70 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:10:02.0240 0x0c70 BTHMODEM - ok
18:10:02.0305 0x0c70 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
18:10:02.0308 0x0c70 bthserv - ok
18:10:02.0348 0x0c70 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:10:02.0352 0x0c70 cdfs - ok
18:10:02.0409 0x0c70 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:10:02.0414 0x0c70 cdrom - ok
18:10:02.0451 0x0c70 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
18:10:02.0454 0x0c70 CertPropSvc - ok
18:10:02.0459 0x0c70 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
18:10:02.0461 0x0c70 circlass - ok
18:10:02.0488 0x0c70 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
18:10:02.0497 0x0c70 CLFS - ok
18:10:02.0576 0x0c70 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:02.0579 0x0c70 clr_optimization_v2.0.50727_32 - ok
18:10:02.0622 0x0c70 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:02.0625 0x0c70 clr_optimization_v2.0.50727_64 - ok
18:10:02.0722 0x0c70 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:02.0725 0x0c70 clr_optimization_v4.0.30319_32 - ok
18:10:02.0742 0x0c70 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:02.0746 0x0c70 clr_optimization_v4.0.30319_64 - ok
18:10:02.0800 0x0c70 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:10:02.0802 0x0c70 CmBatt - ok
18:10:02.0810 0x0c70 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:10:02.0812 0x0c70 cmdide - ok
18:10:02.0842 0x0c70 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
18:10:02.0854 0x0c70 CNG - ok
18:10:02.0900 0x0c70 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:10:02.0901 0x0c70 Compbatt - ok
18:10:02.0949 0x0c70 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:10:02.0951 0x0c70 CompositeBus - ok
18:10:02.0978 0x0c70 COMSysApp - ok
18:10:02.0997 0x0c70 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:10:02.0999 0x0c70 crcdisk - ok
18:10:03.0056 0x0c70 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:10:03.0061 0x0c70 CryptSvc - ok
18:10:03.0095 0x0c70 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
18:10:03.0113 0x0c70 CSC - ok
18:10:03.0136 0x0c70 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
18:10:03.0154 0x0c70 CscService - ok
18:10:03.0209 0x0c70 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:10:03.0230 0x0c70 DcomLaunch - ok
18:10:03.0301 0x0c70 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
18:10:03.0310 0x0c70 defragsvc - ok
18:10:03.0327 0x0c70 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:10:03.0331 0x0c70 DfsC - ok
18:10:03.0379 0x0c70 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:10:03.0388 0x0c70 Dhcp - ok
18:10:03.0412 0x0c70 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
18:10:03.0414 0x0c70 discache - ok
18:10:03.0469 0x0c70 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
18:10:03.0472 0x0c70 Disk - ok
18:10:03.0500 0x0c70 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:10:03.0503 0x0c70 dmvsc - ok
18:10:03.0557 0x0c70 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:10:03.0562 0x0c70 Dnscache - ok
18:10:03.0588 0x0c70 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
18:10:03.0595 0x0c70 dot3svc - ok
18:10:03.0647 0x0c70 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
18:10:03.0652 0x0c70 DPS - ok
18:10:03.0692 0x0c70 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:10:03.0694 0x0c70 drmkaud - ok
18:10:03.0753 0x0c70 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:10:03.0774 0x0c70 DXGKrnl - ok
18:10:03.0833 0x0c70 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
18:10:03.0836 0x0c70 EapHost - ok
18:10:04.0003 0x0c70 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:10:04.0115 0x0c70 ebdrv - ok
18:10:04.0143 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
18:10:04.0145 0x0c70 EFS - ok
18:10:04.0214 0x0c70 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:10:04.0248 0x0c70 ehRecvr - ok
18:10:04.0263 0x0c70 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
18:10:04.0268 0x0c70 ehSched - ok
18:10:04.0340 0x0c70 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:10:04.0362 0x0c70 elxstor - ok
18:10:04.0382 0x0c70 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:10:04.0384 0x0c70 ErrDev - ok
18:10:04.0458 0x0c70 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
18:10:04.0468 0x0c70 EventSystem - ok
18:10:04.0486 0x0c70 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
18:10:04.0492 0x0c70 exfat - ok
18:10:04.0501 0x0c70 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:10:04.0508 0x0c70 fastfat - ok
18:10:04.0577 0x0c70 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
18:10:04.0610 0x0c70 Fax - ok
18:10:04.0615 0x0c70 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
18:10:04.0620 0x0c70 fdc - ok
18:10:04.0658 0x0c70 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
18:10:04.0659 0x0c70 fdPHost - ok
18:10:04.0670 0x0c70 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
18:10:04.0672 0x0c70 FDResPub - ok
18:10:04.0720 0x0c70 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:10:04.0723 0x0c70 FileInfo - ok
18:10:04.0741 0x0c70 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:10:04.0743 0x0c70 Filetrace - ok
18:10:04.0747 0x0c70 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:10:04.0756 0x0c70 flpydisk - ok
18:10:04.0777 0x0c70 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:10:04.0786 0x0c70 FltMgr - ok
18:10:04.0881 0x0c70 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
18:10:04.0925 0x0c70 FontCache - ok
18:10:04.0979 0x0c70 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:04.0981 0x0c70 FontCache3.0.0.0 - ok
18:10:05.0004 0x0c70 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:10:05.0007 0x0c70 FsDepends - ok
18:10:05.0037 0x0c70 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:10:05.0038 0x0c70 Fs_Rec - ok
18:10:05.0052 0x0c70 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:10:05.0058 0x0c70 fvevol - ok
18:10:05.0105 0x0c70 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:10:05.0108 0x0c70 gagp30kx - ok
18:10:05.0154 0x0c70 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
18:10:05.0186 0x0c70 gpsvc - ok
18:10:05.0207 0x0c70 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:10:05.0209 0x0c70 hcw85cir - ok
18:10:05.0266 0x0c70 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:10:05.0274 0x0c70 HdAudAddService - ok
18:10:05.0326 0x0c70 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:05.0330 0x0c70 HDAudBus - ok
18:10:05.0334 0x0c70 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:10:05.0336 0x0c70 HidBatt - ok
18:10:05.0368 0x0c70 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:10:05.0371 0x0c70 HidBth - ok
18:10:05.0394 0x0c70 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
18:10:05.0396 0x0c70 HidIr - ok
18:10:05.0420 0x0c70 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
18:10:05.0422 0x0c70 hidserv - ok
18:10:05.0491 0x0c70 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:10:05.0492 0x0c70 HidUsb - ok
18:10:05.0533 0x0c70 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:10:05.0537 0x0c70 hkmsvc - ok
18:10:05.0558 0x0c70 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:10:05.0566 0x0c70 HomeGroupListener - ok
18:10:05.0592 0x0c70 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:10:05.0597 0x0c70 HomeGroupProvider - ok
18:10:05.0643 0x0c70 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:10:05.0647 0x0c70 HpSAMD - ok
18:10:05.0717 0x0c70 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:10:05.0752 0x0c70 HTTP - ok
18:10:05.0760 0x0c70 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:10:05.0761 0x0c70 hwpolicy - ok
18:10:05.0804 0x0c70 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:05.0808 0x0c70 i8042prt - ok
18:10:05.0897 0x0c70 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:10:05.0917 0x0c70 iaStor - ok
18:10:05.0967 0x0c70 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:10:05.0978 0x0c70 iaStorV - ok
18:10:06.0055 0x0c70 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:06.0090 0x0c70 idsvc - ok
18:10:06.0114 0x0c70 IEEtwCollectorService - ok
18:10:06.0466 0x0c70 [ 31569A2E836C12014148BF7342716946, 07DAEF864AF41E8669A6F2546967014C58898BD42C4C2FA1961F32311D083565 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:10:06.0805 0x0c70 igfx - ok
18:10:06.0865 0x0c70 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:10:06.0868 0x0c70 iirsp - ok
18:10:06.0921 0x0c70 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
18:10:06.0956 0x0c70 IKEEXT - ok
18:10:07.0023 0x0c70 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:10:07.0028 0x0c70 Impcd - ok
18:10:07.0049 0x0c70 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
18:10:07.0050 0x0c70 intelide - ok
18:10:07.0086 0x0c70 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:10:07.0088 0x0c70 intelppm - ok
18:10:07.0141 0x0c70 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:10:07.0146 0x0c70 IPBusEnum - ok
18:10:07.0160 0x0c70 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:07.0164 0x0c70 IpFilterDriver - ok
18:10:07.0229 0x0c70 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:10:07.0249 0x0c70 iphlpsvc - ok
18:10:07.0254 0x0c70 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:10:07.0257 0x0c70 IPMIDRV - ok
18:10:07.0292 0x0c70 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:10:07.0296 0x0c70 IPNAT - ok
18:10:07.0329 0x0c70 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:10:07.0331 0x0c70 IRENUM - ok
18:10:07.0376 0x0c70 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:10:07.0378 0x0c70 isapnp - ok
18:10:07.0404 0x0c70 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:10:07.0413 0x0c70 iScsiPrt - ok
18:10:07.0488 0x0c70 [ 0469BFF65BBDEE9E46D0C45EE32A08BD, 8E11F03FC463CBC9FBBF5D2A29FBF1076C9317D2B8B7224E24C22553F160E065 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:10:07.0497 0x0c70 k57nd60a - ok
18:10:07.0515 0x0c70 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:07.0517 0x0c70 kbdclass - ok
18:10:07.0578 0x0c70 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:10:07.0580 0x0c70 kbdhid - ok
18:10:07.0599 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
18:10:07.0600 0x0c70 KeyIso - ok
18:10:07.0621 0x0c70 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:10:07.0624 0x0c70 KSecDD - ok
18:10:07.0637 0x0c70 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:10:07.0641 0x0c70 KSecPkg - ok
18:10:07.0660 0x0c70 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:10:07.0662 0x0c70 ksthunk - ok
18:10:07.0697 0x0c70 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
18:10:07.0709 0x0c70 KtmRm - ok
18:10:07.0736 0x0c70 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:10:07.0743 0x0c70 LanmanServer - ok
18:10:07.0766 0x0c70 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:10:07.0771 0x0c70 LanmanWorkstation - ok
18:10:07.0831 0x0c70 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:10:07.0834 0x0c70 lltdio - ok
18:10:07.0889 0x0c70 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:10:07.0899 0x0c70 lltdsvc - ok
18:10:07.0976 0x0c70 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:10:07.0978 0x0c70 lmhosts - ok
18:10:07.0999 0x0c70 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:10:08.0003 0x0c70 LSI_FC - ok
18:10:08.0022 0x0c70 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:10:08.0026 0x0c70 LSI_SAS - ok
18:10:08.0039 0x0c70 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:10:08.0041 0x0c70 LSI_SAS2 - ok
18:10:08.0060 0x0c70 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:10:08.0064 0x0c70 LSI_SCSI - ok
18:10:08.0082 0x0c70 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
18:10:08.0086 0x0c70 luafv - ok
18:10:08.0117 0x0c70 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:10:08.0121 0x0c70 Mcx2Svc - ok
18:10:08.0132 0x0c70 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
18:10:08.0134 0x0c70 megasas - ok
18:10:08.0180 0x0c70 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:10:08.0188 0x0c70 MegaSR - ok
18:10:08.0218 0x0c70 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
18:10:08.0221 0x0c70 MMCSS - ok
18:10:08.0239 0x0c70 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
18:10:08.0241 0x0c70 Modem - ok
18:10:08.0285 0x0c70 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:10:08.0286 0x0c70 monitor - ok
18:10:08.0348 0x0c70 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:10:08.0350 0x0c70 mouclass - ok
18:10:08.0388 0x0c70 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:10:08.0390 0x0c70 mouhid - ok
18:10:08.0413 0x0c70 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:10:08.0417 0x0c70 mountmgr - ok
18:10:08.0496 0x0c70 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:10:08.0500 0x0c70 MozillaMaintenance - ok
18:10:08.0524 0x0c70 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
18:10:08.0529 0x0c70 mpio - ok
18:10:08.0545 0x0c70 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:10:08.0548 0x0c70 mpsdrv - ok
18:10:08.0603 0x0c70 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:10:08.0633 0x0c70 MpsSvc - ok
18:10:08.0652 0x0c70 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:10:08.0657 0x0c70 MRxDAV - ok
18:10:08.0676 0x0c70 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:08.0681 0x0c70 mrxsmb - ok
18:10:08.0692 0x0c70 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:08.0700 0x0c70 mrxsmb10 - ok
18:10:08.0717 0x0c70 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:08.0721 0x0c70 mrxsmb20 - ok
18:10:08.0741 0x0c70 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
18:10:08.0742 0x0c70 msahci - ok
18:10:08.0756 0x0c70 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:10:08.0761 0x0c70 msdsm - ok
18:10:08.0776 0x0c70 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
18:10:08.0782 0x0c70 MSDTC - ok
18:10:08.0823 0x0c70 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:10:08.0825 0x0c70 Msfs - ok
18:10:08.0843 0x0c70 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:10:08.0845 0x0c70 mshidkmdf - ok
18:10:08.0860 0x0c70 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:10:08.0861 0x0c70 msisadrv - ok
18:10:08.0920 0x0c70 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:10:08.0926 0x0c70 MSiSCSI - ok
