| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Videos ruckeln besonders in FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.10.2014, 17:52
| #1 |
 |  Videos ruckeln besonders in Firefox Hallo, mein Problem dreht sich um den Browser Mozilla Firefox (Version 33.0). Das Problem tritt insbesondere bei HD-Videos (aber auch bei niedrigerer Qualität) auf, obwohl die Bandbreite dafür locker ausreichen sollte. Die Aktualität der Flashplayer von Adobe und Shockwave habe ich bereits überprüft. Auch der Treiber meiner Grafikkarte ist aktuell. Wenn ich Chrome benutze, ist es etwas besser, aber nicht perfekt flüssig. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:41 on 15/10/2014
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 01
Ran by Phillip (administrator) on 11RP11 on 15-10-2014 17:49:34
Running from C:\Users\Phillip\Downloads
Loaded Profiles: Phillip & postgres (Available profiles: Phillip & postgres)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
(LG Electronics) C:\Program Files\LG Software\LG OSD\HotKey.exe
() C:\Program Files\ATK Hotkey\LOSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-07] (Synaptics, Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-07-03] ()
HKLM\...\Run: [KeybdUtility] => C:\Program Files\LG Software\LG OSD\HotKey.exe [3026944 2008-09-04] (LG Electronics)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-21] (Intel Corporation)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb} - E:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb} - E:\SETUP.EXE /AUTORUN
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lge.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///F:/viewer/ORDcmViewCD.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default
FF NetworkProxy: "http", "195.142.122.62"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 -> C:\PROGRA~1\MOZILL~1\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Phillip\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: DownloadHelper - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\admin@proxy-listen.de.xpi [2013-10-04]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\extension@hidemyass.com.xpi [2013-07-29]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-11]
FF Extension: LeechBlock - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-05-28]
FF Extension: Adblock Plus - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-21]
FF Extension: DownThemAll! - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google-Suche) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (AdBlock) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Google Mail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-08-12] (REALiX(tm))
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
S3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [124928 2008-08-07] (Realtek Corporation ) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1807744 2008-04-02] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [646392 2012-08-27] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008-03-26] (CyberLink)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIV.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 17:49 - 2014-10-15 17:53 - 00019529 _____ () C:\Users\Phillip\Downloads\FRST.txt
2014-10-15 17:49 - 2014-10-15 17:50 - 00000000 ____D () C:\FRST
2014-10-15 17:48 - 2014-10-15 17:48 - 01054912 _____ (Adobe) C:\Users\Phillip\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-15 17:42 - 2014-10-15 17:42 - 00380416 _____ () C:\Users\Phillip\Downloads\Gmer-19357.exe
2014-10-15 17:41 - 2014-10-15 17:42 - 01102336 _____ (Farbar) C:\Users\Phillip\Downloads\FRST.exe
2014-10-15 17:41 - 2014-10-15 17:42 - 00000636 _____ () C:\Users\Phillip\Downloads\defogger_disable.log
2014-10-15 17:41 - 2014-10-15 17:42 - 00000020 _____ () C:\Users\Phillip\defogger_reenable
2014-10-15 15:06 - 2014-10-15 15:12 - 00050477 _____ () C:\Users\Phillip\Downloads\Defogger.exe
2014-10-15 14:50 - 2014-10-15 14:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 16:48 - 2014-10-13 16:48 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-30 10:46 - 2014-09-30 10:46 - 00000000 ____D () C:\Users\Phillip\AppData\Local\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D () C:\Program Files\PDF24
2014-09-30 10:42 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-30 10:42 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-30 10:41 - 2014-09-30 10:41 - 01101648 _____ () C:\Users\Phillip\Downloads\PDF24 Creator - CHIP-Installer.exe
2014-09-30 10:39 - 2014-09-30 10:39 - 00000000 ____D () C:\Users\Phillip\.pdfsam
2014-09-26 08:25 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:07 - 2014-09-23 18:43 - 176351867 _____ () C:\Users\Phillip\Downloads\Rulez.NOF.21st.Sept.2014.HDTV Ptt (1).mp4
2014-09-23 18:00 - 2014-09-23 18:01 - 05007509 _____ () C:\Users\Phillip\Downloads\Rulez.NOF.21st.Sept.2014.HDTV.720p (1)-001.mkv.part
2014-09-20 12:59 - 2014-09-20 12:59 - 06958304 _____ (Microsoft Corporation) C:\Users\Phillip\Downloads\Silverlight.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 17:51 - 2008-12-10 23:49 - 01502136 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 17:45 - 2014-02-25 11:05 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 17:44 - 2012-10-16 10:05 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-15 17:44 - 2012-08-21 23:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-15 17:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:43 - 2008-10-08 20:25 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-15 17:43 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 17:41 - 2009-03-06 20:15 - 00000000 ____D () C:\Users\Phillip
2014-10-15 16:56 - 2014-02-25 11:05 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 16:44 - 2012-08-22 20:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 22:45 - 2012-08-23 11:33 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\HoldemManager
2014-10-14 20:49 - 2012-08-22 20:52 - 00000000 ____D () C:\Users\Phillip\AppData\Local\PokerStars.EU
2014-10-14 16:02 - 2013-08-05 23:39 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 16:01 - 2013-08-05 23:39 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 18:25 - 2012-08-23 15:00 - 00001786 ____H () C:\Users\Phillip\Documents\Default.rdp
2014-10-13 16:48 - 2014-08-08 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-01 21:06 - 2013-10-11 17:14 - 00000885 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-10-01 21:06 - 2013-05-10 08:13 - 00000000 ____D () C:\Program Files\Holdem Manager 2
2014-09-26 08:45 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-09-26 08:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-23 22:24 - 2012-10-15 19:34 - 00000000 ____D () C:\Users\Phillip\WWE
2014-09-23 21:44 - 2012-08-22 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 21:44 - 2012-08-22 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 10:49 - 2012-08-23 16:45 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 11:16 - 2013-02-20 21:02 - 00000000 ____D () C:\Users\Phillip\Documents\Nathi
2014-09-16 13:25 - 2012-11-25 20:30 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Phillip\AppData\Local\Temp\avgnt.exe
C:\Users\Phillip\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-15 17:51
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 01
Ran by Phillip at 2014-10-15 17:54:57
Running from C:\Users\Phillip\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
888poker (HKLM\...\888poker) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (Version: 7.6.11.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0042 - ATK)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Betfair.com Poker (HKCU\...\Betfair.com Poker) (Version: - )
Betfred Poker (HKCU\...\Betfred Poker) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0724.2347.40767 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2008.1114.1449.26465 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0724.2347.40767 - ATI) Hidden
CCC Help Turkish (Version: 2008.0724.2346.40767 - ATI) Hidden
ccc-utility (Version: 2008.0724.2347.40767 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
center (Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design onlineTV 8 (HKLM\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.2 - concept/design GmbH)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1622 - CyberLink Corp.)
CyberLink YouCam (Version: 1.0.1622 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
essentials (Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM\...\Flatcast Viewer 5.3_is1) (Version: - 1 mal 1 Software GmbH)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.0.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (HKLM\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.55.4.WIN.FullTilt.EU - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Holdem Manager (HKLM\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM\...\HoldemManager2) (Version: - )
HWiNFO32 Version 4.42 (HKLM\...\HWiNFO32_is1) (Version: 4.42 - Martin Malík - REALiX)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
ITECIR (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.13.0.114 - LogMeIn, Inc.)
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
Leawo PowerPoint to Video Pro version 2.6.0.68 (HKLM\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.6.0.68 - Leawo Software)
LG Fan Mode Tile for Windows Mobility Center (HKLM\...\LGFanModeTile) (Version: - LG Electronics Inc.)
LG Intelligent Update (HKLM\...\{81717D01-32F6-449C-85E1-41AFD678E545}) (Version: 4.00.0923.01 - LG Electronics Inc.)
LG Magnifier (HKLM\...\{9672CAD2-F310-42D6-9147-E4A4B6ED8395}) (Version: 8.05.1901 - LG Electronics Inc.)
LG OSD (HKLM\...\{13831772-9872-4E79-B39B-5E38D7855512}) (Version: 8.06.2715 - LG Electronics Inc.)
LG Smart Indicator (HKLM\...\{DABD50F7-0001-0002-0003-ABCDEFABCDEF}) (Version: 1.28.0711 - LG Electronics Inc.)
LG Smart Recovery (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1824 - LG Electronics Inc)
LG Smart Recovery (Version: 5.5.1824 - LG Electronics Inc) Hidden
LG TouchPad Tile for Windows Mobility Center (HKLM\...\LGTouchPadTile) (Version: - LG Electronics Inc.)
LG Webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.41000.3 - Sonix)
Media Player Codec Pack 4.2.2 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.2 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
Poker at bet365 (HKCU\...\bet365poker) (Version: - )
PokerRanger (HKLM\...\PokerRanger) (Version: - Michael A. Voelkel)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStars.fr (HKLM\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStrategy.com Equilab - Omaha (HKLM\...\{38B746B5-44EE-4FFA-B987-581B5CF4A097}) (Version: 1.1.4.0 - PokerStrategy.com)
PokerStrategy.com Equilab (HKLM\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerStrategy.com SideKick (HKCU\...\5e9f0bf649a2dbca) (Version: 2.0.1217.2 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PowerXpressHybrid (Version: 1.00.0000 - ATI) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Skins (Version: 2008.0724.2347.40767 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Sun ODF Plugin for Microsoft Office 3.2 (HKLM\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TableScan Turbo v1.0.11 (HKLM\...\{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1) (Version: - Zandry, LLC)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.4.3 - Shark007)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
Wondershare Dr.Fone für iOS(Build 4.6.0.29) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll (Playtech)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarManagerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> C:\Poker\Betfair.com Poker\widgetbar\PTContainerOle.exe (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll (Playtech)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> "C:\Poker\Titan Poker\widgetbar\PTContainerOle.exe" No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
==================== Restore Points =========================
04-10-2014 21:14:25 Windows Update
05-10-2014 20:45:07 Windows Update
07-10-2014 06:09:19 Windows Update
08-10-2014 17:09:40 Windows Update
09-10-2014 17:32:39 Windows Update
10-10-2014 09:43:13 Windows Update
12-10-2014 19:32:50 Windows Update
13-10-2014 08:46:39 Windows Update
14-10-2014 07:56:35 Windows Update
14-10-2014 16:51:05 Windows Update
15-10-2014 13:39:33 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1404ADD9-F9AB-4906-A809-EBB4452DEAA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {259D57CF-929C-4A59-AB24-28BFBBC1DFA5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35913868-F007-4AF5-A3B4-F9E31E85FA0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {70E48828-A9A6-466D-B106-2A026A4895C0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AB8176F3-D715-4B43-8F81-B499C340B52A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {CAC3A15F-B4AB-48E8-AE36-AC54C21D27E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-08 20:48 - 2007-10-03 06:53 - 00094208 ____R () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2012-10-31 20:43 - 2010-06-17 22:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-08 13:48 - 2010-05-08 13:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2012-08-26 14:59 - 2012-08-16 12:25 - 00172032 _____ () C:\Program Files\PostgreSQL\8.4\bin\LIBPQ.dll
2012-08-26 15:03 - 2012-08-14 15:19 - 00999424 _____ () C:\Program Files\PostgreSQL\8.4\bin\libxml2.dll
2008-10-08 20:39 - 2008-07-25 09:09 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-09-02 11:16 - 2013-09-02 11:16 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2008-10-08 20:48 - 2004-05-28 03:13 - 00057344 ____R () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-10-08 20:48 - 2008-07-16 20:06 - 00086016 _____ () C:\Program Files\ATK Hotkey\PegaVol.dll
2008-10-08 20:48 - 2007-11-05 04:48 - 00106496 ____R () C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2008-10-08 20:48 - 2008-07-03 11:29 - 00098304 ____R () C:\Program Files\ATK Hotkey\HControlUser.exe
2008-10-08 20:48 - 2007-11-13 00:41 - 00106496 ____R () C:\Program Files\ATK Hotkey\MsgTran.dll
2008-10-08 20:48 - 2008-06-06 00:40 - 00102400 ____R () C:\Program Files\ATK Hotkey\LOSD.exe
2008-10-08 20:48 - 2008-05-10 03:55 - 02555904 ____R () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-10-08 20:48 - 2008-01-23 19:51 - 00151552 ____R () C:\Program Files\ATK Hotkey\WDC.exe
2014-10-15 14:50 - 2014-10-15 14:50 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Phillip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Phillip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools => "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LG Intelligent Update => "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
MSCONFIG\startupreg: LG Magnifier => %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
MSCONFIG\startupreg: LGSR => "%ProgramFiles%\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "%ProgramFiles%\LG Software\LG Smart Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
========================= Accounts: ==========================
Administrator (S-1-5-21-2386538302-2959011679-2223950070-500 - Administrator - Disabled)
Gast (S-1-5-21-2386538302-2959011679-2223950070-501 - Limited - Disabled)
Phillip (S-1-5-21-2386538302-2959011679-2223950070-1000 - Administrator - Enabled) => C:\Users\Phillip
postgres (S-1-5-21-2386538302-2959011679-2223950070-1007 - Limited - Enabled) => C:\Users\postgres.11RP11
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.8.0, Zeitstempel 0x47589ff7, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.8.0, Zeitstempel 0x47589ff7, Ausnahmecode 0xc0000409, Fehleroffset 0x0002975c,
Prozess-ID 0xf0c, Anwendungsstartzeit SynTPEnh.exe0.
Error: (10/15/2014 02:35:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 09:53:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 04:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 00:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 10:43:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/15/2014 05:58:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/15/2014 05:45:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent
Error: (10/15/2014 02:51:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/15/2014 02:42:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (10/15/2014 02:39:18 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: Das Gerät "HL-DT-ST DVDRAM GSA-T50N" (IDE\CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RR07____\4&2d86b49&0&0.1.0) wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error: (10/15/2014 02:35:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent
Error: (10/14/2014 07:33:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/14/2014 06:52:43 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Der Transaktionsressourcen-Manager auf Volume "\Device\HarddiskVolumeShadowCopy14" konnte aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (10/14/2014 03:59:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/14/2014 03:44:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
Error: (10/15/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SynTPEnh.exe10.1.8.047589ff7SynTPEnh.exe10.1.8.047589ff7c00004090002975cf0c01cfe8745f6d0c8c
Error: (10/15/2014 02:35:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 09:53:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 04:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 00:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 10:43:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.22 MB
Available physical RAM: 1528.09 MB
Total Pagefile: 8974.47 MB
Available Pagefile: 6067.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150 GB) (Free:10.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:139.59 GB) (Free:22.18 GB) NTFS
Drive f: (MANAGER12) (CDROM) (Total:6.87 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0E790E78)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=12)
Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=12)
==================== End Of Log ============================
GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 18:43:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: bgxczuhg.exe; Driver: C:\Users\Phillip\AppData\Local\Temp\pwldqpoc.sys
---- System - GMER 2.1 ----
SSDT 8D681D5E ZwCreateSection
SSDT 8D681D68 ZwRequestWaitReplyPort
SSDT 8D681D63 ZwSetContextThread
SSDT 8D681D6D ZwSetSecurityObject
SSDT 8D681D72 ZwSystemDebugControl
SSDT 8D681CFF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 830FC860 4 Bytes [5E, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 830FCB84 4 Bytes [68, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 830FCBB8 4 Bytes [63, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 830FCC1C 4 Bytes [6D, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 830FCC64 4 Bytes [72, 1D, 68, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC0D000, 0x20F676, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd3028
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x6F 0x7A 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xE5 0xA1 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0x83 0x0C 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd3028 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x6F 0x7A 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xE5 0xA1 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0x83 0x0C 0x7F ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe, ich habe nichts vergessen und verbleibe mit den besten Grüßen. |
|
15.10.2014, 17:59
| #2 |
| /// the machine /// TB-Ausbilder    | Videos ruckeln besonders in Firefox hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
15.10.2014, 19:35
| #3 | |
| | Videos ruckeln besonders in FirefoxZitat:
Hier das Logfile: Code:
ATTFilter 20:29:30.0342 0x1ebc TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:29:44.0930 0x1ebc ============================================================