18:10:08.0930 0x0c70 msiserver - ok
18:10:08.0965 0x0c70 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:10:08.0967 0x0c70 MSKSSRV - ok
18:10:08.0993 0x0c70 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:08.0994 0x0c70 MSPCLOCK - ok
18:10:09.0004 0x0c70 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:10:09.0006 0x0c70 MSPQM - ok
18:10:09.0034 0x0c70 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:10:09.0044 0x0c70 MsRPC - ok
18:10:09.0059 0x0c70 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:09.0060 0x0c70 mssmbios - ok
18:10:09.0074 0x0c70 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:10:09.0076 0x0c70 MSTEE - ok
18:10:09.0080 0x0c70 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:10:09.0082 0x0c70 MTConfig - ok
18:10:09.0098 0x0c70 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
18:10:09.0100 0x0c70 Mup - ok
18:10:09.0137 0x0c70 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
18:10:09.0157 0x0c70 napagent - ok
18:10:09.0208 0x0c70 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:10:09.0217 0x0c70 NativeWifiP - ok
18:10:09.0292 0x0c70 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
18:10:09.0313 0x0c70 NDIS - ok
18:10:09.0362 0x0c70 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:09.0364 0x0c70 NdisCap - ok
18:10:09.0415 0x0c70 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:09.0416 0x0c70 NdisTapi - ok
18:10:09.0456 0x0c70 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:09.0458 0x0c70 Ndisuio - ok
18:10:09.0477 0x0c70 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:09.0483 0x0c70 NdisWan - ok
18:10:09.0495 0x0c70 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:10:09.0497 0x0c70 NDProxy - ok
18:10:09.0543 0x0c70 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:10:09.0545 0x0c70 NetBIOS - ok
18:10:09.0569 0x0c70 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:10:09.0577 0x0c70 NetBT - ok
18:10:09.0587 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
18:10:09.0589 0x0c70 Netlogon - ok
18:10:09.0622 0x0c70 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
18:10:09.0632 0x0c70 Netman - ok
18:10:09.0691 0x0c70 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:09.0696 0x0c70 NetMsmqActivator - ok
18:10:09.0703 0x0c70 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:09.0706 0x0c70 NetPipeActivator - ok
18:10:09.0722 0x0c70 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
18:10:09.0734 0x0c70 netprofm - ok
18:10:09.0746 0x0c70 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:09.0750 0x0c70 NetTcpActivator - ok
18:10:09.0756 0x0c70 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:09.0760 0x0c70 NetTcpPortSharing - ok
18:10:09.0803 0x0c70 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:10:09.0805 0x0c70 nfrd960 - ok
18:10:09.0831 0x0c70 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:10:09.0840 0x0c70 NlaSvc - ok
18:10:09.0855 0x0c70 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:10:09.0858 0x0c70 Npfs - ok
18:10:09.0862 0x0c70 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
18:10:09.0864 0x0c70 nsi - ok
18:10:09.0880 0x0c70 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:10:09.0882 0x0c70 nsiproxy - ok
18:10:09.0962 0x0c70 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:10:10.0029 0x0c70 Ntfs - ok
18:10:10.0053 0x0c70 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
18:10:10.0054 0x0c70 Null - ok
18:10:10.0078 0x0c70 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
18:10:10.0082 0x0c70 nusb3hub - ok
18:10:10.0117 0x0c70 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
18:10:10.0122 0x0c70 nusb3xhc - ok
18:10:10.0142 0x0c70 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:10:10.0147 0x0c70 nvraid - ok
18:10:10.0165 0x0c70 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:10:10.0172 0x0c70 nvstor - ok
18:10:10.0216 0x0c70 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:10:10.0220 0x0c70 nv_agp - ok
18:10:10.0235 0x0c70 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:10:10.0238 0x0c70 ohci1394 - ok
18:10:10.0268 0x0c70 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:10:10.0278 0x0c70 p2pimsvc - ok
18:10:10.0302 0x0c70 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
18:10:10.0316 0x0c70 p2psvc - ok
18:10:10.0322 0x0c70 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
18:10:10.0325 0x0c70 Parport - ok
18:10:10.0346 0x0c70 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:10:10.0349 0x0c70 partmgr - ok
18:10:10.0357 0x0c70 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
18:10:10.0362 0x0c70 PcaSvc - ok
18:10:10.0385 0x0c70 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
18:10:10.0390 0x0c70 pci - ok
18:10:10.0401 0x0c70 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
18:10:10.0402 0x0c70 pciide - ok
18:10:10.0426 0x0c70 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:10:10.0433 0x0c70 pcmcia - ok
18:10:10.0444 0x0c70 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
18:10:10.0446 0x0c70 pcw - ok
18:10:10.0484 0x0c70 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:10:10.0518 0x0c70 PEAUTH - ok
18:10:10.0594 0x0c70 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:10:10.0650 0x0c70 PeerDistSvc - ok
18:10:10.0724 0x0c70 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:10:10.0726 0x0c70 PerfHost - ok
18:10:10.0798 0x0c70 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
18:10:10.0856 0x0c70 pla - ok
18:10:10.0921 0x0c70 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:10:10.0933 0x0c70 PlugPlay - ok
18:10:10.0940 0x0c70 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:10:10.0943 0x0c70 PNRPAutoReg - ok
18:10:10.0968 0x0c70 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:10:10.0977 0x0c70 PNRPsvc - ok
18:10:11.0017 0x0c70 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:10:11.0037 0x0c70 PolicyAgent - ok
18:10:11.0065 0x0c70 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
18:10:11.0071 0x0c70 Power - ok
18:10:11.0128 0x0c70 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:10:11.0131 0x0c70 PptpMiniport - ok
18:10:11.0154 0x0c70 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
18:10:11.0157 0x0c70 Processor - ok
18:10:11.0189 0x0c70 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
18:10:11.0195 0x0c70 ProfSvc - ok
18:10:11.0210 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:10:11.0212 0x0c70 ProtectedStorage - ok
18:10:11.0259 0x0c70 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:10:11.0263 0x0c70 Psched - ok
18:10:11.0329 0x0c70 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:10:11.0408 0x0c70 ql2300 - ok
18:10:11.0430 0x0c70 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:10:11.0434 0x0c70 ql40xx - ok
18:10:11.0457 0x0c70 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
18:10:11.0466 0x0c70 QWAVE - ok
18:10:11.0484 0x0c70 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:10:11.0487 0x0c70 QWAVEdrv - ok
18:10:11.0496 0x0c70 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:10:11.0498 0x0c70 RasAcd - ok
18:10:11.0550 0x0c70 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:10:11.0552 0x0c70 RasAgileVpn - ok
18:10:11.0573 0x0c70 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
18:10:11.0578 0x0c70 RasAuto - ok
18:10:11.0592 0x0c70 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:11.0596 0x0c70 Rasl2tp - ok
18:10:11.0620 0x0c70 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
18:10:11.0631 0x0c70 RasMan - ok
18:10:11.0641 0x0c70 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:11.0644 0x0c70 RasPppoe - ok
18:10:11.0692 0x0c70 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:10:11.0694 0x0c70 RasSstp - ok
18:10:11.0729 0x0c70 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:10:11.0738 0x0c70 rdbss - ok
18:10:11.0746 0x0c70 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:10:11.0748 0x0c70 rdpbus - ok
18:10:11.0790 0x0c70 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:11.0792 0x0c70 RDPCDD - ok
18:10:11.0827 0x0c70 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:10:11.0832 0x0c70 RDPDR - ok
18:10:11.0845 0x0c70 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:10:11.0847 0x0c70 RDPENCDD - ok
18:10:11.0852 0x0c70 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:10:11.0853 0x0c70 RDPREFMP - ok
18:10:11.0880 0x0c70 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:10:11.0887 0x0c70 RDPWD - ok
18:10:11.0937 0x0c70 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:10:11.0943 0x0c70 rdyboost - ok
18:10:12.0011 0x0c70 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:10:12.0016 0x0c70 RemoteAccess - ok
18:10:12.0075 0x0c70 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:10:12.0081 0x0c70 RemoteRegistry - ok
18:10:12.0093 0x0c70 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:10:12.0096 0x0c70 RpcEptMapper - ok
18:10:12.0117 0x0c70 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
18:10:12.0119 0x0c70 RpcLocator - ok
18:10:12.0136 0x0c70 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
18:10:12.0149 0x0c70 RpcSs - ok
18:10:12.0201 0x0c70 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:10:12.0204 0x0c70 rspndr - ok
18:10:12.0222 0x0c70 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:10:12.0223 0x0c70 s3cap - ok
18:10:12.0244 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
18:10:12.0245 0x0c70 SamSs - ok
18:10:12.0261 0x0c70 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:10:12.0264 0x0c70 sbp2port - ok
18:10:12.0285 0x0c70 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:10:12.0292 0x0c70 SCardSvr - ok
18:10:12.0303 0x0c70 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:10:12.0305 0x0c70 scfilter - ok
18:10:12.0344 0x0c70 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
18:10:12.0375 0x0c70 Schedule - ok
18:10:12.0406 0x0c70 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:10:12.0409 0x0c70 SCPolicySvc - ok
18:10:12.0426 0x0c70 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:10:12.0433 0x0c70 SDRSVC - ok
18:10:12.0473 0x0c70 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:10:12.0475 0x0c70 secdrv - ok
18:10:12.0486 0x0c70 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
18:10:12.0489 0x0c70 seclogon - ok
18:10:12.0502 0x0c70 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
18:10:12.0505 0x0c70 SENS - ok
18:10:12.0524 0x0c70 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:10:12.0527 0x0c70 SensrSvc - ok
18:10:12.0544 0x0c70 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:10:12.0546 0x0c70 Serenum - ok
18:10:12.0594 0x0c70 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
18:10:12.0597 0x0c70 Serial - ok
18:10:12.0645 0x0c70 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:10:12.0647 0x0c70 sermouse - ok
18:10:12.0669 0x0c70 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
18:10:12.0675 0x0c70 SessionEnv - ok
18:10:12.0679 0x0c70 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:10:12.0680 0x0c70 sffdisk - ok
18:10:12.0683 0x0c70 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:10:12.0685 0x0c70 sffp_mmc - ok
18:10:12.0697 0x0c70 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:10:12.0698 0x0c70 sffp_sd - ok
18:10:12.0702 0x0c70 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:10:12.0704 0x0c70 sfloppy - ok
18:10:12.0751 0x0c70 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:10:12.0761 0x0c70 SharedAccess - ok
18:10:12.0787 0x0c70 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:10:12.0796 0x0c70 ShellHWDetection - ok
18:10:12.0847 0x0c70 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:10:12.0849 0x0c70 SiSRaid2 - ok
18:10:12.0861 0x0c70 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:10:12.0864 0x0c70 SiSRaid4 - ok
18:10:12.0940 0x0c70 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:10:12.0947 0x0c70 SkypeUpdate - ok
18:10:12.0991 0x0c70 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:10:12.0995 0x0c70 Smb - ok
18:10:13.0065 0x0c70 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:10:13.0068 0x0c70 SNMPTRAP - ok
18:10:13.0085 0x0c70 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
18:10:13.0087 0x0c70 spldr - ok
18:10:13.0118 0x0c70 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
18:10:13.0140 0x0c70 Spooler - ok
18:10:13.0262 0x0c70 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
18:10:13.0379 0x0c70 sppsvc - ok
18:10:13.0418 0x0c70 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:10:13.0421 0x0c70 sppuinotify - ok
18:10:13.0459 0x0c70 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:10:13.0472 0x0c70 srv - ok
18:10:13.0503 0x0c70 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:10:13.0515 0x0c70 srv2 - ok
18:10:13.0533 0x0c70 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:10:13.0538 0x0c70 srvnet - ok
18:10:13.0559 0x0c70 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:10:13.0565 0x0c70 SSDPSRV - ok
18:10:13.0572 0x0c70 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:10:13.0575 0x0c70 SstpSvc - ok
18:10:13.0689 0x0c70 [ A993E6FD9549499099461A0B192EEC3F, EC17EBE9A0EF481E704E64D07D257C3380046CBB5D9CAFABA90D21A2B84191FF ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:10:13.0708 0x0c70 Steam Client Service - ok
18:10:13.0737 0x0c70 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:10:13.0739 0x0c70 stexstor - ok
18:10:13.0829 0x0c70 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
18:10:13.0851 0x0c70 stisvc - ok
18:10:13.0892 0x0c70 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:10:13.0894 0x0c70 storflt - ok
18:10:13.0924 0x0c70 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
18:10:13.0927 0x0c70 StorSvc - ok
18:10:13.0974 0x0c70 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:10:13.0976 0x0c70 storvsc - ok
18:10:13.0988 0x0c70 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:10:13.0989 0x0c70 swenum - ok
18:10:14.0024 0x0c70 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
18:10:14.0046 0x0c70 swprv - ok
18:10:14.0143 0x0c70 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
18:10:14.0229 0x0c70 SysMain - ok
18:10:14.0237 0x0c70 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:10:14.0241 0x0c70 TabletInputService - ok