20:29:44.0931 0x1ebc Current date / time: 2014/10/15 20:29:44.0930
20:29:44.0931 0x1ebc SystemInfo:
20:29:44.0931 0x1ebc
20:29:44.0931 0x1ebc OS Version: 6.0.6002 ServicePack: 2.0
20:29:44.0931 0x1ebc Product type: Workstation
20:29:44.0931 0x1ebc ComputerName: 11RP11
20:29:44.0932 0x1ebc UserName: Phillip
20:29:44.0932 0x1ebc Windows directory: C:\Windows
20:29:44.0932 0x1ebc System windows directory: C:\Windows
20:29:44.0932 0x1ebc Processor architecture: Intel x86
20:29:44.0932 0x1ebc Number of processors: 2
20:29:44.0932 0x1ebc Page size: 0x1000
20:29:44.0932 0x1ebc Boot type: Normal boot
20:29:44.0932 0x1ebc ============================================================
20:29:46.0099 0x1ebc KLMD registered as C:\Windows\system32\drivers\07251310.sys
20:29:46.0756 0x1ebc System UUID: {0DCCF934-174C-D172-A511-04E5A5B1A3B8}
20:29:49.0786 0x1ebc Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:29:49.0876 0x1ebc ============================================================
20:29:49.0876 0x1ebc \Device\Harddisk0\DR0:
20:29:49.0888 0x1ebc MBR partitions:
20:29:49.0888 0x1ebc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2FCD03, BlocksNum 0x12BFFABF
20:29:49.0888 0x1ebc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12EFC800, BlocksNum 0x11730800
20:29:49.0888 0x1ebc ============================================================
20:29:49.0994 0x1ebc C: <-> \Device\Harddisk0\DR0\Partition1
20:29:50.0160 0x1ebc D: <-> \Device\Harddisk0\DR0\Partition2
20:29:50.0280 0x1ebc ============================================================
20:29:50.0280 0x1ebc Initialize success
20:29:50.0281 0x1ebc ============================================================
20:30:41.0447 0x18dc ============================================================
20:30:41.0447 0x18dc Scan started
20:30:41.0447 0x18dc Mode: Manual; SigCheck; TDLFS;
20:30:41.0447 0x18dc ============================================================
20:30:41.0447 0x18dc KSN ping started
20:30:41.0644 0x18dc KSN ping finished: true
20:30:48.0561 0x18dc ================ Scan system memory ========================
20:30:48.0561 0x18dc System memory - ok
20:30:48.0569 0x18dc ================ Scan services =============================
20:30:48.0937 0x18dc [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:30:50.0012 0x18dc ACPI - ok
20:30:50.0148 0x18dc [ D2523D28674B03976AFC1AB6EF712F27, 2E7619535A54B4CC296BD67A678A31A6E2AADEE6848957F1467AA3EE2D129F00 ] acsint C:\Windows\system32\DRIVERS\acsint.sys
20:30:50.0336 0x18dc acsint - ok
20:30:50.0383 0x18dc [ 9A7D29DAE24A01DCD33D8F563559B3AB, 0EB90904B708F89D9641044B62D2A6635282EB1463C60143FA3E27AC180B2CB6 ] acsmux C:\Windows\system32\DRIVERS\acsmux.sys
20:30:50.0453 0x18dc acsmux - ok
20:30:50.0659 0x18dc [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:50.0761 0x18dc AdobeARMservice - ok
20:30:50.0879 0x18dc [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:51.0086 0x18dc AdobeFlashPlayerUpdateSvc - ok
20:30:51.0224 0x18dc [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:30:51.0397 0x18dc adp94xx - ok
20:30:51.0493 0x18dc [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:30:51.0634 0x18dc adpahci - ok
20:30:51.0679 0x18dc [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:30:51.0773 0x18dc adpu160m - ok
20:30:51.0834 0x18dc [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:30:51.0931 0x18dc adpu320 - ok
20:30:52.0037 0x18dc [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:30:53.0294 0x18dc AeLookupSvc - ok
20:30:53.0403 0x18dc [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
20:30:53.0699 0x18dc AFD - ok
20:30:53.0831 0x18dc [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:30:53.0930 0x18dc agp440 - ok
20:30:54.0163 0x18dc [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:30:54.0267 0x18dc aic78xx - ok
20:30:54.0318 0x18dc [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:30:54.0717 0x18dc ALG - ok
20:30:54.0769 0x18dc [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
20:30:54.0825 0x18dc aliide - ok
20:30:54.0890 0x18dc [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:30:54.0982 0x18dc amdagp - ok
20:30:55.0033 0x18dc [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
20:30:55.0099 0x18dc amdide - ok
20:30:55.0133 0x18dc [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:30:55.0293 0x18dc AmdK7 - ok
20:30:55.0331 0x18dc [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:30:55.0508 0x18dc AmdK8 - ok
20:30:56.0093 0x18dc [ 0FAE24959235BBD1F0E1549701D5548D, E5FA4239FE529FE603D30EF5300AA194C237E5BA7265868630A25E0DBFE2DC03 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:31:00.0543 0x18dc amdkmdag - ok
20:31:00.0908 0x18dc [ 2E6F9F805A11446628237AD203928E4B, F344506FFBED9E8BBA6902DF54818CEA24005E315E221F795D8FE7ACF4BE6C22 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:31:01.0022 0x18dc amdkmdap - ok
20:31:01.0220 0x18dc [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:31:01.0419 0x18dc AntiVirSchedulerService - ok
20:31:01.0539 0x18dc [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:31:01.0631 0x18dc AntiVirService - ok
20:31:01.0779 0x18dc [ D62CB48F2FA06D7A243928F2D09470D7, 650618F397C2C20C4C00B3BC2A3A1DABBFB20818B365CEDBA7D04353F97FE001 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:31:02.0038 0x18dc AntiVirWebService - ok
20:31:02.0180 0x18dc [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
20:31:02.0323 0x18dc Appinfo - ok
20:31:02.0538 0x18dc [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:31:02.0631 0x18dc Apple Mobile Device - ok
20:31:02.0678 0x18dc [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
20:31:02.0762 0x18dc arc - ok
20:31:02.0840 0x18dc [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:31:02.0918 0x18dc arcsas - ok
20:31:02.0976 0x18dc [ 5A055A4777CBBC8845DD598CB2EEBF69, AF58FF2D58DA807869531A645ED4AD078FC411554EE18366949D27FF0C28829D ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
20:31:03.0047 0x18dc ASLDRService - detected UnsignedFile.Multi.Generic ( 1 )
20:31:03.0145 0x18dc Detect skipped due to KSN trusted
20:31:03.0145 0x18dc ASLDRService - ok
20:31:03.0308 0x18dc [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:31:03.0790 0x18dc aspnet_state - ok
20:31:03.0841 0x18dc [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:03.0987 0x18dc AsyncMac - ok
20:31:04.0045 0x18dc [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:31:04.0117 0x18dc atapi - ok
20:31:04.0576 0x18dc [ 0FAE24959235BBD1F0E1549701D5548D, E5FA4239FE529FE603D30EF5300AA194C237E5BA7265868630A25E0DBFE2DC03 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:31:05.0142 0x18dc atikmdag - ok
20:31:05.0268 0x18dc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:05.0486 0x18dc AudioEndpointBuilder - ok
20:31:05.0586 0x18dc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:31:05.0681 0x18dc Audiosrv - ok
20:31:05.0769 0x18dc [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:31:05.0851 0x18dc avgntflt - ok
20:31:05.0966 0x18dc [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:31:06.0074 0x18dc avipbb - ok
20:31:06.0193 0x18dc [ 485B85B3FF68FB7454984CB92A0532D9, 287F6C6ADF3D96C8AC1BD1FFAD82563DA72A26CF0DECDEA7E987A020EBE06552 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
20:31:06.0259 0x18dc Avira.OE.ServiceHost - ok
20:31:06.0352 0x18dc [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:31:06.0437 0x18dc avkmgr - ok
20:31:06.0526 0x18dc [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:31:06.0641 0x18dc Beep - ok
20:31:06.0756 0x18dc [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:31:07.0076 0x18dc BFE - ok
20:31:07.0217 0x18dc [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:31:08.0535 0x18dc BITS - ok
20:31:08.0629 0x18dc [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:31:08.0817 0x18dc blbdrive - ok
20:31:08.0927 0x18dc [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:31:09.0052 0x18dc Bonjour Service - ok
20:31:09.0125 0x18dc [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:31:09.0271 0x18dc bowser - ok
20:31:09.0337 0x18dc [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:31:09.0436 0x18dc BrFiltLo - ok
20:31:09.0474 0x18dc [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:31:09.0595 0x18dc BrFiltUp - ok
20:31:09.0640 0x18dc [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:31:09.0802 0x18dc Browser - ok
20:31:09.0852 0x18dc [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:31:10.0439 0x18dc Brserid - ok
20:31:10.0504 0x18dc [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:31:10.0733 0x18dc BrSerWdm - ok
20:31:10.0774 0x18dc [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:31:11.0302 0x18dc BrUsbMdm - ok
20:31:11.0347 0x18dc [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:31:11.0543 0x18dc BrUsbSer - ok
20:31:11.0608 0x18dc [ CCE53AFC28347CC18EA139972E5B5E5A, 647086790A27DBD4D8D874F5DA46B3B634474A09C4D0271C29CABA0A236CB35E ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:31:11.0758 0x18dc BthEnum - ok
20:31:11.0818 0x18dc [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:31:12.0011 0x18dc BTHMODEM - ok
20:31:12.0048 0x18dc [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:31:12.0197 0x18dc BthPan - ok
20:31:12.0290 0x18dc [ AC8A1689D5EFC4D214201155A78D8F4B, B11ADCFD40D02DC764F71BC9EC62A548953A91E6D5BACF06982D43CB97C728C8 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:31:12.0514 0x18dc BTHPORT - ok
20:31:12.0568 0x18dc [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ C:\Windows\System32\bthserv.dll
20:31:13.0024 0x18dc BthServ - ok
20:31:13.0128 0x18dc [ 288C1F74E3E2EED6C7B54EB3AAC70856, ADC723A0786878FAEDEF7946F9279755D90C679A60BB13396D3AFAC0E121EEBF ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:31:13.0242 0x18dc BTHUSB - ok
20:31:13.0314 0x18dc [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:31:13.0480 0x18dc cdfs - ok
20:31:13.0557 0x18dc [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:31:13.0702 0x18dc cdrom - ok
20:31:13.0770 0x18dc [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:31:13.0915 0x18dc CertPropSvc - ok
20:31:13.0955 0x18dc [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:31:14.0112 0x18dc circlass - ok
20:31:14.0228 0x18dc [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:31:14.0746 0x18dc CLFS - ok
20:31:14.0880 0x18dc [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:15.0039 0x18dc clr_optimization_v2.0.50727_32 - ok
20:31:15.0128 0x18dc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:15.0346 0x18dc clr_optimization_v4.0.30319_32 - ok
20:31:15.0447 0x18dc [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:15.0569 0x18dc CmBatt - ok
20:31:15.0608 0x18dc [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:31:15.0692 0x18dc cmdide - ok
20:31:15.0751 0x18dc [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:31:15.0824 0x18dc Compbatt - ok
20:31:15.0842 0x18dc COMSysApp - ok
20:31:15.0882 0x18dc [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:31:15.0943 0x18dc crcdisk - ok
20:31:16.0004 0x18dc [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:31:16.0171 0x18dc Crusoe - ok
20:31:16.0290 0x18dc [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:31:16.0515 0x18dc CryptSvc - ok
20:31:16.0677 0x18dc [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:31:17.0416 0x18dc DcomLaunch - ok
20:31:17.0586 0x18dc [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
20:31:17.0683 0x18dc DCService.exe - detected UnsignedFile.Multi.Generic ( 1 )
20:31:18.0011 0x18dc Detect skipped due to KSN trusted
20:31:18.0011 0x18dc DCService.exe - ok
20:31:18.0077 0x18dc [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:31:18.0246 0x18dc DfsC - ok
20:31:18.0715 0x18dc [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:31:20.0923 0x18dc DFSR - ok
20:31:21.0045 0x18dc [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:31:21.0179 0x18dc Dhcp - ok
20:31:21.0248 0x18dc [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:31:21.0329 0x18dc disk - ok
20:31:21.0441 0x18dc [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:31:21.0728 0x18dc Dnscache - ok
20:31:21.0883 0x18dc [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:31:22.0056 0x18dc dot3svc - ok
20:31:22.0151 0x18dc [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:31:22.0518 0x18dc DPS - ok
20:31:22.0611 0x18dc [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:31:22.0830 0x18dc drmkaud - ok
20:31:22.0963 0x18dc [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:31:23.0338 0x18dc DXGKrnl - ok
20:31:23.0419 0x18dc [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:31:23.0611 0x18dc E1G60 - ok
20:31:23.0675 0x18dc [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:31:23.0801 0x18dc EapHost - ok
20:31:23.0891 0x18dc [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:31:23.0999 0x18dc Ecache - ok
20:31:24.0096 0x18dc [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:31:24.0321 0x18dc ehRecvr - ok
20:31:24.0364 0x18dc [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:31:24.0520 0x18dc ehSched - ok
20:31:24.0562 0x18dc [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:31:24.0637 0x18dc ehstart - ok
20:31:24.0721 0x18dc [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:31:24.0850 0x18dc elxstor - ok
20:31:24.0987 0x18dc [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:31:25.0234 0x18dc EMDMgmt - ok
20:31:25.0320 0x18dc [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:31:25.0436 0x18dc ErrDev - ok
20:31:25.0569 0x18dc [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:31:25.0732 0x18dc EventSystem - ok
20:31:25.0778 0x18dc [ 921878114F48949CFAE9ABE6FC4C4CC3, 9A4C4A8BE692E250F46DFB34A0B08D22CE79AFDF3080CF2F356EDC089029AB04 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
20:31:25.0936 0x18dc ewusbnet - ok
20:31:26.0030 0x18dc [ E98A64C7F106740A38FB2B78197816F8, 704C86807CA6EC641125A1C7566318B46DEEA63573F15A424A4151999DB1E0E8 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:31:26.0185 0x18dc ew_hwusbdev - ok
20:31:26.0261 0x18dc [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:31:26.0518 0x18dc exfat - ok
20:31:26.0589 0x18dc [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:31:26.0750 0x18dc fastfat - ok
20:31:26.0838 0x18dc [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:31:27.0049 0x18dc fdc - ok
20:31:27.0091 0x18dc [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:31:27.0275 0x18dc fdPHost - ok
20:31:27.0288 0x18dc [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:31:27.0929 0x18dc FDResPub - ok
20:31:28.0548 0x18dc [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:31:29.0150 0x18dc FileInfo - ok
20:31:29.0199 0x18dc [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:31:29.0330 0x18dc Filetrace - ok
20:31:29.0408 0x18dc [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:30.0102 0x18dc flpydisk - ok
20:31:30.0205 0x18dc [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:30.0347 0x18dc FltMgr - ok
20:31:30.0552 0x18dc [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:31:31.0398 0x18dc FontCache - ok
20:31:31.0484 0x18dc [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:31:31.0633 0x18dc FontCache3.0.0.0 - ok
20:31:31.0699 0x18dc [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:31.0857 0x18dc Fs_Rec - ok
20:31:31.0950 0x18dc [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:31:32.0042 0x18dc gagp30kx - ok
20:31:32.0199 0x18dc [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:32.0558 0x18dc GEARAspiWDM - ok
20:31:32.0646 0x18dc [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
20:31:32.0770 0x18dc giveio - detected UnsignedFile.Multi.Generic ( 1 )
20:31:33.0080 0x18dc Detect skipped due to KSN trusted
20:31:33.0080 0x18dc giveio - ok
20:31:33.0203 0x18dc [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:33.0662 0x18dc gpsvc - ok
20:31:33.0796 0x18dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:33.0844 0x18dc gupdate - ok
20:31:33.0896 0x18dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:33.0935 0x18dc gupdatem - ok
20:31:34.0086 0x18dc [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:34.0237 0x18dc HdAudAddService - ok
20:31:34.0353 0x18dc [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:34.0589 0x18dc HDAudBus - ok
20:31:34.0655 0x18dc [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:31:35.0376 0x18dc HidBth - ok
20:31:35.0452 0x18dc [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:31:35.0606 0x18dc HidIr - ok
20:31:35.0653 0x18dc [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:31:35.0746 0x18dc hidserv - ok
20:31:35.0805 0x18dc [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:35.0872 0x18dc HidUsb - ok
20:31:35.0924 0x18dc [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:36.0171 0x18dc hkmsvc - ok
20:31:36.0317 0x18dc [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:31:36.0425 0x18dc HpCISSs - ok
20:31:36.0509 0x18dc [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:37.0371 0x18dc HTTP - ok
20:31:37.0426 0x18dc [ 22A4B14530194FC57C1C849FB5AFEE17, FCE7B5E3FF9DD3B465D77EC16E46F0AEF5C4CECE0A8F8CCC928183FC8ACB4B13 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:31:37.0584 0x18dc huawei_enumerator - ok
20:31:37.0686 0x18dc [ 0B3957226EC94B1ECB7B9348BB535A23, 5EAB9E01DE61D463FD1CD425C5A9ADD3DED53744291E72D5E70077000DF05374 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:31:37.0869 0x18dc hwdatacard - ok
20:31:37.0932 0x18dc [ 4745A8B2BE115B054F31A86B0E64BB01, 58A44A1F10FB40BC578BCA2A1C9186B9AA0F22667A2C027619EE678BB90054AA ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
20:31:37.0994 0x18dc HWiNFO32 - ok
20:31:38.0085 0x18dc [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:31:38.0204 0x18dc i2omp - ok
20:31:38.0295 0x18dc [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:38.0437 0x18dc i8042prt - ok
20:31:38.0655 0x18dc [ 3E42C4691AAD4B1E8D0466F9CBF05CBE, 8F53A86B97A25CE92D6A3EB9720F86308252C5B7A4BC62218FF8788229B132B8 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:31:38.0802 0x18dc IAANTMON - ok
20:31:38.0896 0x18dc [ 707C1692214B1C290271067197F075F6, 7D0DB754604AABC4AA09AB8BA94326B1A1C2A76F3C2C2C7D6FA14F964BE68A51 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:31:38.0968 0x18dc iaStor - ok
20:31:39.0060 0x18dc [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:31:39.0246 0x18dc iaStorV - ok
20:31:39.0376 0x18dc [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:31:39.0749 0x18dc idsvc - ok
20:31:39.0800 0x18dc [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:31:39.0870 0x18dc iirsp - ok
20:31:39.0972 0x18dc [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:40.0250 0x18dc IKEEXT - ok
20:31:40.0271 0x18dc IntcAzAudAddService - ok
20:31:40.0360 0x18dc [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
20:31:40.0439 0x18dc intelide - ok
20:31:40.0753 0x18dc [ 6FB1858D1F0923D122B0331865695041, 6DB129A3A7800CA64415B23C4E96453D89E4B06A6C3D51EBF6B6E13DCB64DDC5 ] intelkmd C:\Windows\system32\DRIVERS\igdkmd32.sys
20:31:41.0671 0x18dc intelkmd - ok
20:31:41.0788 0x18dc [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:41.0935 0x18dc intelppm - ok
20:31:42.0018 0x18dc [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:42.0211 0x18dc IPBusEnum - ok
20:31:42.0260 0x18dc [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:42.0423 0x18dc IpFilterDriver - ok
20:31:42.0508 0x18dc [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:31:42.0722 0x18dc iphlpsvc - ok
20:31:42.0743 0x18dc IpInIp - ok