18:10:14.0254 0x0c70 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:10:14.0264 0x0c70 TapiSrv - ok
18:10:14.0278 0x0c70 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
18:10:14.0282 0x0c70 TBS - ok
18:10:14.0373 0x0c70 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:10:14.0441 0x0c70 Tcpip - ok
18:10:14.0529 0x0c70 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:10:14.0570 0x0c70 TCPIP6 - ok
18:10:14.0601 0x0c70 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:10:14.0604 0x0c70 tcpipreg - ok
18:10:14.0618 0x0c70 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:10:14.0620 0x0c70 TDPIPE - ok
18:10:14.0647 0x0c70 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:10:14.0649 0x0c70 TDTCP - ok
18:10:14.0663 0x0c70 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:10:14.0667 0x0c70 tdx - ok
18:10:14.0712 0x0c70 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:10:14.0714 0x0c70 TermDD - ok
18:10:14.0764 0x0c70 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
18:10:14.0798 0x0c70 TermService - ok
18:10:14.0810 0x0c70 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
18:10:14.0813 0x0c70 Themes - ok
18:10:14.0830 0x0c70 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
18:10:14.0832 0x0c70 THREADORDER - ok
18:10:14.0848 0x0c70 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
18:10:14.0853 0x0c70 TrkWks - ok
18:10:14.0908 0x0c70 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:10:14.0914 0x0c70 TrustedInstaller - ok
18:10:14.0948 0x0c70 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:14.0950 0x0c70 tssecsrv - ok
18:10:14.0991 0x0c70 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:10:14.0994 0x0c70 TsUsbFlt - ok
18:10:15.0012 0x0c70 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:10:15.0014 0x0c70 TsUsbGD - ok
18:10:15.0070 0x0c70 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:10:15.0074 0x0c70 tunnel - ok
18:10:15.0080 0x0c70 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:10:15.0083 0x0c70 uagp35 - ok
18:10:15.0095 0x0c70 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:10:15.0104 0x0c70 udfs - ok
18:10:15.0131 0x0c70 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:10:15.0134 0x0c70 UI0Detect - ok
18:10:15.0161 0x0c70 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:10:15.0164 0x0c70 uliagpkx - ok
18:10:15.0207 0x0c70 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:10:15.0209 0x0c70 umbus - ok
18:10:15.0226 0x0c70 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
18:10:15.0228 0x0c70 UmPass - ok
18:10:15.0256 0x0c70 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:10:15.0264 0x0c70 UmRdpService - ok
18:10:15.0292 0x0c70 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
18:10:15.0302 0x0c70 upnphost - ok
18:10:15.0357 0x0c70 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:10:15.0360 0x0c70 usbaudio - ok
18:10:15.0394 0x0c70 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:15.0397 0x0c70 usbccgp - ok
18:10:15.0461 0x0c70 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:10:15.0465 0x0c70 usbcir - ok
18:10:15.0487 0x0c70 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:10:15.0489 0x0c70 usbehci - ok
18:10:15.0547 0x0c70 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:10:15.0556 0x0c70 usbhub - ok
18:10:15.0575 0x0c70 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:10:15.0577 0x0c70 usbohci - ok
18:10:15.0608 0x0c70 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:10:15.0610 0x0c70 usbprint - ok
18:10:15.0638 0x0c70 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:15.0642 0x0c70 USBSTOR - ok
18:10:15.0663 0x0c70 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:10:15.0665 0x0c70 usbuhci - ok
18:10:15.0724 0x0c70 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:10:15.0729 0x0c70 usbvideo - ok
18:10:15.0749 0x0c70 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
18:10:15.0751 0x0c70 UxSms - ok
18:10:15.0765 0x0c70 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
18:10:15.0767 0x0c70 VaultSvc - ok
18:10:15.0821 0x0c70 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:10:15.0823 0x0c70 vdrvroot - ok
18:10:15.0858 0x0c70 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
18:10:15.0881 0x0c70 vds - ok
18:10:15.0939 0x0c70 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:15.0941 0x0c70 vga - ok
18:10:15.0950 0x0c70 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:10:15.0952 0x0c70 VgaSave - ok
18:10:15.0972 0x0c70 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:10:15.0979 0x0c70 vhdmp - ok
18:10:15.0997 0x0c70 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
18:10:15.0999 0x0c70 viaide - ok
18:10:16.0032 0x0c70 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:10:16.0039 0x0c70 vmbus - ok
18:10:16.0050 0x0c70 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:10:16.0051 0x0c70 VMBusHID - ok
18:10:16.0097 0x0c70 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:10:16.0099 0x0c70 volmgr - ok
18:10:16.0122 0x0c70 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:10:16.0132 0x0c70 volmgrx - ok
18:10:16.0179 0x0c70 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:10:16.0187 0x0c70 volsnap - ok
18:10:16.0239 0x0c70 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:10:16.0245 0x0c70 vsmraid - ok
18:10:16.0316 0x0c70 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
18:10:16.0371 0x0c70 VSS - ok
18:10:16.0525 0x0c70 [ C3382C99F1D10BCBEBC689BF847B77B5, BB11A866595D745BA7427CCB9E1F39F2340BC55B3E61B48B47B8E64384D3FFEA ] vToolbarUpdater3.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
18:10:16.0592 0x0c70 vToolbarUpdater3.2.0 - ok
18:10:16.0613 0x0c70 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:10:16.0614 0x0c70 vwifibus - ok
18:10:16.0661 0x0c70 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:10:16.0663 0x0c70 vwififlt - ok
18:10:16.0695 0x0c70 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
18:10:16.0706 0x0c70 W32Time - ok
18:10:16.0735 0x0c70 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:10:16.0737 0x0c70 WacomPen - ok
18:10:16.0789 0x0c70 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:10:16.0793 0x0c70 WANARP - ok
18:10:16.0815 0x0c70 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:10:16.0818 0x0c70 Wanarpv6 - ok
18:10:16.0863 0x0c70 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
18:10:16.0897 0x0c70 wbengine - ok
18:10:16.0909 0x0c70 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:10:16.0916 0x0c70 WbioSrvc - ok
18:10:16.0955 0x0c70 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:10:16.0967 0x0c70 wcncsvc - ok
18:10:16.0981 0x0c70 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:10:16.0985 0x0c70 WcsPlugInService - ok
18:10:17.0001 0x0c70 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
18:10:17.0003 0x0c70 Wd - ok
18:10:17.0059 0x0c70 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:10:17.0093 0x0c70 Wdf01000 - ok
18:10:17.0141 0x0c70 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:10:17.0144 0x0c70 WdiServiceHost - ok
18:10:17.0150 0x0c70 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:10:17.0154 0x0c70 WdiSystemHost - ok
18:10:17.0165 0x0c70 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
18:10:17.0174 0x0c70 WebClient - ok
18:10:17.0197 0x0c70 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:10:17.0205 0x0c70 Wecsvc - ok
18:10:17.0222 0x0c70 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:10:17.0225 0x0c70 wercplsupport - ok
18:10:17.0276 0x0c70 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
18:10:17.0279 0x0c70 WerSvc - ok
18:10:17.0338 0x0c70 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:10:17.0340 0x0c70 WfpLwf - ok
18:10:17.0357 0x0c70 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:10:17.0359 0x0c70 WIMMount - ok
18:10:17.0385 0x0c70 WinDefend - ok
18:10:17.0426 0x0c70 WinHttpAutoProxySvc - ok
18:10:17.0493 0x0c70 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:10:17.0500 0x0c70 Winmgmt - ok
18:10:17.0573 0x0c70 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
18:10:17.0642 0x0c70 WinRM - ok
18:10:17.0717 0x0c70 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:10:17.0748 0x0c70 Wlansvc - ok
18:10:17.0779 0x0c70 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:17.0780 0x0c70 WmiAcpi - ok
18:10:17.0822 0x0c70 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:10:17.0829 0x0c70 wmiApSrv - ok
18:10:17.0853 0x0c70 WMPNetworkSvc - ok
18:10:17.0865 0x0c70 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:10:17.0868 0x0c70 WPCSvc - ok
18:10:17.0886 0x0c70 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:10:17.0890 0x0c70 WPDBusEnum - ok
18:10:17.0902 0x0c70 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:10:17.0904 0x0c70 ws2ifsl - ok
18:10:17.0919 0x0c70 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
18:10:17.0923 0x0c70 wscsvc - ok
18:10:17.0927 0x0c70 WSearch - ok
18:10:18.0032 0x0c70 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
18:10:18.0154 0x0c70 wuauserv - ok
18:10:18.0171 0x0c70 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:10:18.0175 0x0c70 WudfPf - ok
18:10:18.0219 0x0c70 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:18.0225 0x0c70 WUDFRd - ok
18:10:18.0249 0x0c70 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:10:18.0253 0x0c70 wudfsvc - ok
18:10:18.0276 0x0c70 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:10:18.0285 0x0c70 WwanSvc - ok
18:10:18.0311 0x0c70 ================ Scan global ===============================
18:10:18.0350 0x0c70 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:10:18.0384 0x0c70 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:10:18.0398 0x0c70 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:10:18.0468 0x0c70 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:10:18.0505 0x0c70 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:10:18.0514 0x0c70 [ Global ] - ok
18:10:18.0515 0x0c70 ================ Scan MBR ==================================
18:10:18.0529 0x0c70 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:10:18.0848 0x0c70 \Device\Harddisk0\DR0 - ok
18:10:18.0848 0x0c70 ================ Scan VBR ==================================
18:10:18.0851 0x0c70 [ 54BA4C37D203C2B279E01A9F91269268 ] \Device\Harddisk0\DR0\Partition1
18:10:18.0853 0x0c70 \Device\Harddisk0\DR0\Partition1 - ok
18:10:18.0856 0x0c70 [ B92AF4BC5DFDD737B0B8D7D4C6A1738F ] \Device\Harddisk0\DR0\Partition2
18:10:18.0857 0x0c70 \Device\Harddisk0\DR0\Partition2 - ok
18:10:18.0858 0x0c70 ================ Scan generic autorun ======================
18:10:18.0883 0x0c70 [ A38D377D4FC5403602EBF3CAD8F8EA4E, 63D673BC7F3AB3185B35DE40263C11D2FB83FA4DDF4EE3C9B37BF9CCD9BBB08D ] C:\Windows\system32\igfxtray.exe
18:10:18.0888 0x0c70 IgfxTray - ok
18:10:18.0913 0x0c70 [ D3AF93D8029B326DCCF3197C14E7ECFF, 43315E01904D141136C2B579A78242376F65E3405C4108BB29F966B0BE0613DC ] C:\Windows\system32\hkcmd.exe
18:10:18.0922 0x0c70 HotKeysCmds - ok
18:10:18.0942 0x0c70 [ 7738067DEF9AF9E6DBFDEB0178046575, 1F7AB6E03C8FD0587287E8B7E3D365E0C5F90C6AB3014B0DB75980B0542AE6FB ] C:\Windows\system32\igfxpers.exe
18:10:18.0952 0x0c70 Persistence - ok
18:10:19.0050 0x0c70 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:10:19.0079 0x0c70 Adobe ARM - ok
18:10:19.0331 0x0c70 [ 361B0893A5C6741F347568A3232D2822, A1085FD8DCEA67E3760C5204C4FC0EADAAC2A9E3A1A498B0BE2F0883EE2B1A04 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
18:10:19.0530 0x0c70 AVG_UI - ok
18:10:19.0671 0x0c70 [ 76C35842C8B6F0D0A5411B6AFC477C7D, 66711C5D0E9962A13F2989D76ABCE7F6F7712062689926CCED94B64ED78F4645 ] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
18:10:19.0726 0x0c70 vProt - ok
18:10:19.0808 0x0c70 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:10:19.0835 0x0c70 Sidebar - ok
18:10:19.0879 0x0c70 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:10:19.0883 0x0c70 mctadmin - ok
18:10:19.0917 0x0c70 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:10:19.0942 0x0c70 Sidebar - ok
18:10:19.0949 0x0c70 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:10:19.0952 0x0c70 mctadmin - ok
18:10:19.0977 0x0c70 Skype - ok
18:10:19.0979 0x0c70 Waiting for KSN requests completion. In queue: 50
18:10:20.0980 0x0c70 Waiting for KSN requests completion. In queue: 50
18:10:21.0980 0x0c70 Waiting for KSN requests completion. In queue: 50
18:10:23.0038 0x0c70 AV detected via SS2: AVG AntiVirus 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x40000 ( disabled : updated )
18:10:23.0045 0x0c70 Win FW state via NFP2: enabled
18:10:25.0721 0x0c70 ============================================================
18:10:25.0721 0x0c70 Scan finished
18:10:25.0721 0x0c70 ============================================================
18:10:25.0730 0x0f2c Detected object count: 0
18:10:25.0730 0x0f2c Actual detected object count: 0
18:10:44.0951 0x0c20 Deinitialize success
|
|
14.10.2014, 17:14
| #6 |
| | Habe ich einen Virus ?Code:
ATTFilter 18:10:49.0711 0x0824 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
18:10:52.0031 0x0824 ============================================================
18:10:52.0031 0x0824 Current date / time: 2014/10/14 18:10:52.0031
18:10:52.0031 0x0824 SystemInfo:
18:10:52.0031 0x0824
18:10:52.0031 0x0824 OS Version: 6.1.7601 ServicePack: 1.0
18:10:52.0031 0x0824 Product type: Workstation
18:10:52.0031 0x0824 ComputerName: KLOPSI-PC
18:10:52.0031 0x0824 UserName: klopsi
18:10:52.0031 0x0824 Windows directory: C:\Windows
18:10:52.0031 0x0824 System windows directory: C:\Windows
18:10:52.0031 0x0824 Running under WOW64
18:10:52.0031 0x0824 Processor architecture: Intel x64
18:10:52.0031 0x0824 Number of processors: 2
18:10:52.0031 0x0824 Page size: 0x1000
18:10:52.0031 0x0824 Boot type: Normal boot
18:10:52.0031 0x0824 ============================================================
18:10:54.0711 0x0824 KLMD registered as C:\Windows\system32\drivers\86403294.sys
18:10:54.0901 0x0824 System UUID: {A7ED6027-D90F-4AEC-4950-786047F43A44}
18:10:55.0271 0x0824 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:55.0281 0x0824 ============================================================
18:10:55.0281 0x0824 \Device\Harddisk0\DR0:
18:10:55.0281 0x0824 MBR partitions:
18:10:55.0281 0x0824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:10:55.0281 0x0824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x575136F0
18:10:55.0281 0x0824 ============================================================
18:10:55.0301 0x0824 C: <-> \Device\Harddisk0\DR0\Partition2
18:10:55.0301 0x0824 ============================================================
18:10:55.0301 0x0824 Initialize success
18:10:55.0301 0x0824 ============================================================
18:11:21.0441 0x0530 ============================================================
18:11:21.0441 0x0530 Scan started
18:11:21.0441 0x0530 Mode: Manual; TDLFS;
18:11:21.0441 0x0530 ============================================================
18:11:21.0441 0x0530 KSN ping started
18:11:36.0121 0x0530 KSN ping finished: true
18:11:36.0741 0x0530 ================ Scan system memory ========================
18:11:36.0741 0x0530 System memory - ok
18:11:36.0741 0x0530 ================ Scan services =============================
18:11:36.0911 0x0530 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:11:36.0921 0x0530 1394ohci - ok
18:11:36.0971 0x0530 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:11:36.0981 0x0530 ACPI - ok
18:11:37.0001 0x0530 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:11:37.0001 0x0530 AcpiPmi - ok
18:11:37.0171 0x0530 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:11:37.0171 0x0530 AdobeARMservice - ok
18:11:37.0211 0x0530 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:11:37.0221 0x0530 adp94xx - ok
18:11:37.0241 0x0530 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:11:37.0251 0x0530 adpahci - ok
18:11:37.0251 0x0530 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:11:37.0261 0x0530 adpu320 - ok
18:11:37.0291 0x0530 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:11:37.0291 0x0530 AeLookupSvc - ok
18:11:37.0371 0x0530 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
18:11:37.0381 0x0530 AFD - ok
18:11:37.0421 0x0530 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
18:11:37.0421 0x0530 agp440 - ok
18:11:37.0441 0x0530 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
18:11:37.0441 0x0530 ALG - ok
18:11:37.0461 0x0530 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
18:11:37.0461 0x0530 aliide - ok
18:11:37.0471 0x0530 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
18:11:37.0471 0x0530 amdide - ok
18:11:37.0491 0x0530 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:11:37.0501 0x0530 AmdK8 - ok
18:11:37.0501 0x0530 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:11:37.0501 0x0530 AmdPPM - ok
18:11:37.0541 0x0530 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:11:37.0541 0x0530 amdsata - ok
18:11:37.0581 0x0530 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:11:37.0591 0x0530 amdsbs - ok
18:11:37.0611 0x0530 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:11:37.0611 0x0530 amdxata - ok
18:11:37.0671 0x0530 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
18:11:37.0671 0x0530 AppID - ok
18:11:37.0691 0x0530 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:11:37.0691 0x0530 AppIDSvc - ok
18:11:37.0731 0x0530 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
18:11:37.0731 0x0530 Appinfo - ok
18:11:37.0811 0x0530 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
18:11:37.0821 0x0530 AppMgmt - ok
18:11:37.0871 0x0530 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
18:11:37.0871 0x0530 arc - ok
18:11:37.0901 0x0530 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:11:37.0901 0x0530 arcsas - ok
18:11:38.0021 0x0530 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:11:38.0031 0x0530 aspnet_state - ok
18:11:38.0071 0x0530 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:38.0071 0x0530 AsyncMac - ok
18:11:38.0091 0x0530 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
18:11:38.0091 0x0530 atapi - ok
18:11:38.0221 0x0530 [ CC406DA84E7DD3FA3AD20340DBC66CF2, 295F02AA66A3E7879329DC18A741021923C7B389AD8AC6C25A07CAAD6D9CAD33 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:11:38.0281 0x0530 athr - ok
18:11:38.0351 0x0530 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:11:38.0371 0x0530 AudioEndpointBuilder - ok
18:11:38.0401 0x0530 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:11:38.0411 0x0530 AudioSrv - ok
18:11:38.0471 0x0530 [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
18:11:38.0481 0x0530 Avgdiska - ok
18:11:38.0701 0x0530 [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
18:11:38.0771 0x0530 AVGIDSAgent - ok
18:11:38.0801 0x0530 [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:11:38.0811 0x0530 AVGIDSDriver - ok
18:11:38.0851 0x0530 [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:11:38.0851 0x0530 AVGIDSHA - ok
18:11:38.0881 0x0530 [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:11:38.0891 0x0530 Avgldx64 - ok
18:11:38.0971 0x0530 [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
18:11:38.0971 0x0530 Avgloga - ok
18:11:39.0001 0x0530 [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:11:39.0001 0x0530 Avgmfx64 - ok
18:11:39.0031 0x0530 [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:11:39.0041 0x0530 Avgrkx64 - ok
18:11:39.0061 0x0530 [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:11:39.0071 0x0530 Avgtdia - ok
18:11:39.0141 0x0530 [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
18:11:39.0141 0x0530 avgtp - ok
18:11:39.0181 0x0530 [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
18:11:39.0181 0x0530 avgwd - ok
18:11:39.0251 0x0530 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:11:39.0251 0x0530 AxInstSV - ok
18:11:39.0321 0x0530 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:11:39.0331 0x0530 b06bdrv - ok
18:11:39.0411 0x0530 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:11:39.0411 0x0530 b57nd60a - ok
18:11:39.0471 0x0530 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
18:11:39.0481 0x0530 BDESVC - ok
18:11:39.0521 0x0530 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
18:11:39.0521 0x0530 Beep - ok
18:11:39.0601 0x0530 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
18:11:39.0621 0x0530 BFE - ok
18:11:39.0661 0x0530 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
18:11:39.0681 0x0530 BITS - ok
18:11:39.0721 0x0530 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:11:39.0721 0x0530 blbdrive - ok
18:11:39.0751 0x0530 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:11:39.0761 0x0530 bowser - ok
18:11:39.0801 0x0530 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:11:39.0801 0x0530 BrFiltLo - ok
18:11:39.0811 0x0530 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:11:39.0811 0x0530 BrFiltUp - ok
18:11:39.0841 0x0530 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
18:11:39.0841 0x0530 Browser - ok
18:11:39.0851 0x0530 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:11:39.0861 0x0530 Brserid - ok
18:11:39.0861 0x0530 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:11:39.0871 0x0530 BrSerWdm - ok
18:11:39.0871 0x0530 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:11:39.0871 0x0530 BrUsbMdm - ok
18:11:39.0871 0x0530 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:11:39.0871 0x0530 BrUsbSer - ok
18:11:39.0931 0x0530 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:11:39.0931 0x0530 BTHMODEM - ok
18:11:39.0991 0x0530 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
18:11:40.0001 0x0530 bthserv - ok
18:11:40.0021 0x0530 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:11:40.0021 0x0530 cdfs - ok
18:11:40.0081 0x0530 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:11:40.0081 0x0530 cdrom - ok
18:11:40.0121 0x0530 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
18:11:40.0121 0x0530 CertPropSvc - ok
18:11:40.0151 0x0530 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
18:11:40.0151 0x0530 circlass - ok
18:11:40.0191 0x0530 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
18:11:40.0201 0x0530 CLFS - ok
18:11:40.0271 0x0530 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:40.0271 0x0530 clr_optimization_v2.0.50727_32 - ok
18:11:40.0311 0x0530 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:11:40.0311 0x0530 clr_optimization_v2.0.50727_64 - ok
18:11:40.0401 0x0530 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:11:40.0401 0x0530 clr_optimization_v4.0.30319_32 - ok
18:11:40.0421 0x0530 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:11:40.0421 0x0530 clr_optimization_v4.0.30319_64 - ok
18:11:40.0481 0x0530 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:40.0481 0x0530 CmBatt - ok
18:11:40.0501 0x0530 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:11:40.0501 0x0530 cmdide - ok
18:11:40.0571 0x0530 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
18:11:40.0581 0x0530 CNG - ok
18:11:40.0631 0x0530 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:11:40.0631 0x0530 Compbatt - ok
18:11:40.0741 0x0530 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:11:40.0741 0x0530 CompositeBus - ok
18:11:40.0801 0x0530 COMSysApp - ok
18:11:40.0841 0x0530 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:11:40.0841 0x0530 crcdisk - ok
18:11:40.0881 0x0530 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:11:40.0881 0x0530 CryptSvc - ok
18:11:40.0921 0x0530 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
18:11:40.0931 0x0530 CSC - ok
18:11:40.0951 0x0530 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
18:11:40.0971 0x0530 CscService - ok
18:11:41.0011 0x0530 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:11:41.0021 0x0530 DcomLaunch - ok
18:11:41.0051 0x0530 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
18:11:41.0051 0x0530 defragsvc - ok
18:11:41.0091 0x0530 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:11:41.0101 0x0530 DfsC - ok
18:11:41.0171 0x0530 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:11:41.0181 0x0530 Dhcp - ok
18:11:41.0241 0x0530 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
18:11:41.0241 0x0530 discache - ok
18:11:41.0451 0x0530 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
18:11:41.0451 0x0530 Disk - ok
18:11:41.0501 0x0530 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:11:41.0501 0x0530 dmvsc - ok
18:11:41.0551 0x0530 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:11:41.0551 0x0530 Dnscache - ok
18:11:41.0581 0x0530 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
18:11:41.0581 0x0530 dot3svc - ok
18:11:41.0641 0x0530 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
18:11:41.0641 0x0530 DPS - ok
18:11:41.0681 0x0530 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:11:41.0681 0x0530 drmkaud - ok
18:11:41.0741 0x0530 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:11:41.0761 0x0530 DXGKrnl - ok
18:11:41.0821 0x0530 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
18:11:41.0831 0x0530 EapHost - ok
18:11:41.0971 0x0530 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:11:42.0041 0x0530 ebdrv - ok
18:11:42.0081 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
18:11:42.0081 0x0530 EFS - ok
18:11:42.0151 0x0530 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:11:42.0161 0x0530 ehRecvr - ok
18:11:42.0181 0x0530 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
18:11:42.0181 0x0530 ehSched - ok
18:11:42.0251 0x0530 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:11:42.0261 0x0530 elxstor - ok
18:11:42.0281 0x0530 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:11:42.0281 0x0530 ErrDev - ok
18:11:42.0361 0x0530 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
18:11:42.0371 0x0530 EventSystem - ok
18:11:42.0441 0x0530 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
18:11:42.0451 0x0530 exfat - ok
18:11:42.0461 0x0530 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:11:42.0461 0x0530 fastfat - ok
18:11:42.0531 0x0530 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
18:11:42.0551 0x0530 Fax - ok
18:11:42.0551 0x0530 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
18:11:42.0561 0x0530 fdc - ok
18:11:42.0601 0x0530 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
18:11:42.0601 0x0530 fdPHost - ok
18:11:42.0621 0x0530 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
18:11:42.0621 0x0530 FDResPub - ok
18:11:42.0631 0x0530 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:11:42.0631 0x0530 FileInfo - ok
18:11:42.0651 0x0530 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:11:42.0651 0x0530 Filetrace - ok
18:11:42.0661 0x0530 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:11:42.0661 0x0530 flpydisk - ok
18:11:42.0681 0x0530 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:11:42.0691 0x0530 FltMgr - ok
18:11:42.0781 0x0530 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
18:11:42.0811 0x0530 FontCache - ok
18:11:42.0861 0x0530 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:11:42.0861 0x0530 FontCache3.0.0.0 - ok
18:11:42.0871 0x0530 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:11:42.0871 0x0530 FsDepends - ok
18:11:42.0901 0x0530 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:11:42.0911 0x0530 Fs_Rec - ok
18:11:42.0921 0x0530 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:11:42.0921 0x0530 fvevol - ok
18:11:43.0001 0x0530 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:11:43.0001 0x0530 gagp30kx - ok
18:11:43.0041 0x0530 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
18:11:43.0061 0x0530 gpsvc - ok
18:11:43.0071 0x0530 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:11:43.0081 0x0530 hcw85cir - ok
18:11:43.0131 0x0530 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:11:43.0141 0x0530 HdAudAddService - ok
18:11:43.0181 0x0530 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:11:43.0191 0x0530 HDAudBus - ok
18:11:43.0191 0x0530 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:11:43.0191 0x0530 HidBatt - ok
18:11:43.0211 0x0530 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:11:43.0221 0x0530 HidBth - ok
18:11:43.0241 0x0530 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
18:11:43.0241 0x0530 HidIr - ok
18:11:43.0271 0x0530 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
18:11:43.0271 0x0530 hidserv - ok
18:11:43.0381 0x0530 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:11:43.0381 0x0530 HidUsb - ok