20:31:42.0773 0x18dc [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:31:42.0917 0x18dc IPMIDRV - ok
20:31:42.0961 0x18dc [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:31:43.0233 0x18dc IPNAT - ok
20:31:43.0350 0x18dc [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:31:43.0702 0x18dc iPod Service - ok
20:31:43.0759 0x18dc [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:43.0905 0x18dc IRENUM - ok
20:31:43.0975 0x18dc [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:31:44.0083 0x18dc isapnp - ok
20:31:44.0170 0x18dc [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:44.0302 0x18dc iScsiPrt - ok
20:31:44.0375 0x18dc [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:31:44.0450 0x18dc iteatapi - ok
20:31:44.0543 0x18dc [ 8BCD857C7932AD005D5F9C89329DA2E1, B2091CEA5D3D0D06E49D71E7D40E993D5653A0D8F5DC5CE5C9CEFB1242887E0D ] itecir C:\Windows\system32\DRIVERS\itecir.sys
20:31:44.0734 0x18dc itecir - ok
20:31:44.0789 0x18dc [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:31:44.0871 0x18dc iteraid - ok
20:31:44.0949 0x18dc [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:45.0369 0x18dc kbdclass - ok
20:31:45.0406 0x18dc [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:45.0558 0x18dc kbdhid - ok
20:31:45.0650 0x18dc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:31:45.0861 0x18dc KeyIso - ok
20:31:46.0027 0x18dc [ 775C6D5D60146D7DB08A01CB596D7EC6, 66D87041DD8E0CF8AFBC155AC709E9A647B765BBA56CDE07EA01468BDAD7C239 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
20:31:46.0499 0x18dc Kodak AiO Network Discovery Service - ok
20:31:46.0649 0x18dc [ 17AFF68AB32F8671BC46612D35351099, C782460B99EAAE84DDBEF5AEB628984984B4108A482F023CE62CE1D33A367FEB ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
20:31:47.0438 0x18dc Kodak AiO Status Monitor Service - ok
20:31:47.0579 0x18dc [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:47.0956 0x18dc KSecDD - ok
20:31:48.0096 0x18dc [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:48.0369 0x18dc KtmRm - ok
20:31:48.0449 0x18dc [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:31:48.0635 0x18dc LanmanServer - ok
20:31:48.0713 0x18dc [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:48.0859 0x18dc LanmanWorkstation - ok
20:31:48.0928 0x18dc [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:49.0087 0x18dc lltdio - ok
20:31:49.0194 0x18dc [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:49.0358 0x18dc lltdsvc - ok
20:31:49.0413 0x18dc [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:49.0585 0x18dc lmhosts - ok
20:31:49.0668 0x18dc [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:31:50.0017 0x18dc LSI_FC - ok
20:31:50.0057 0x18dc [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:31:50.0173 0x18dc LSI_SAS - ok
20:31:50.0276 0x18dc [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:31:50.0407 0x18dc LSI_SCSI - ok
20:31:50.0482 0x18dc [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:50.0650 0x18dc luafv - ok
20:31:50.0764 0x18dc [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:50.0847 0x18dc Mcx2Svc - ok
20:31:50.0892 0x18dc [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
20:31:50.0959 0x18dc megasas - ok
20:31:51.0067 0x18dc [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:31:51.0232 0x18dc MegaSR - ok
20:31:51.0278 0x18dc [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:31:51.0544 0x18dc MMCSS - ok
20:31:51.0664 0x18dc [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:31:51.0859 0x18dc Modem - ok
20:31:51.0900 0x18dc [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:52.0035 0x18dc monitor - ok
20:31:52.0118 0x18dc [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:52.0197 0x18dc mouclass - ok
20:31:52.0224 0x18dc [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:52.0355 0x18dc mouhid - ok
20:31:52.0396 0x18dc [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:31:52.0484 0x18dc MountMgr - ok
20:31:52.0549 0x18dc [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:31:52.0709 0x18dc MozillaMaintenance - ok
20:31:52.0845 0x18dc [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:31:52.0933 0x18dc mpio - ok
20:31:52.0967 0x18dc [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:53.0099 0x18dc mpsdrv - ok
20:31:53.0170 0x18dc [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:53.0372 0x18dc MpsSvc - ok
20:31:53.0398 0x18dc [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:31:53.0479 0x18dc Mraid35x - ok
20:31:53.0572 0x18dc [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:53.0702 0x18dc MRxDAV - ok
20:31:53.0758 0x18dc [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:53.0890 0x18dc mrxsmb - ok
20:31:53.0954 0x18dc [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:54.0068 0x18dc mrxsmb10 - ok
20:31:54.0106 0x18dc [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:54.0222 0x18dc mrxsmb20 - ok
20:31:54.0278 0x18dc [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
20:31:54.0339 0x18dc msahci - ok
20:31:54.0379 0x18dc [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:31:54.0466 0x18dc msdsm - ok
20:31:54.0515 0x18dc [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:31:54.0665 0x18dc MSDTC - ok
20:31:54.0718 0x18dc [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:54.0864 0x18dc Msfs - ok
20:31:54.0925 0x18dc [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:31:55.0008 0x18dc msisadrv - ok
20:31:55.0063 0x18dc [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:55.0259 0x18dc MSiSCSI - ok
20:31:55.0282 0x18dc msiserver - ok
20:31:55.0342 0x18dc [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:55.0515 0x18dc MSKSSRV - ok
20:31:55.0632 0x18dc [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:55.0763 0x18dc MSPCLOCK - ok
20:31:55.0779 0x18dc [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:55.0930 0x18dc MSPQM - ok
20:31:55.0980 0x18dc [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:56.0132 0x18dc MsRPC - ok
20:31:56.0213 0x18dc [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:56.0307 0x18dc mssmbios - ok
20:31:56.0402 0x18dc [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:56.0553 0x18dc MSTEE - ok
20:31:56.0576 0x18dc [ 97AFFA9D95FFE20EEE6229BC6BE166CF, 6E13230AF96A3A5C518EFA21B9B1833E3DE9D6DA05A6E664E305EF18B162E1B9 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
20:31:56.0671 0x18dc MTsensor - ok
20:31:56.0711 0x18dc [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:56.0845 0x18dc Mup - ok
20:31:56.0924 0x18dc [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:31:57.0055 0x18dc napagent - ok
20:31:58.0170 0x18dc [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:58.0318 0x18dc NativeWifiP - ok
20:31:58.0465 0x18dc [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:59.0534 0x18dc NDIS - ok
20:31:59.0603 0x18dc [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:59.0719 0x18dc NdisTapi - ok
20:31:59.0786 0x18dc [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:59.0894 0x18dc Ndisuio - ok
20:31:59.0985 0x18dc [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:32:00.0120 0x18dc NdisWan - ok
20:32:00.0147 0x18dc [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:32:00.0271 0x18dc NDProxy - ok
20:32:00.0330 0x18dc [ 1352E1648213551923A0A822E441553C, F9BCA299249D8E1ADF88F54554F72428E267E39911143F4C99DFF562F0EE4E70 ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
20:32:00.0462 0x18dc Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
20:32:00.0817 0x18dc Detect skipped due to KSN trusted
20:32:00.0817 0x18dc Netaapl - ok
20:32:00.0871 0x18dc [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:32:00.0987 0x18dc NetBIOS - ok
20:32:01.0062 0x18dc [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:32:01.0187 0x18dc netbt - ok
20:32:01.0215 0x18dc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:32:01.0544 0x18dc Netlogon - ok
20:32:01.0783 0x18dc [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:32:02.0145 0x18dc Netman - ok
20:32:02.0266 0x18dc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:32:02.0416 0x18dc NetMsmqActivator - ok
20:32:02.0482 0x18dc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:32:02.0611 0x18dc NetPipeActivator - ok
20:32:02.0722 0x18dc [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:32:03.0151 0x18dc netprofm - ok
20:32:03.0183 0x18dc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:32:03.0409 0x18dc NetTcpActivator - ok
20:32:03.0428 0x18dc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:32:03.0484 0x18dc NetTcpPortSharing - ok
20:32:03.0863 0x18dc [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
20:32:07.0741 0x18dc NETw5v32 - ok
20:32:07.0842 0x18dc [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:32:07.0940 0x18dc nfrd960 - ok
20:32:07.0997 0x18dc [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
20:32:08.0132 0x18dc NlaSvc - ok
20:32:08.0166 0x18dc [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:32:08.0299 0x18dc Npfs - ok
20:32:08.0350 0x18dc [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:32:08.0534 0x18dc nsi - ok
20:32:08.0583 0x18dc [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:32:08.0710 0x18dc nsiproxy - ok
20:32:08.0935 0x18dc [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:32:09.0463 0x18dc Ntfs - ok
20:32:09.0533 0x18dc [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:32:09.0741 0x18dc ntrigdigi - ok
20:32:09.0780 0x18dc [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:32:10.0264 0x18dc Null - ok
20:32:10.0303 0x18dc [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:32:10.0409 0x18dc nvraid - ok
20:32:10.0494 0x18dc [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:32:10.0719 0x18dc nvstor - ok
20:32:10.0758 0x18dc [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:32:10.0883 0x18dc nv_agp - ok