18:11:43.0451 0x0530 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:11:43.0451 0x0530 hkmsvc - ok
18:11:43.0481 0x0530 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:11:43.0491 0x0530 HomeGroupListener - ok
18:11:43.0561 0x0530 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:11:43.0571 0x0530 HomeGroupProvider - ok
18:11:43.0631 0x0530 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:11:43.0641 0x0530 HpSAMD - ok
18:11:43.0671 0x0530 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:11:43.0691 0x0530 HTTP - ok
18:11:43.0711 0x0530 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:11:43.0711 0x0530 hwpolicy - ok
18:11:43.0731 0x0530 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:11:43.0731 0x0530 i8042prt - ok
18:11:43.0821 0x0530 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:11:43.0831 0x0530 iaStor - ok
18:11:43.0851 0x0530 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:11:43.0861 0x0530 iaStorV - ok
18:11:43.0921 0x0530 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:11:43.0941 0x0530 idsvc - ok
18:11:43.0951 0x0530 IEEtwCollectorService - ok
18:11:44.0311 0x0530 [ 31569A2E836C12014148BF7342716946, 07DAEF864AF41E8669A6F2546967014C58898BD42C4C2FA1961F32311D083565 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:11:44.0541 0x0530 igfx - ok
18:11:44.0611 0x0530 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:11:44.0611 0x0530 iirsp - ok
18:11:44.0681 0x0530 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
18:11:44.0701 0x0530 IKEEXT - ok
18:11:44.0781 0x0530 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:11:44.0781 0x0530 Impcd - ok
18:11:44.0811 0x0530 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
18:11:44.0811 0x0530 intelide - ok
18:11:44.0841 0x0530 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:11:44.0841 0x0530 intelppm - ok
18:11:44.0901 0x0530 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:11:44.0901 0x0530 IPBusEnum - ok
18:11:44.0941 0x0530 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:11:44.0941 0x0530 IpFilterDriver - ok
18:11:45.0011 0x0530 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:11:45.0021 0x0530 iphlpsvc - ok
18:11:45.0031 0x0530 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:11:45.0031 0x0530 IPMIDRV - ok
18:11:45.0041 0x0530 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:11:45.0041 0x0530 IPNAT - ok
18:11:45.0091 0x0530 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:11:45.0091 0x0530 IRENUM - ok
18:11:45.0101 0x0530 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:11:45.0101 0x0530 isapnp - ok
18:11:45.0131 0x0530 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:11:45.0131 0x0530 iScsiPrt - ok
18:11:45.0211 0x0530 [ 0469BFF65BBDEE9E46D0C45EE32A08BD, 8E11F03FC463CBC9FBBF5D2A29FBF1076C9317D2B8B7224E24C22553F160E065 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:11:45.0221 0x0530 k57nd60a - ok
18:11:45.0241 0x0530 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:11:45.0241 0x0530 kbdclass - ok
18:11:45.0281 0x0530 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:11:45.0281 0x0530 kbdhid - ok
18:11:45.0321 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
18:11:45.0321 0x0530 KeyIso - ok
18:11:45.0341 0x0530 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:11:45.0351 0x0530 KSecDD - ok
18:11:45.0361 0x0530 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:11:45.0361 0x0530 KSecPkg - ok
18:11:45.0381 0x0530 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:11:45.0381 0x0530 ksthunk - ok
18:11:45.0421 0x0530 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
18:11:45.0431 0x0530 KtmRm - ok
18:11:45.0461 0x0530 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:11:45.0471 0x0530 LanmanServer - ok
18:11:45.0491 0x0530 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:11:45.0491 0x0530 LanmanWorkstation - ok
18:11:45.0551 0x0530 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:11:45.0561 0x0530 lltdio - ok
18:11:45.0581 0x0530 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:11:45.0591 0x0530 lltdsvc - ok
18:11:45.0641 0x0530 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:11:45.0651 0x0530 lmhosts - ok
18:11:45.0701 0x0530 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:11:45.0701 0x0530 LSI_FC - ok
18:11:45.0751 0x0530 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:11:45.0751 0x0530 LSI_SAS - ok
18:11:45.0761 0x0530 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:11:45.0761 0x0530 LSI_SAS2 - ok
18:11:45.0781 0x0530 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:11:45.0791 0x0530 LSI_SCSI - ok
18:11:45.0821 0x0530 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
18:11:45.0821 0x0530 luafv - ok
18:11:45.0851 0x0530 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:11:45.0861 0x0530 Mcx2Svc - ok
18:11:45.0871 0x0530 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
18:11:45.0871 0x0530 megasas - ok
18:11:45.0891 0x0530 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:11:45.0901 0x0530 MegaSR - ok
18:11:45.0921 0x0530 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
18:11:45.0921 0x0530 MMCSS - ok
18:11:45.0941 0x0530 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
18:11:45.0941 0x0530 Modem - ok
18:11:45.0991 0x0530 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:11:45.0991 0x0530 monitor - ok
18:11:46.0051 0x0530 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:11:46.0051 0x0530 mouclass - ok
18:11:46.0091 0x0530 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:11:46.0091 0x0530 mouhid - ok
18:11:46.0131 0x0530 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:11:46.0131 0x0530 mountmgr - ok
18:11:46.0211 0x0530 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:11:46.0211 0x0530 MozillaMaintenance - ok
18:11:46.0241 0x0530 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
18:11:46.0241 0x0530 mpio - ok
18:11:46.0261 0x0530 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:11:46.0261 0x0530 mpsdrv - ok
18:11:46.0321 0x0530 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:11:46.0331 0x0530 MpsSvc - ok
18:11:46.0381 0x0530 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:11:46.0381 0x0530 MRxDAV - ok
18:11:46.0401 0x0530 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:11:46.0401 0x0530 mrxsmb - ok
18:11:46.0421 0x0530 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:11:46.0421 0x0530 mrxsmb10 - ok
18:11:46.0591 0x0530 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:11:46.0591 0x0530 mrxsmb20 - ok
18:11:46.0631 0x0530 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
18:11:46.0631 0x0530 msahci - ok
18:11:46.0721 0x0530 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:11:46.0721 0x0530 msdsm - ok
18:11:46.0771 0x0530 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
18:11:46.0771 0x0530 MSDTC - ok
18:11:46.0811 0x0530 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:11:46.0811 0x0530 Msfs - ok
18:11:46.0861 0x0530 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:11:46.0861 0x0530 mshidkmdf - ok
18:11:46.0871 0x0530 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:11:46.0871 0x0530 msisadrv - ok
18:11:46.0911 0x0530 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:11:46.0911 0x0530 MSiSCSI - ok
18:11:46.0921 0x0530 msiserver - ok
18:11:46.0961 0x0530 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:11:46.0961 0x0530 MSKSSRV - ok
18:11:46.0981 0x0530 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:11:46.0981 0x0530 MSPCLOCK - ok
18:11:46.0991 0x0530 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:11:47.0001 0x0530 MSPQM - ok
18:11:47.0021 0x0530 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:11:47.0031 0x0530 MsRPC - ok
18:11:47.0051 0x0530 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:11:47.0051 0x0530 mssmbios - ok
18:11:47.0061 0x0530 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:11:47.0071 0x0530 MSTEE - ok
18:11:47.0071 0x0530 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:11:47.0071 0x0530 MTConfig - ok
18:11:47.0091 0x0530 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
18:11:47.0091 0x0530 Mup - ok
18:11:47.0131 0x0530 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
18:11:47.0141 0x0530 napagent - ok
18:11:47.0201 0x0530 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:11:47.0211 0x0530 NativeWifiP - ok
18:11:47.0271 0x0530 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
18:11:47.0291 0x0530 NDIS - ok
18:11:47.0331 0x0530 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:11:47.0331 0x0530 NdisCap - ok
18:11:47.0381 0x0530 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:11:47.0381 0x0530 NdisTapi - ok
18:11:47.0421 0x0530 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:11:47.0431 0x0530 Ndisuio - ok
18:11:47.0451 0x0530 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:11:47.0451 0x0530 NdisWan - ok
18:11:47.0501 0x0530 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:11:47.0501 0x0530 NDProxy - ok
18:11:47.0541 0x0530 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:11:47.0551 0x0530 NetBIOS - ok
18:11:47.0571 0x0530 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:11:47.0581 0x0530 NetBT - ok
18:11:47.0591 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
18:11:47.0591 0x0530 Netlogon - ok
18:11:47.0621 0x0530 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
18:11:47.0631 0x0530 Netman - ok
18:11:47.0691 0x0530 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:11:47.0691 0x0530 NetMsmqActivator - ok
18:11:47.0701 0x0530 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:11:47.0711 0x0530 NetPipeActivator - ok
18:11:47.0721 0x0530 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
18:11:47.0731 0x0530 netprofm - ok
18:11:47.0751 0x0530 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:11:47.0751 0x0530 NetTcpActivator - ok
18:11:47.0761 0x0530 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:11:47.0761 0x0530 NetTcpPortSharing - ok
18:11:47.0801 0x0530 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:11:47.0811 0x0530 nfrd960 - ok
18:11:47.0861 0x0530 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:11:47.0871 0x0530 NlaSvc - ok
18:11:47.0891 0x0530 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:11:47.0891 0x0530 Npfs - ok
18:11:47.0901 0x0530 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
18:11:47.0911 0x0530 nsi - ok
18:11:47.0921 0x0530 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:11:47.0931 0x0530 nsiproxy - ok
18:11:48.0011 0x0530 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:11:48.0041 0x0530 Ntfs - ok
18:11:48.0061 0x0530 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
18:11:48.0071 0x0530 Null - ok
18:11:48.0101 0x0530 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
18:11:48.0101 0x0530 nusb3hub - ok
18:11:48.0131 0x0530 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
18:11:48.0131 0x0530 nusb3xhc - ok
18:11:48.0181 0x0530 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:11:48.0181 0x0530 nvraid - ok
18:11:48.0221 0x0530 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:11:48.0231 0x0530 nvstor - ok
18:11:48.0271 0x0530 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:11:48.0281 0x0530 nv_agp - ok
18:11:48.0281 0x0530 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:11:48.0281 0x0530 ohci1394 - ok
18:11:48.0311 0x0530 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:11:48.0321 0x0530 p2pimsvc - ok
18:11:48.0351 0x0530 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
18:11:48.0361 0x0530 p2psvc - ok
18:11:48.0361 0x0530 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
18:11:48.0371 0x0530 Parport - ok
18:11:48.0391 0x0530 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:11:48.0391 0x0530 partmgr - ok
18:11:48.0401 0x0530 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
18:11:48.0411 0x0530 PcaSvc - ok
18:11:48.0431 0x0530 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
18:11:48.0431 0x0530 pci - ok
18:11:48.0451 0x0530 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
18:11:48.0451 0x0530 pciide - ok
18:11:48.0471 0x0530 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:11:48.0481 0x0530 pcmcia - ok
18:11:48.0491 0x0530 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
18:11:48.0491 0x0530 pcw - ok
18:11:48.0531 0x0530 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:11:48.0541 0x0530 PEAUTH - ok
18:11:48.0621 0x0530 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:11:48.0651 0x0530 PeerDistSvc - ok
18:11:48.0771 0x0530 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:11:48.0771 0x0530 PerfHost - ok
18:11:48.0841 0x0530 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
18:11:48.0871 0x0530 pla - ok
18:11:48.0951 0x0530 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:11:48.0971 0x0530 PlugPlay - ok
18:11:48.0971 0x0530 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:11:48.0981 0x0530 PNRPAutoReg - ok
18:11:49.0001 0x0530 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:11:49.0011 0x0530 PNRPsvc - ok
18:11:49.0051 0x0530 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:11:49.0061 0x0530 PolicyAgent - ok
18:11:49.0131 0x0530 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
18:11:49.0141 0x0530 Power - ok
18:11:49.0201 0x0530 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:11:49.0201 0x0530 PptpMiniport - ok
18:11:49.0221 0x0530 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
18:11:49.0221 0x0530 Processor - ok
18:11:49.0271 0x0530 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
18:11:49.0271 0x0530 ProfSvc - ok
18:11:49.0311 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:11:49.0311 0x0530 ProtectedStorage - ok
18:11:49.0441 0x0530 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:11:49.0441 0x0530 Psched - ok
18:11:49.0601 0x0530 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:11:49.0638 0x0530 ql2300 - ok
18:11:49.0691 0x0530 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:11:49.0691 0x0530 ql40xx - ok
18:11:49.0711 0x0530 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
18:11:49.0721 0x0530 QWAVE - ok
18:11:49.0731 0x0530 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:11:49.0731 0x0530 QWAVEdrv - ok
18:11:49.0741 0x0530 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:11:49.0741 0x0530 RasAcd - ok
18:11:49.0801 0x0530 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:11:49.0801 0x0530 RasAgileVpn - ok
18:11:49.0841 0x0530 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
18:11:49.0841 0x0530 RasAuto - ok
18:11:49.0861 0x0530 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:11:49.0861 0x0530 Rasl2tp - ok
18:11:49.0891 0x0530 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
18:11:49.0901 0x0530 RasMan - ok
18:11:49.0911 0x0530 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:11:49.0911 0x0530 RasPppoe - ok
18:11:49.0961 0x0530 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:11:49.0961 0x0530 RasSstp - ok
18:11:50.0001 0x0530 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:11:50.0001 0x0530 rdbss - ok
18:11:50.0011 0x0530 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:11:50.0011 0x0530 rdpbus - ok
18:11:50.0061 0x0530 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:11:50.0061 0x0530 RDPCDD - ok
18:11:50.0081 0x0530 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:11:50.0091 0x0530 RDPDR - ok
18:11:50.0131 0x0530 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:11:50.0141 0x0530 RDPENCDD - ok
18:11:50.0141 0x0530 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:11:50.0141 0x0530 RDPREFMP - ok
18:11:50.0171 0x0530 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:11:50.0171 0x0530 RDPWD - ok
18:11:50.0221 0x0530 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:11:50.0221 0x0530 rdyboost - ok
18:11:50.0251 0x0530 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:11:50.0251 0x0530 RemoteAccess - ok
18:11:50.0281 0x0530 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:11:50.0281 0x0530 RemoteRegistry - ok
18:11:50.0291 0x0530 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:11:50.0301 0x0530 RpcEptMapper - ok
18:11:50.0321 0x0530 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
18:11:50.0321 0x0530 RpcLocator - ok
18:11:50.0341 0x0530 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
18:11:50.0351 0x0530 RpcSs - ok
18:11:50.0421 0x0530 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:11:50.0431 0x0530 rspndr - ok
18:11:50.0441 0x0530 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:11:50.0451 0x0530 s3cap - ok
18:11:50.0461 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
18:11:50.0461 0x0530 SamSs - ok
18:11:50.0471 0x0530 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:11:50.0481 0x0530 sbp2port - ok
18:11:50.0501 0x0530 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:11:50.0501 0x0530 SCardSvr - ok
18:11:50.0511 0x0530 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:11:50.0521 0x0530 scfilter - ok
18:11:50.0561 0x0530 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
18:11:50.0581 0x0530 Schedule - ok
18:11:50.0661 0x0530 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:11:50.0661 0x0530 SCPolicySvc - ok
18:11:50.0681 0x0530 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:11:50.0691 0x0530 SDRSVC - ok
18:11:50.0731 0x0530 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:11:50.0731 0x0530 secdrv - ok
18:11:50.0741 0x0530 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
18:11:50.0741 0x0530 seclogon - ok
18:11:50.0761 0x0530 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
18:11:50.0761 0x0530 SENS - ok
18:11:50.0781 0x0530 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:11:50.0781 0x0530 SensrSvc - ok
18:11:50.0801 0x0530 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:11:50.0801 0x0530 Serenum - ok
18:11:50.0851 0x0530 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
18:11:50.0851 0x0530 Serial - ok
18:11:50.0901 0x0530 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:11:50.0901 0x0530 sermouse - ok
18:11:50.0931 0x0530 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
18:11:50.0931 0x0530 SessionEnv - ok
18:11:50.0941 0x0530 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:11:50.0941 0x0530 sffdisk - ok
18:11:50.0941 0x0530 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:11:50.0941 0x0530 sffp_mmc - ok
18:11:50.0951 0x0530 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:11:50.0951 0x0530 sffp_sd - ok
18:11:50.0961 0x0530 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:11:50.0961 0x0530 sfloppy - ok
18:11:50.0981 0x0530 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:11:50.0991 0x0530 SharedAccess - ok
18:11:51.0021 0x0530 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:11:51.0031 0x0530 ShellHWDetection - ok
18:11:51.0081 0x0530 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:11:51.0081 0x0530 SiSRaid2 - ok
18:11:51.0091 0x0530 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:11:51.0101 0x0530 SiSRaid4 - ok
18:11:51.0171 0x0530 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:11:51.0181 0x0530 SkypeUpdate - ok
18:11:51.0231 0x0530 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:11:51.0231 0x0530 Smb - ok
18:11:51.0301 0x0530 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:11:51.0301 0x0530 SNMPTRAP - ok
18:11:51.0321 0x0530 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
18:11:51.0321 0x0530 spldr - ok
18:11:51.0351 0x0530 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
18:11:51.0371 0x0530 Spooler - ok
18:11:51.0531 0x0530 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
18:11:51.0611 0x0530 sppsvc - ok
18:11:51.0641 0x0530 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:11:51.0641 0x0530 sppuinotify - ok
18:11:51.0681 0x0530 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:11:51.0691 0x0530 srv - ok
18:11:51.0721 0x0530 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:11:51.0721 0x0530 srv2 - ok
18:11:51.0791 0x0530 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:11:51.0811 0x0530 srvnet - ok
18:11:51.0841 0x0530 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:11:51.0841 0x0530 SSDPSRV - ok
18:11:51.0851 0x0530 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:11:51.0851 0x0530 SstpSvc - ok
18:11:51.0971 0x0530 [ A993E6FD9549499099461A0B192EEC3F, EC17EBE9A0EF481E704E64D07D257C3380046CBB5D9CAFABA90D21A2B84191FF ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:11:51.0981 0x0530 Steam Client Service - ok
18:11:52.0021 0x0530 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:11:52.0021 0x0530 stexstor - ok
18:11:52.0081 0x0530 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
18:11:52.0101 0x0530 stisvc - ok
18:11:52.0131 0x0530 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:11:52.0131 0x0530 storflt - ok
18:11:52.0161 0x0530 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
18:11:52.0161 0x0530 StorSvc - ok
18:11:52.0201 0x0530 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:11:52.0201 0x0530 storvsc - ok
18:11:52.0211 0x0530 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:11:52.0211 0x0530 swenum - ok
18:11:52.0251 0x0530 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
18:11:52.0261 0x0530 swprv - ok
18:11:52.0331 0x0530 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
18:11:52.0371 0x0530 SysMain - ok
18:11:52.0381 0x0530 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:11:52.0381 0x0530 TabletInputService - ok
18:11:52.0391 0x0530 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:11:52.0401 0x0530 TapiSrv - ok
18:11:52.0451 0x0530 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
18:11:52.0451 0x0530 TBS - ok
18:11:52.0541 0x0530 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:11:52.0581 0x0530 Tcpip - ok
18:11:52.0691 0x0530 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:11:52.0731 0x0530 TCPIP6 - ok
18:11:52.0761 0x0530 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:11:52.0761 0x0530 tcpipreg - ok
18:11:52.0771 0x0530 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:11:52.0781 0x0530 TDPIPE - ok
18:11:52.0801 0x0530 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:11:52.0801 0x0530 TDTCP - ok
18:11:52.0821 0x0530 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:11:52.0821 0x0530 tdx - ok
18:11:52.0841 0x0530 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:11:52.0841 0x0530 TermDD - ok
18:11:52.0891 0x0530 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
18:11:52.0901 0x0530 TermService - ok
18:11:52.0921 0x0530 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
18:11:52.0921 0x0530 Themes - ok
18:11:52.0941 0x0530 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
18:11:52.0941 0x0530 THREADORDER - ok
18:11:52.0961 0x0530 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
18:11:52.0961 0x0530 TrkWks - ok
18:11:53.0021 0x0530 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:11:53.0021 0x0530 TrustedInstaller - ok
18:11:53.0061 0x0530 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:11:53.0061 0x0530 tssecsrv - ok
18:11:53.0101 0x0530 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:11:53.0111 0x0530 TsUsbFlt - ok
18:11:53.0121 0x0530 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:11:53.0131 0x0530 TsUsbGD - ok
18:11:53.0181 0x0530 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:11:53.0191 0x0530 tunnel - ok
18:11:53.0191 0x0530 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:11:53.0191 0x0530 uagp35 - ok
18:11:53.0211 0x0530 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:11:53.0211 0x0530 udfs - ok
18:11:53.0241 0x0530 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:11:53.0241 0x0530 UI0Detect - ok
18:11:53.0291 0x0530 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:11:53.0301 0x0530 uliagpkx - ok
18:11:53.0341 0x0530 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:11:53.0341 0x0530 umbus - ok
18:11:53.0351 0x0530 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
18:11:53.0351 0x0530 UmPass - ok
18:11:53.0381 0x0530 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:11:53.0391 0x0530 UmRdpService - ok
18:11:53.0401 0x0530 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
18:11:53.0411 0x0530 upnphost - ok
18:11:53.0471 0x0530 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:11:53.0471 0x0530 usbaudio - ok
18:11:53.0531 0x0530 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:11:53.0531 0x0530 usbccgp - ok
18:11:53.0601 0x0530 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:11:53.0601 0x0530 usbcir - ok
18:11:53.0621 0x0530 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:11:53.0621 0x0530 usbehci - ok
18:11:53.0671 0x0530 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:11:53.0681 0x0530 usbhub - ok
18:11:53.0701 0x0530 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:11:53.0701 0x0530 usbohci - ok
18:11:53.0731 0x0530 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:11:53.0731 0x0530 usbprint - ok
18:11:53.0761 0x0530 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:11:53.0761 0x0530 USBSTOR - ok
18:11:53.0781 0x0530 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:11:53.0781 0x0530 usbuhci - ok
18:11:53.0871 0x0530 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:11:53.0871 0x0530 usbvideo - ok
18:11:53.0891 0x0530 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
18:11:53.0901 0x0530 UxSms - ok
18:11:53.0911 0x0530 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
18:11:53.0911 0x0530 VaultSvc - ok
18:11:53.0961 0x0530 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:11:53.0961 0x0530 vdrvroot - ok
18:11:53.0991 0x0530 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
18:11:54.0011 0x0530 vds - ok
18:11:54.0071 0x0530 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:11:54.0071 0x0530 vga - ok
18:11:54.0081 0x0530 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:11:54.0091 0x0530 VgaSave - ok
18:11:54.0111 0x0530 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:11:54.0111 0x0530 vhdmp - ok
18:11:54.0131 0x0530 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
18:11:54.0131 0x0530 viaide - ok
18:11:54.0171 0x0530 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:11:54.0171 0x0530 vmbus - ok
18:11:54.0181 0x0530 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:11:54.0181 0x0530 VMBusHID - ok
18:11:54.0201 0x0530 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:11:54.0201 0x0530 volmgr - ok
18:11:54.0221 0x0530 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:11:54.0231 0x0530 volmgrx - ok
18:11:54.0261 0x0530 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:11:54.0261 0x0530 volsnap - ok
18:11:54.0321 0x0530 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:11:54.0321 0x0530 vsmraid - ok
18:11:54.0401 0x0530 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
18:11:54.0431 0x0530 VSS - ok
18:11:54.0591 0x0530 [ C3382C99F1D10BCBEBC689BF847B77B5, BB11A866595D745BA7427CCB9E1F39F2340BC55B3E61B48B47B8E64384D3FFEA ] vToolbarUpdater3.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
18:11:54.0631 0x0530 vToolbarUpdater3.2.0 - ok
18:11:54.0651 0x0530 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:11:54.0651 0x0530 vwifibus - ok
18:11:54.0691 0x0530 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:11:54.0701 0x0530 vwififlt - ok
18:11:54.0741 0x0530 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
18:11:54.0741 0x0530 W32Time - ok
18:11:54.0771 0x0530 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:11:54.0771 0x0530 WacomPen - ok
18:11:54.0821 0x0530 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:11:54.0831 0x0530 WANARP - ok
18:11:54.0851 0x0530 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:11:54.0851 0x0530 Wanarpv6 - ok
18:11:54.0921 0x0530 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
18:11:54.0951 0x0530 wbengine - ok
18:11:54.0961 0x0530 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:11:54.0971 0x0530 WbioSrvc - ok
18:11:54.0981 0x0530 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:11:54.0991 0x0530 wcncsvc - ok
18:11:55.0001 0x0530 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:11:55.0011 0x0530 WcsPlugInService - ok
18:11:55.0021 0x0530 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
18:11:55.0031 0x0530 Wd - ok
18:11:55.0071 0x0530 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:11:55.0091 0x0530 Wdf01000 - ok
18:11:55.0131 0x0530 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:11:55.0131 0x0530 WdiServiceHost - ok