20:32:10.0900 0x18dc NwlnkFlt - ok
20:32:10.0910 0x18dc NwlnkFwd - ok
20:32:10.0984 0x18dc [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:32:11.0120 0x18dc ohci1394 - ok
20:32:11.0255 0x18dc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:11.0312 0x18dc ose - ok
20:32:11.0425 0x18dc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:32:11.0776 0x18dc p2pimsvc - ok
20:32:11.0824 0x18dc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:32:11.0941 0x18dc p2psvc - ok
20:32:12.0058 0x18dc [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
20:32:12.0691 0x18dc Parport - ok
20:32:12.0766 0x18dc [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:32:12.0855 0x18dc partmgr - ok
20:32:12.0908 0x18dc [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:32:13.0437 0x18dc Parvdm - ok
20:32:13.0522 0x18dc [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:32:13.0698 0x18dc PcaSvc - ok
20:32:13.0741 0x18dc [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:32:13.0869 0x18dc pci - ok
20:32:13.0965 0x18dc [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
20:32:14.0029 0x18dc pciide - ok
20:32:14.0074 0x18dc [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:32:14.0205 0x18dc pcmcia - ok
20:32:14.0398 0x18dc [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:32:15.0472 0x18dc PEAUTH - ok
20:32:15.0818 0x18dc [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:32:16.0685 0x18dc pla - ok
20:32:16.0747 0x18dc [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:32:17.0894 0x18dc PlugPlay - ok
20:32:17.0995 0x18dc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:32:18.0546 0x18dc PNRPAutoReg - ok
20:32:18.0637 0x18dc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:32:19.0373 0x18dc PNRPsvc - ok
20:32:19.0501 0x18dc [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:32:19.0943 0x18dc PolicyAgent - ok
20:32:20.0081 0x18dc postgresql-8.4 - ok
20:32:20.0115 0x18dc [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:32:20.0319 0x18dc PptpMiniport - ok
20:32:20.0388 0x18dc [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
20:32:20.0539 0x18dc Processor - ok
20:32:20.0617 0x18dc [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
20:32:20.0724 0x18dc ProfSvc - ok
20:32:20.0764 0x18dc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:32:20.0858 0x18dc ProtectedStorage - ok
20:32:20.0918 0x18dc [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:32:21.0060 0x18dc PSched - ok
20:32:21.0190 0x18dc [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:32:21.0823 0x18dc ql2300 - ok
20:32:21.0876 0x18dc [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:32:21.0957 0x18dc ql40xx - ok
20:32:22.0055 0x18dc [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:32:22.0244 0x18dc QWAVE - ok
20:32:22.0317 0x18dc [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:32:22.0812 0x18dc QWAVEdrv - ok
20:32:22.0889 0x18dc [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:32:23.0031 0x18dc RasAcd - ok
20:32:23.0136 0x18dc [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:32:23.0294 0x18dc RasAuto - ok
20:32:23.0393 0x18dc [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:23.0554 0x18dc Rasl2tp - ok
20:32:23.0630 0x18dc [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:32:23.0770 0x18dc RasMan - ok
20:32:23.0816 0x18dc [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:23.0940 0x18dc RasPppoe - ok
20:32:24.0021 0x18dc [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:32:24.0091 0x18dc RasSstp - ok
20:32:24.0164 0x18dc [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:32:24.0301 0x18dc rdbss - ok
20:32:24.0418 0x18dc [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:24.0562 0x18dc RDPCDD - ok
20:32:24.0611 0x18dc [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:32:24.0809 0x18dc rdpdr - ok
20:32:24.0827 0x18dc [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:32:24.0972 0x18dc RDPENCDD - ok
20:32:25.0054 0x18dc [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:32:25.0271 0x18dc RDPWD - ok
20:32:25.0335 0x18dc [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:32:25.0641 0x18dc RemoteAccess - ok
20:32:25.0710 0x18dc [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:32:25.0972 0x18dc RemoteRegistry - ok
20:32:26.0024 0x18dc [ 23F486726DA7A9B2F3EC7326421A9C36, D81035B3832FC670F018DA14B3986CB091F158229EE496A7B4BDAC2DB24385C5 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:32:26.0171 0x18dc RFCOMM - ok
20:32:26.0215 0x18dc [ A5B12A4B3B774432DB9B9FA221190E59, 1DAAB43A2429035BAB8403E5D24F50F82BD41B5B478B344C3C58D49F1E15C2AE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:32:26.0357 0x18dc rimmptsk - ok
20:32:26.0385 0x18dc [ C398BCA91216755B098679A8DA8A2300, 1FDDC3D927509AB10C3B0B7900DCE78DEC6B1C3CAE80F78EFCFBB628673B2143 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:32:26.0499 0x18dc rimsptsk - ok
20:32:26.0544 0x18dc [ 2A2554CB24506E0A0508FC395C4A1B42, B989AE65727C971D508E7284707258FCCC9213B510F4C2A257D3069A3DABE20B ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:32:26.0800 0x18dc rismxdp - ok
20:32:26.0854 0x18dc [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:32:26.0950 0x18dc RpcLocator - ok
20:32:27.0076 0x18dc [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:32:27.0472 0x18dc RpcSs - ok
20:32:27.0552 0x18dc [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:32:27.0708 0x18dc rspndr - ok
20:32:27.0777 0x18dc RTHDMIAzAudService - ok
20:32:27.0854 0x18dc [ 174B9514CD1A0C33CE4BBC02A3C81A62, 443AA7D9FFFFC207C62E2596246661C951977CB9B6A6E2F6552536A17C5504CD ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:32:27.0920 0x18dc RTL8169 - detected UnsignedFile.Multi.Generic ( 1 )
20:32:28.0450 0x18dc Detect skipped due to KSN trusted
20:32:28.0450 0x18dc RTL8169 - ok
20:32:28.0512 0x18dc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
20:32:28.0612 0x18dc SamSs - ok
20:32:28.0663 0x18dc [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:32:28.0740 0x18dc sbp2port - ok
20:32:28.0821 0x18dc [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:32:29.0395 0x18dc SCardSvr - ok
20:32:29.0504 0x18dc [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
20:32:29.0788 0x18dc Schedule - ok
20:32:29.0837 0x18dc [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
20:32:29.0896 0x18dc SCPolicySvc - ok
20:32:30.0002 0x18dc [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:32:30.0177 0x18dc sdbus - ok
20:32:30.0235 0x18dc [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:32:30.0448 0x18dc SDRSVC - ok
20:32:30.0494 0x18dc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:32:31.0286 0x18dc secdrv - ok
20:32:31.0325 0x18dc [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
20:32:31.0496 0x18dc seclogon - ok
20:32:31.0540 0x18dc [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
20:32:31.0955 0x18dc SENS - ok
20:32:32.0013 0x18dc [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:32:32.0234 0x18dc Serenum - ok
20:32:32.0310 0x18dc [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
20:32:32.0489 0x18dc Serial - ok
20:32:32.0551 0x18dc [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:32:32.0734 0x18dc sermouse - ok
20:32:32.0824 0x18dc [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
20:32:32.0969 0x18dc SessionEnv - ok
20:32:33.0001 0x18dc [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:32:33.0128 0x18dc sffdisk - ok
20:32:33.0166 0x18dc [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:32:33.0291 0x18dc sffp_mmc - ok
20:32:33.0352 0x18dc [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:32:33.0752 0x18dc sffp_sd - ok
20:32:33.0778 0x18dc [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:32:34.0099 0x18dc sfloppy - ok
20:32:34.0195 0x18dc [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:32:34.0390 0x18dc SharedAccess - ok
20:32:34.0466 0x18dc [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:32:34.0683 0x18dc ShellHWDetection - ok
20:32:34.0761 0x18dc [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:32:34.0849 0x18dc sisagp - ok
20:32:34.0884 0x18dc [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:32:34.0972 0x18dc SiSRaid2 - ok
20:32:35.0032 0x18dc [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:32:35.0147 0x18dc SiSRaid4 - ok
20:32:35.0256 0x18dc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:32:36.0069 0x18dc SkypeUpdate - ok
20:32:36.0930 0x18dc [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
20:32:38.0556 0x18dc slsvc - ok
20:32:38.0685 0x18dc [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:32:38.0797 0x18dc SLUINotify - ok
20:32:38.0849 0x18dc [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:32:38.0993 0x18dc Smb - ok
20:32:39.0087 0x18dc [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:32:39.0171 0x18dc SNMPTRAP - ok
20:32:39.0414 0x18dc [ 85DA7B2A2F248C8C69D7D0A526342683, AA18534D6902C7CF79193FD76AF0E12FB531E052D0C47F40F9D5EF04F8A4CC52 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:32:40.0334 0x18dc SNP2UVC - ok
20:32:40.0411 0x18dc [ 3FA2E254BFBCE52B3C6F1BF23AAB6911, 1E94D4E6D903E98F60C240DC841DCACE5F9E8BBB0802E6648A49AB80C23318CB ] speedfan C:\Windows\system32\speedfan.sys
20:32:40.0477 0x18dc speedfan - ok
20:32:40.0529 0x18dc [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
20:32:40.0614 0x18dc spldr - ok
20:32:40.0744 0x18dc [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
20:32:40.0942 0x18dc Spooler - ok
20:32:41.0400 0x18dc [ E8B705F9ABE446AAF7A315EF8B4AEA5A, E65C42B0704135D2024B8E9509C96C4CB8450D5C342B5192C65C218756B63AF2 ] sptd C:\Windows\System32\Drivers\sptd.sys
20:32:43.0812 0x18dc sptd - ok
20:32:43.0885 0x18dc [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