18:11:55.0141 0x0530 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:11:55.0141 0x0530 WdiSystemHost - ok
18:11:55.0151 0x0530 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
18:11:55.0161 0x0530 WebClient - ok
18:11:55.0181 0x0530 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:11:55.0181 0x0530 Wecsvc - ok
18:11:55.0201 0x0530 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:11:55.0201 0x0530 wercplsupport - ok
18:11:55.0251 0x0530 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
18:11:55.0261 0x0530 WerSvc - ok
18:11:55.0321 0x0530 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:11:55.0321 0x0530 WfpLwf - ok
18:11:55.0371 0x0530 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:11:55.0371 0x0530 WIMMount - ok
18:11:55.0401 0x0530 WinDefend - ok
18:11:55.0431 0x0530 WinHttpAutoProxySvc - ok
18:11:55.0491 0x0530 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:11:55.0501 0x0530 Winmgmt - ok
18:11:55.0591 0x0530 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
18:11:55.0631 0x0530 WinRM - ok
18:11:55.0721 0x0530 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:11:55.0741 0x0530 Wlansvc - ok
18:11:55.0771 0x0530 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:11:55.0771 0x0530 WmiAcpi - ok
18:11:55.0791 0x0530 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:11:55.0811 0x0530 wmiApSrv - ok
18:11:55.0851 0x0530 WMPNetworkSvc - ok
18:11:55.0871 0x0530 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:11:55.0871 0x0530 WPCSvc - ok
18:11:55.0891 0x0530 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:11:55.0891 0x0530 WPDBusEnum - ok
18:11:55.0901 0x0530 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:11:55.0901 0x0530 ws2ifsl - ok
18:11:55.0921 0x0530 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
18:11:55.0921 0x0530 wscsvc - ok
18:11:55.0931 0x0530 WSearch - ok
18:11:56.0031 0x0530 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
18:11:56.0091 0x0530 wuauserv - ok
18:11:56.0121 0x0530 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:11:56.0121 0x0530 WudfPf - ok
18:11:56.0161 0x0530 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:11:56.0171 0x0530 WUDFRd - ok
18:11:56.0191 0x0530 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:11:56.0201 0x0530 wudfsvc - ok
18:11:56.0221 0x0530 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:11:56.0231 0x0530 WwanSvc - ok
18:11:56.0261 0x0530 ================ Scan global ===============================
18:11:56.0301 0x0530 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:11:56.0331 0x0530 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:11:56.0351 0x0530 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:11:56.0381 0x0530 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:11:56.0421 0x0530 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:11:56.0431 0x0530 [ Global ] - ok
18:11:56.0431 0x0530 ================ Scan MBR ==================================
18:11:56.0441 0x0530 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:11:57.0361 0x0530 \Device\Harddisk0\DR0 - ok
18:11:57.0361 0x0530 ================ Scan VBR ==================================
18:11:57.0361 0x0530 [ 54BA4C37D203C2B279E01A9F91269268 ] \Device\Harddisk0\DR0\Partition1
18:11:57.0361 0x0530 \Device\Harddisk0\DR0\Partition1 - ok
18:11:57.0361 0x0530 [ B92AF4BC5DFDD737B0B8D7D4C6A1738F ] \Device\Harddisk0\DR0\Partition2
18:11:57.0361 0x0530 \Device\Harddisk0\DR0\Partition2 - ok
18:11:57.0371 0x0530 ================ Scan generic autorun ======================
18:11:57.0411 0x0530 [ A38D377D4FC5403602EBF3CAD8F8EA4E, 63D673BC7F3AB3185B35DE40263C11D2FB83FA4DDF4EE3C9B37BF9CCD9BBB08D ] C:\Windows\system32\igfxtray.exe
18:11:57.0411 0x0530 IgfxTray - ok
18:11:57.0441 0x0530 [ D3AF93D8029B326DCCF3197C14E7ECFF, 43315E01904D141136C2B579A78242376F65E3405C4108BB29F966B0BE0613DC ] C:\Windows\system32\hkcmd.exe
18:11:57.0451 0x0530 HotKeysCmds - ok
18:11:57.0481 0x0530 [ 7738067DEF9AF9E6DBFDEB0178046575, 1F7AB6E03C8FD0587287E8B7E3D365E0C5F90C6AB3014B0DB75980B0542AE6FB ] C:\Windows\system32\igfxpers.exe
18:11:57.0491 0x0530 Persistence - ok
18:11:57.0571 0x0530 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:11:57.0591 0x0530 Adobe ARM - ok
18:11:57.0841 0x0530 [ 361B0893A5C6741F347568A3232D2822, A1085FD8DCEA67E3760C5204C4FC0EADAAC2A9E3A1A498B0BE2F0883EE2B1A04 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
18:11:57.0951 0x0530 AVG_UI - ok
18:11:58.0111 0x0530 [ 76C35842C8B6F0D0A5411B6AFC477C7D, 66711C5D0E9962A13F2989D76ABCE7F6F7712062689926CCED94B64ED78F4645 ] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
18:11:58.0161 0x0530 vProt - ok
18:11:58.0251 0x0530 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:11:58.0281 0x0530 Sidebar - ok
18:11:58.0311 0x0530 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:11:58.0321 0x0530 mctadmin - ok
18:11:58.0371 0x0530 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:11:58.0391 0x0530 Sidebar - ok
18:11:58.0401 0x0530 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:11:58.0401 0x0530 mctadmin - ok
18:11:58.0421 0x0530 Skype - ok
18:11:58.0421 0x0530 Waiting for KSN requests completion. In queue: 50
18:11:59.0421 0x0530 Waiting for KSN requests completion. In queue: 50
18:12:00.0421 0x0530 Waiting for KSN requests completion. In queue: 50
18:12:01.0431 0x0530 AV detected via SS2: AVG AntiVirus 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x40000 ( disabled : updated )
18:12:01.0441 0x0530 Win FW state via NFP2: enabled
18:12:04.0151 0x0530 ============================================================
18:12:04.0151 0x0530 Scan finished
18:12:04.0151 0x0530 ============================================================
18:12:04.0151 0x0ee4 Detected object count: 0
18:12:04.0151 0x0ee4 Actual detected object count: 0
|
|
15.10.2014, 14:41
| #7 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 13:53
| #8 |
| | Habe ich einen Virus ?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.10.2014 Suchlauf-Zeit: 12:53:25 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.18.04 Rootkit Datenbank: v2014.10.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: klopsi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 298671 Verstrichene Zeit: 12 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 18/10/2014 um 14:11:31
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : klopsi - KLOPSI-PC
# Gestartet von : C:\Users\klopsi\Downloads\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Users\klopsi\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\klopsi\AppData\Local\Temp\Security Systems
Datei Gelöscht : C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\invalidprefs.js
Datei Gelöscht : C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
*************************
AdwCleaner[R0].txt - [3666 octets] - [18/10/2014 13:41:54]
AdwCleaner[S0].txt - [3521 octets] - [18/10/2014 14:11:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3581 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by klopsi on 18.10.2014 at 14:16:56,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\klopsi\AppData\Roaming\mozilla\firefox\profiles\f5e6t17i.default\minidumps [27 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2014 at 14:20:19,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by klopsi (administrator) on KLOPSI-PC on 18-10-2014 14:25:28
Running from C:\Users\klopsi\Downloads
Loaded Profile: klopsi (Available profiles: klopsi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Policies\Explorer: [DisallowRun] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default
FF Homepage: hxxp://encrypted.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: FastestFox - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-08-01]
FF Extension: Adblock Plus - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\klopsi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-31] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 14:22 - 2014-10-18 14:22 - 02112000 _____ (Farbar) C:\Users\klopsi\Downloads\FRST64.exe
2014-10-18 14:21 - 2014-10-18 14:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-18 14:20 - 2014-10-18 14:20 - 00000829 _____ () C:\Users\klopsi\Desktop\JRT.txt
2014-10-18 14:18 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-18 14:16 - 2014-10-18 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-18 14:16 - 2014-10-18 14:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-18 14:16 - 2014-10-18 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 14:15 - 2014-10-18 14:15 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\klopsi\Downloads\avira_de_av___ws.exe
2014-10-18 13:41 - 2014-10-18 14:11 - 00000000 ____D () C:\AdwCleaner
2014-10-18 13:40 - 2014-10-18 13:40 - 00001204 _____ () C:\Users\klopsi\Desktop\mbam.txt
2014-10-18 12:51 - 2014-10-18 13:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 12:51 - 2014-10-18 12:51 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-18 12:51 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 12:51 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 12:51 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-18 12:37 - 2014-10-18 12:37 - 01705698 _____ (Thisisu) C:\Users\klopsi\Downloads\JRT.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\klopsi\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 01976320 _____ () C:\Users\klopsi\Downloads\AdwCleaner_4.000.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Downloads\tdsskiller.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Desktop\tdsskiller.exe
2014-10-11 23:41 - 2014-10-18 14:25 - 00008418 _____ () C:\Users\klopsi\Downloads\FRST.txt
2014-10-11 23:41 - 2014-10-11 23:42 - 00018143 _____ () C:\Users\klopsi\Downloads\Addition.txt
2014-10-11 23:40 - 2014-10-18 14:25 - 00000000 ____D () C:\FRST
2014-10-06 20:20 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-10-06 20:20 - 2014-10-06 21:16 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\TS3Client
2014-10-06 15:05 - 2014-10-06 15:05 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard
2014-10-06 14:59 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-06 14:58 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 14:57 - 2014-10-12 13:56 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-25 18:49 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Avira
2014-09-25 18:40 - 2014-10-18 14:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\ProgramData\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Microsoft Web Folders
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-21 17:38 - 2014-10-18 12:28 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 14:19 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 14:19 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 14:16 - 2014-08-01 22:35 - 00057560 _____ () C:\Users\klopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 14:16 - 2014-08-01 22:25 - 01273714 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 14:13 - 2014-08-02 20:26 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Skype
2014-10-18 14:12 - 2010-11-21 05:47 - 00144988 _____ () C:\Windows\PFRO.log
2014-10-18 14:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 14:12 - 2009-07-14 06:51 - 00028585 _____ () C:\Windows\setupact.log
2014-10-18 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 12:27 - 2014-08-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 12:27 - 2014-08-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-13 09:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-13 09:15 - 2014-08-01 22:30 - 00000000 ____D () C:\Users\klopsi
2014-10-13 09:14 - 2014-08-31 17:38 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-10-13 09:14 - 2014-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-10-13 09:14 - 2014-08-22 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-13 09:14 - 2014-08-22 12:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-13 09:13 - 2014-08-22 12:16 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Avg2014
2014-10-13 09:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-25 18:48 - 2014-08-22 12:22 - 00000000 ___HD () C:\$AVG
2014-09-21 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
Some content of TEMP:
====================
C:\Users\klopsi\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\klopsi\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\avgnt.exe
C:\Users\klopsi\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe
C:\Users\klopsi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe
C:\Users\klopsi\AppData\Local\Temp\Quarantine.exe
C:\Users\klopsi\AppData\Local\Temp\sdanircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\sdapskill.exe
C:\Users\klopsi\AppData\Local\Temp\sdaspwn.exe
C:\Users\klopsi\AppData\Local\Temp\sfamcc00001.dll
C:\Users\klopsi\AppData\Local\Temp\sfextra.dll
C:\Users\klopsi\AppData\Local\Temp\sqlite3.dll
C:\Users\klopsi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\klopsi\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 13:59
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by klopsi (administrator) on KLOPSI-PC on 18-10-2014 14:52:14
Running from C:\Users\klopsi\Downloads
Loaded Profile: klopsi (Available profiles: klopsi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Policies\Explorer: [DisallowRun] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default
FF Homepage: hxxp://encrypted.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: FastestFox - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-08-01]
FF Extension: Adblock Plus - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\klopsi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-31] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 14:22 - 2014-10-18 14:22 - 02112000 _____ (Farbar) C:\Users\klopsi\Downloads\FRST64.exe
2014-10-18 14:21 - 2014-10-18 14:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-18 14:20 - 2014-10-18 14:20 - 00000829 _____ () C:\Users\klopsi\Desktop\JRT.txt
2014-10-18 14:18 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-18 14:16 - 2014-10-18 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-18 14:16 - 2014-10-18 14:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-18 14:16 - 2014-10-18 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 14:15 - 2014-10-18 14:15 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\klopsi\Downloads\avira_de_av___ws.exe