20:32:44.0150 0x18dc srv - ok
20:32:44.0240 0x18dc [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:32:44.0582 0x18dc srv2 - ok
20:32:44.0653 0x18dc [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:32:44.0794 0x18dc srvnet - ok
20:32:44.0868 0x18dc [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:32:45.0266 0x18dc SSDPSRV - ok
20:32:45.0335 0x18dc [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:32:45.0386 0x18dc ssmdrv - ok
20:32:45.0510 0x18dc [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:32:45.0568 0x18dc SstpSvc - ok
20:32:45.0670 0x18dc [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
20:32:46.0507 0x18dc stisvc - ok
20:32:46.0570 0x18dc [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:32:46.0660 0x18dc swenum - ok
20:32:46.0816 0x18dc [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
20:32:46.0981 0x18dc swprv - ok
20:32:47.0035 0x18dc [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:32:47.0110 0x18dc Symc8xx - ok
20:32:47.0134 0x18dc [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:32:47.0198 0x18dc Sym_hi - ok
20:32:47.0218 0x18dc [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:32:47.0277 0x18dc Sym_u3 - ok
20:32:47.0355 0x18dc [ 55F6E55CC2430CA8713387106FA79817, 721C86B806AEFBD4D7B368AE6E7A689A0F4B3B378B701D29D3DFE459066188F3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:32:47.0461 0x18dc SynTP - ok
20:32:47.0623 0x18dc [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
20:32:48.0550 0x18dc SysMain - ok
20:32:48.0635 0x18dc [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:32:48.0826 0x18dc TabletInputService - ok
20:32:48.0891 0x18dc [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:32:49.0101 0x18dc TapiSrv - ok
20:32:49.0144 0x18dc [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
20:32:49.0572 0x18dc TBS - ok
20:32:49.0723 0x18dc [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:32:50.0344 0x18dc Tcpip - ok
20:32:50.0459 0x18dc [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:32:50.0723 0x18dc Tcpip6 - ok
20:32:50.0809 0x18dc [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:32:51.0027 0x18dc tcpipreg - ok
20:32:51.0078 0x18dc [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:32:51.0190 0x18dc TDPIPE - ok
20:32:51.0219 0x18dc [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:32:51.0343 0x18dc TDTCP - ok
20:32:51.0389 0x18dc [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:32:51.0507 0x18dc tdx - ok
20:32:52.0201 0x18dc [ F67C21CC4195F6AFC447418FE163E156, 01D245952C1AF2B365DBA6C36AFE0FFB2332480B6A1D7D4B43A0DE4FB7535B0B ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
20:32:55.0418 0x18dc TeamViewer8 - ok
20:32:55.0626 0x18dc [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:32:55.0712 0x18dc TermDD - ok
20:32:55.0759 0x18dc [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
20:32:56.0052 0x18dc TermService - ok
20:32:56.0119 0x18dc [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
20:32:56.0426 0x18dc Themes - ok
20:32:56.0481 0x18dc [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
20:32:56.0606 0x18dc THREADORDER - ok
20:32:56.0653 0x18dc [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
20:32:56.0798 0x18dc TrkWks - ok
20:32:56.0869 0x18dc [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:32:56.0975 0x18dc TrustedInstaller - ok
20:32:57.0020 0x18dc [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:57.0173 0x18dc tssecsrv - ok
20:32:57.0225 0x18dc [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:32:57.0309 0x18dc tunmp - ok
20:32:57.0377 0x18dc [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:32:57.0536 0x18dc tunnel - ok
20:32:57.0562 0x18dc [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:32:57.0711 0x18dc uagp35 - ok
20:32:57.0832 0x18dc [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:32:57.0961 0x18dc udfs - ok
20:32:58.0007 0x18dc [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:32:58.0147 0x18dc UI0Detect - ok
20:32:58.0242 0x18dc [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:32:58.0327 0x18dc uliagpkx - ok
20:32:58.0370 0x18dc [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:32:58.0569 0x18dc uliahci - ok
20:32:58.0614 0x18dc [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:32:58.0700 0x18dc UlSata - ok
20:32:58.0731 0x18dc [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:32:58.0789 0x18dc ulsata2 - ok
20:32:58.0822 0x18dc [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:32:58.0944 0x18dc umbus - ok
20:32:58.0989 0x18dc [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
20:32:59.0105 0x18dc upnphost - ok
20:32:59.0180 0x18dc [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:32:59.0281 0x18dc USBAAPL - ok
20:32:59.0422 0x18dc [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:59.0521 0x18dc usbccgp - ok
20:32:59.0579 0x18dc [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:32:59.0892 0x18dc usbcir - ok
20:32:59.0986 0x18dc [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:33:00.0059 0x18dc usbehci - ok
20:33:00.0121 0x18dc [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:33:00.0655 0x18dc usbhub - ok
20:33:00.0683 0x18dc [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:33:00.0893 0x18dc usbohci - ok
20:33:00.0936 0x18dc [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:33:01.0035 0x18dc usbprint - ok
20:33:01.0638 0x18dc [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:33:01.0817 0x18dc usbscan - ok
20:33:01.0891 0x18dc [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:02.0040 0x18dc USBSTOR - ok
20:33:02.0206 0x18dc [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:33:02.0279 0x18dc usbuhci - ok
20:33:02.0331 0x18dc [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:33:02.0452 0x18dc usbvideo - ok
20:33:02.0522 0x18dc [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
20:33:02.0662 0x18dc UxSms - ok
20:33:02.0910 0x18dc [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
20:33:03.0060 0x18dc vds - ok
20:33:03.0127 0x18dc [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:03.0269 0x18dc vga - ok
20:33:03.0317 0x18dc [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:33:03.0665 0x18dc VgaSave - ok
20:33:03.0697 0x18dc [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:33:03.0760 0x18dc viaagp - ok
20:33:03.0798 0x18dc [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:33:03.0916 0x18dc ViaC7 - ok
20:33:03.0949 0x18dc [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
20:33:03.0999 0x18dc viaide - ok
20:33:04.0059 0x18dc [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:33:04.0138 0x18dc volmgr - ok
20:33:04.0212 0x18dc [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:33:04.0365 0x18dc volmgrx - ok
20:33:04.0493 0x18dc [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:33:04.0608 0x18dc volsnap - ok
20:33:04.0687 0x18dc [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:33:04.0836 0x18dc vpnagent - ok
20:33:04.0998 0x18dc [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
20:33:05.0069 0x18dc vpnva - ok
20:33:05.0134 0x18dc [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:33:05.0283 0x18dc vsmraid - ok
20:33:05.0432 0x18dc [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
20:33:05.0901 0x18dc VSS - ok
20:33:06.0105 0x18dc [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
20:33:06.0375 0x18dc W32Time - ok
20:33:06.0453 0x18dc [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:33:06.0631 0x18dc WacomPen - ok
20:33:06.0682 0x18dc [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:33:06.0818 0x18dc Wanarp - ok
20:33:06.0829 0x18dc [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:33:06.0904 0x18dc Wanarpv6 - ok
20:33:07.0097 0x18dc [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:33:07.0707 0x18dc wcncsvc - ok
20:33:07.0780 0x18dc [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:33:07.0924 0x18dc WcsPlugInService - ok
20:33:07.0969 0x18dc [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
20:33:08.0098 0x18dc Wd - ok
20:33:08.0167 0x18dc [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:33:08.0386 0x18dc Wdf01000 - ok
20:33:08.0427 0x18dc [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:33:08.0550 0x18dc WdiServiceHost - ok
20:33:08.0568 0x18dc [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:33:08.0652 0x18dc WdiSystemHost - ok
20:33:08.0751 0x18dc [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
20:33:08.0858 0x18dc WebClient - ok
20:33:08.0903 0x18dc [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:33:09.0364 0x18dc Wecsvc - ok
20:33:09.0401 0x18dc [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:33:09.0519 0x18dc wercplsupport - ok
20:33:09.0561 0x18dc [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
20:33:09.0887 0x18dc WerSvc - ok
20:33:10.0200 0x18dc [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4, A6020D41FEA0CC76D0C3CA3A88F3E9493022CD5A549E18B02D69A482B579F339 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:33:10.0382 0x18dc WimFltr - ok
20:33:10.0498 0x18dc [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:33:10.0627 0x18dc WinDefend - ok
20:33:10.0652 0x18dc WinHttpAutoProxySvc - ok
20:33:10.0930 0x18dc [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:33:11.0062 0x18dc Winmgmt - ok
20:33:11.0726 0x18dc [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
20:33:12.0707 0x18dc WinRM - ok
20:33:12.0943 0x18dc [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:33:13.0103 0x18dc Wlansvc - ok
20:33:13.0166 0x18dc [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:33:13.0379 0x18dc WmiAcpi - ok
20:33:13.0468 0x18dc [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:33:13.0596 0x18dc wmiApSrv - ok
20:33:13.0762 0x18dc [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:33:14.0038 0x18dc WMPNetworkSvc - ok