2014-10-18 13:41 - 2014-10-18 14:11 - 00000000 ____D () C:\AdwCleaner
2014-10-18 13:40 - 2014-10-18 13:40 - 00001204 _____ () C:\Users\klopsi\Desktop\mbam.txt
2014-10-18 12:51 - 2014-10-18 13:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 12:51 - 2014-10-18 12:51 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-18 12:51 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 12:51 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 12:51 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-18 12:37 - 2014-10-18 12:37 - 01705698 _____ (Thisisu) C:\Users\klopsi\Downloads\JRT.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\klopsi\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 01976320 _____ () C:\Users\klopsi\Downloads\AdwCleaner_4.000.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Downloads\tdsskiller.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Desktop\tdsskiller.exe
2014-10-11 23:41 - 2014-10-18 14:52 - 00008633 _____ () C:\Users\klopsi\Downloads\FRST.txt
2014-10-11 23:41 - 2014-10-11 23:42 - 00018143 _____ () C:\Users\klopsi\Downloads\Addition.txt
2014-10-11 23:40 - 2014-10-18 14:52 - 00000000 ____D () C:\FRST
2014-10-06 20:20 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-10-06 20:20 - 2014-10-06 21:16 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\TS3Client
2014-10-06 15:05 - 2014-10-06 15:05 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard
2014-10-06 14:59 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-06 14:58 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 14:57 - 2014-10-12 13:56 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-25 18:49 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Avira
2014-09-25 18:40 - 2014-10-18 14:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\ProgramData\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Microsoft Web Folders
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-21 17:38 - 2014-10-18 12:28 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 14:47 - 2014-08-02 20:26 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Skype
2014-10-18 14:19 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 14:19 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 14:17 - 2014-08-01 22:25 - 01273714 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 14:16 - 2014-08-01 22:35 - 00057560 _____ () C:\Users\klopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 14:12 - 2010-11-21 05:47 - 00144988 _____ () C:\Windows\PFRO.log
2014-10-18 14:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 14:12 - 2009-07-14 06:51 - 00028585 _____ () C:\Windows\setupact.log
2014-10-18 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 12:27 - 2014-08-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 12:27 - 2014-08-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-13 09:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-13 09:15 - 2014-08-01 22:30 - 00000000 ____D () C:\Users\klopsi
2014-10-13 09:14 - 2014-08-31 17:38 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-10-13 09:14 - 2014-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-10-13 09:14 - 2014-08-22 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-13 09:14 - 2014-08-22 12:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-13 09:13 - 2014-08-22 12:16 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Avg2014
2014-10-13 09:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-25 18:48 - 2014-08-22 12:22 - 00000000 ___HD () C:\$AVG
2014-09-21 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
Some content of TEMP:
====================
C:\Users\klopsi\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\klopsi\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\avgnt.exe
C:\Users\klopsi\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe
C:\Users\klopsi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe
C:\Users\klopsi\AppData\Local\Temp\Quarantine.exe
C:\Users\klopsi\AppData\Local\Temp\sdanircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\sdapskill.exe
C:\Users\klopsi\AppData\Local\Temp\sdaspwn.exe
C:\Users\klopsi\AppData\Local\Temp\sfamcc00001.dll
C:\Users\klopsi\AppData\Local\Temp\sfextra.dll
C:\Users\klopsi\AppData\Local\Temp\sqlite3.dll
C:\Users\klopsi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\klopsi\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 13:59
==================== End Of Log ============================
--- --- --- |
|
19.10.2014, 08:25
| #9 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 19:31
| #10 |
| | Habe ich einen Virus ?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d39155140b87aa4fa3c1ee763f990e5f
# engine=20670
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-19 10:57:11
# local_time=2014-10-19 12:57:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus 2014'
# compatibility_mode=1050 16777214 100 90 531787 5956163 0 0
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 2390 2160771 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 82 531778 165346081 0 0
# scanned=112527
# found=4
# cleaned=0
# scan_time=1904
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\klopsi\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=55C46A799DAEEE2FF4B49E13DA142FBB775D96C1 ft=1 fh=d6eaabd957bb62d7 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe"
sh=E7AA7AF674CDE49E1060AB332E610D3A1C2B2B70 ft=1 fh=4a583afd8f4e4e5c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\klopsi\Downloads\Microsoft NET Framework 4 5 2 - CHIP-Installer.exe"
sh=169D2CC9FDD96EED10F498824055D5CBC425D5A0 ft=1 fh=019d89f002eb2eec vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\klopsi\Downloads\SpeedFan - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
AVG AntiVirus 2014
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Adobe Flash Player 15.0.0.189
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Soll ich jetzt das alles nochmal machen oder sollte ich mir keine Sorgen machen ? Da steht jetzt, dass 2 Antiviren- Programme drauf sind, AVG ist aber nicht mehr an, nur Avira, das war jetzt aber seit Mittwoch bis getern aus. AVG kann ich irgendwie nicht deinstallieren. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by klopsi (administrator) on KLOPSI-PC on 19-10-2014 20:29:36
Running from C:\Users\klopsi\Desktop
Loaded Profile: klopsi (Available profiles: klopsi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2515552902-1029408911-2965342807-1000\...\Policies\Explorer: [DisallowRun] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default
FF Homepage: hxxp://encrypted.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: FastestFox - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-08-01]
FF Extension: Adblock Plus - C:\Users\klopsi\AppData\Roaming\Mozilla\Firefox\Profiles\f5e6t17i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\klopsi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-31] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 20:29 - 2014-10-19 20:30 - 00008806 _____ () C:\Users\klopsi\Desktop\FRST.txt
2014-10-19 20:29 - 2014-10-19 20:29 - 00000000 ____D () C:\Users\klopsi\Desktop\FRST-OlderVersion
2014-10-19 20:26 - 2014-10-19 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-19 20:24 - 2014-10-19 20:25 - 00005646 _____ () C:\Users\klopsi\Desktop\Neues Textdokument (2).txt
2014-10-19 20:24 - 2014-10-19 20:25 - 00005036 _____ () C:\Users\klopsi\Desktop\Neues Textdokument (3).txt
2014-10-19 13:05 - 2014-10-19 13:00 - 00854417 _____ () C:\Users\klopsi\Desktop\SecurityCheck.exe
2014-10-19 13:00 - 2014-10-19 13:00 - 00854417 _____ () C:\Users\klopsi\Downloads\SecurityCheck.exe
2014-10-19 12:20 - 2014-10-19 12:20 - 02347384 _____ (ESET) C:\Users\klopsi\Downloads\esetsmartinstaller_deu.exe
2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-18 15:06 - 2014-10-18 15:06 - 01121208 _____ () C:\Users\klopsi\Downloads\ProcessMonitor.zip
2014-10-18 15:06 - 2014-10-18 15:06 - 00000000 ____D () C:\Users\klopsi\Downloads\ProcessMonitor
2014-10-18 14:22 - 2014-10-19 20:29 - 02112512 _____ (Farbar) C:\Users\klopsi\Desktop\FRST64.exe
2014-10-18 14:21 - 2014-10-18 14:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-18 14:20 - 2014-10-18 14:20 - 00000829 _____ () C:\Users\klopsi\Desktop\JRT.txt
2014-10-18 14:18 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-18 14:18 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-18 14:16 - 2014-10-18 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-18 14:16 - 2014-10-18 14:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-18 14:16 - 2014-10-18 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 14:15 - 2014-10-18 14:15 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\klopsi\Downloads\avira_de_av___ws.exe
2014-10-18 13:41 - 2014-10-18 14:11 - 00000000 ____D () C:\AdwCleaner
2014-10-18 13:40 - 2014-10-18 13:40 - 00001204 _____ () C:\Users\klopsi\Desktop\mbam.txt
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 12:37 - 2014-10-18 12:37 - 01705698 _____ (Thisisu) C:\Users\klopsi\Downloads\JRT.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\klopsi\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 12:36 - 2014-10-18 12:37 - 01976320 _____ () C:\Users\klopsi\Downloads\AdwCleaner_4.000.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Downloads\tdsskiller.exe
2014-10-14 18:09 - 2014-10-14 18:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\klopsi\Desktop\tdsskiller.exe
2014-10-11 23:41 - 2014-10-18 14:52 - 00018295 _____ () C:\Users\klopsi\Downloads\FRST.txt
2014-10-11 23:41 - 2014-10-11 23:42 - 00018143 _____ () C:\Users\klopsi\Downloads\Addition.txt
2014-10-11 23:40 - 2014-10-19 20:29 - 00000000 ____D () C:\FRST
2014-10-06 20:20 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-10-06 20:20 - 2014-10-06 21:16 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\TS3Client
2014-10-06 15:05 - 2014-10-06 15:05 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard
2014-10-06 14:59 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-06 14:58 - 2014-10-06 14:58 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-06 14:57 - 2014-10-13 09:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 14:57 - 2014-10-12 13:56 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Battle.net
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-06 14:57 - 2014-10-06 14:57 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-25 18:49 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Avira
2014-09-25 18:40 - 2014-10-18 14:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\ProgramData\Avira
2014-09-25 18:40 - 2014-09-25 18:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Microsoft Web Folders
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-21 17:38 - 2014-10-18 12:28 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 20:27 - 2014-08-02 20:26 - 00000000 ____D () C:\Users\klopsi\AppData\Roaming\Skype
2014-10-19 20:27 - 2014-08-01 22:25 - 01279717 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 20:26 - 2009-07-14 06:51 - 00029348 _____ () C:\Windows\setupact.log
2014-10-19 13:08 - 2014-08-22 12:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-19 12:18 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 12:18 - 2009-07-14 06:45 - 00026704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 12:10 - 2010-11-21 05:47 - 00279768 _____ () C:\Windows\PFRO.log
2014-10-19 12:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 14:16 - 2014-08-01 22:35 - 00057560 _____ () C:\Users\klopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 14:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 12:27 - 2014-08-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 12:27 - 2014-08-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-13 09:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-13 09:15 - 2014-08-01 22:30 - 00000000 ____D () C:\Users\klopsi
2014-10-13 09:14 - 2014-08-31 17:38 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-10-13 09:14 - 2014-08-22 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-13 09:14 - 2014-08-22 12:22 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-13 09:14 - 2014-08-02 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-13 09:14 - 2014-08-01 23:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-13 09:13 - 2014-08-22 12:16 - 00000000 ____D () C:\Users\klopsi\AppData\Local\Avg2014
2014-10-13 09:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-25 18:48 - 2014-08-22 12:22 - 00000000 ___HD () C:\$AVG
2014-09-21 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
Some content of TEMP:
====================
C:\Users\klopsi\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\klopsi\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\avgnt.exe
C:\Users\klopsi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\klopsi\AppData\Local\Temp\gb3-setup.exe
C:\Users\klopsi\AppData\Local\Temp\Quarantine.exe
C:\Users\klopsi\AppData\Local\Temp\sdanircmdc.exe
C:\Users\klopsi\AppData\Local\Temp\sdapskill.exe
C:\Users\klopsi\AppData\Local\Temp\sdaspwn.exe
C:\Users\klopsi\AppData\Local\Temp\sfamcc00001.dll
C:\Users\klopsi\AppData\Local\Temp\sfextra.dll
C:\Users\klopsi\AppData\Local\Temp\sqlite3.dll
C:\Users\klopsi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\klopsi\AppData\Local\Temp\UNINSTALL.exe
C:\Users\klopsi\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 13:59
==================== End Of Log ============================
--- --- --- |
|
20.10.2014, 17:28
| #11 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ? Niemals 2 Antivirenprogramme installieren. Mach eines weg, oder noch besser: Beide, und installiere was anständiges. Noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2014, 20:03
| #12 |
| | Habe ich einen Virus ? Ne, keine. Siehts soweit gut aus ? Keine Schädlinge ? |
|
23.10.2014, 17:40
| #13 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ? Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2014, 14:41
| #14 |
| | Habe ich einen Virus ? Keine Fragen mehr, nochmals danke schön.  |
|
27.10.2014, 09:39
| #15 |
| /// the machine /// TB-Ausbilder | Habe ich einen Virus ? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