20:33:14.0263 0x18dc [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:33:14.0422 0x18dc WPCSvc - ok
20:33:14.0493 0x18dc [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:33:14.0643 0x18dc WPDBusEnum - ok
20:33:14.0755 0x18dc [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:33:14.0832 0x18dc WpdUsb - ok
20:33:15.0210 0x18dc [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:33:15.0526 0x18dc WPFFontCache_v0400 - ok
20:33:15.0584 0x18dc [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:33:15.0685 0x18dc ws2ifsl - ok
20:33:15.0734 0x18dc [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
20:33:15.0977 0x18dc wscsvc - ok
20:33:16.0091 0x18dc WSearch - ok
20:33:16.0214 0x18dc [ B7F30C50A2E6E46822CD388608E06BB4, AE591F79643EC39EC39E4BA7B49B134FACA59784AEA285919713BC4FCCEEB825 ] WSVD C:\Windows\system32\drivers\WSVD.sys
20:33:16.0274 0x18dc WSVD - ok
20:33:16.0482 0x18dc [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:33:16.0863 0x18dc wuauserv - ok
20:33:16.0988 0x18dc [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:33:17.0354 0x18dc WudfPf - ok
20:33:17.0420 0x18dc [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:17.0521 0x18dc WUDFRd - ok
20:33:17.0571 0x18dc [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:33:17.0651 0x18dc wudfsvc - ok
20:33:18.0036 0x18dc ================ Scan global ===============================
20:33:18.0099 0x18dc [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:33:18.0224 0x18dc [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:33:18.0358 0x18dc [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:33:18.0435 0x18dc [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:33:18.0474 0x18dc [ Global ] - ok
20:33:18.0487 0x18dc ================ Scan MBR ==================================
20:33:18.0507 0x18dc [ C8C6DC722D4EF7CA320585D4BD90474E ] \Device\Harddisk0\DR0
20:33:30.0092 0x18dc \Device\Harddisk0\DR0 - ok
20:33:30.0092 0x18dc ================ Scan VBR ==================================
20:33:30.0106 0x18dc [ D4F6B010054C7A9EE12F75E2AA8A3F8C ] \Device\Harddisk0\DR0\Partition1
20:33:30.0173 0x18dc \Device\Harddisk0\DR0\Partition1 - ok
20:33:30.0209 0x18dc [ FBEFB69C60698B790031E21703C6B7F4 ] \Device\Harddisk0\DR0\Partition2
20:33:30.0219 0x18dc \Device\Harddisk0\DR0\Partition2 - ok
20:33:30.0220 0x18dc ================ Scan generic autorun ======================
20:33:30.0331 0x18dc [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
20:33:31.0282 0x18dc Windows Defender - ok
20:33:31.0884 0x18dc [ 98888488D0E6DB0256E5E661BCD35EB6, A1FE5D097A131998A617E5C4DD9F55DCDAAD75A1D7CEA584CA4FE64E543A28CE ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:33:32.0261 0x18dc SynTPEnh - ok
20:33:32.0476 0x18dc [ C19FC4951E15BE086F44CA7F7DAF7BC1, BC1E6AF18A853D53163C42DAFD28D4BD2DBCE6081BA815D3462F73A8B6CEEB98 ] C:\Program Files\ATK Hotkey\HcontrolUser.exe
20:33:32.0505 0x18dc HControlUser - detected UnsignedFile.Multi.Generic ( 1 )
20:33:32.0912 0x18dc Detect skipped due to KSN trusted
20:33:32.0912 0x18dc HControlUser - ok
20:33:33.0533 0x18dc [ FF0D8D7048E10AF808F047D6E03B6EBB, E3349712C515D1167FDAFD853D277BE9939273A19B2F7312CD679E03CE01475F ] C:\Program Files\LG Software\LG OSD\HotKey.exe
20:33:33.0986 0x18dc KeybdUtility - detected UnsignedFile.Multi.Generic ( 1 )
20:33:34.0281 0x18dc Detect skipped due to KSN trusted
20:33:34.0281 0x18dc KeybdUtility - ok
20:33:34.0358 0x18dc [ D3804513FC9C11A4637392B4F0F43BC5, E23781CB1AA86EC8D761A456B1D249EB8076331B11013077A194BB567567204B ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
20:33:34.0415 0x18dc IAAnotif - ok
20:33:34.0417 0x18dc snp2uvc - ok
20:33:34.0643 0x18dc [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:33:34.0861 0x18dc Adobe ARM - ok
20:33:34.0906 0x18dc [ 6080A176D09435FC8E6E800996656E18, 2E661732F83521AB1E33749DE7E1478A05BC182B14F101531E908B1B555ACA18 ] C:\Windows\system32\conime.exe
20:33:35.0009 0x18dc Conime - ok
20:33:35.0071 0x18dc [ F682001291679FA07B1B25A66B049B07, 6146A5208A625C796BEFB1FED8396D7F8ADA6AD657A4900C91C314B5F45A9947 ] C:\Windows\system32\igfxtray.exe
20:33:35.0150 0x18dc IgfxTray - ok
20:33:35.0184 0x18dc [ B3BAA381D64ACCFE196228F7D14D6769, 7E996564E483649CA5B9C95F041F24287B555C9962E285D0543073C4669425FF ] C:\Windows\system32\hkcmd.exe
20:33:35.0255 0x18dc HotKeysCmds - ok
20:33:35.0334 0x18dc [ 95CDBB7307100BCB5ACACCB8918C7977, C98FD3A9C628E73773DBC392108967A12A77CC9D304B8A79964D1C021A4260A6 ] C:\Windows\system32\igfxpers.exe
20:33:35.0513 0x18dc Persistence - ok
20:33:35.0893 0x18dc [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:33:36.0121 0x18dc avgnt - ok
20:33:36.0280 0x18dc [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
20:33:36.0326 0x18dc SunJavaUpdateSched - ok
20:33:36.0853 0x18dc [ BB3B08157FA22769B7ED9D2C44081D5A, 0653EA6D992A9FA09BB1756F6671C8FD9D518C60471B0F6420A7FC1DA2D3B6FA ] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
20:33:37.0626 0x18dc EKIJ5000StatusMonitor - ok
20:33:37.0750 0x18dc [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files\PDF24\pdf24.exe
20:33:37.0815 0x18dc PDFPrint - ok
20:33:38.0046 0x18dc [ 7632A6EA63FEEBC2798D3852CE754972, 291409858E75B7E84397EED3270E737958255E7F733A3B2FE7BD282A2604B247 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
20:33:38.0091 0x18dc Avira Systray - ok
20:33:38.0340 0x18dc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:38.0737 0x18dc Sidebar - ok
20:33:38.0763 0x18dc WindowsWelcomeCenter - ok
20:33:38.0945 0x18dc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:39.0164 0x18dc Sidebar - ok
20:33:39.0179 0x18dc WindowsWelcomeCenter - ok
20:33:39.0223 0x18dc [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
20:33:39.0279 0x18dc WMPNSCFG - ok
20:33:39.0442 0x18dc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:39.0619 0x18dc Sidebar - ok
20:33:39.0633 0x18dc WindowsWelcomeCenter - ok
20:33:39.0796 0x18dc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:40.0011 0x18dc Sidebar - ok
20:33:40.0029 0x18dc WindowsWelcomeCenter - ok
20:33:40.0092 0x18dc [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
20:33:40.0143 0x18dc WMPNSCFG - ok
20:33:40.0145 0x18dc Waiting for KSN requests completion. In queue: 19
20:33:41.0284 0x18dc AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
20:33:41.0413 0x18dc Win FW state via NFP2: enabled
20:33:41.0580 0x18dc ============================================================
20:33:41.0580 0x18dc Scan finished
20:33:41.0581 0x18dc ============================================================
20:33:41.0620 0x13b8 Detected object count: 0
20:33:41.0620 0x13b8 Actual detected object count: 0
|
|
16.10.2014, 16:09
| #4 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in Firefox Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.10.2014, 08:55
| #5 |
| | Videos ruckeln besonders in Firefox Hallo schrauber, hier die geforderten Dinge. mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.10.2014 Suchlauf-Zeit: 20:44:34 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.16.05 Rootkit Datenbank: v2014.10.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Phillip Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 366319 Verstrichene Zeit: 35 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-2386538302-2959011679-2223950070-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [fd688a8bd2aa8da9643e42fd27dc5fa1], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 17/10/2014 um 09:07:17
# DB v2014-10-16.8
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Phillip - 11RP11
# Gestartet von : C:\Users\Phillip\Downloads\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Phillip\AppData\Roaming\pdfforge
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16575
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [1513 octets] - [17/10/2014 08:52:18]
AdwCleaner[S0].txt - [1426 octets] - [17/10/2014 09:07:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1486 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Phillip on 17.10.2014 at 9:29:57,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Phillip\AppData\Roaming\mozilla\firefox\profiles\q1t70ujh.default\minidumps [870 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.10.2014 at 9:41:38,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86)
Version: 16-10-2014
Ran by Phillip (administrator) on 11RP11 on 17-10-2014
09:42:45
Running from C:\Users\Phillip\Downloads
Loaded Profiles: Phillip & postgres (Available profiles:
Phillip & postgres)
Platform: Microsoft® Windows Vista™ Home Premium Service
Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial
-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted)
=================
(If an entry is included in the fixlist, the process will
be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco
AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program
Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program
Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile
Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\pg_ctl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8
\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program
Files\PostgreSQL\8.4\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My
Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix
Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program
Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.)
C:\ProgramData\DatacardService\DCSHelper.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
(Synaptics, Inc.) C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
(LG Electronics) C:\Program Files\LG Software\LG
OSD\HotKey.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix
Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\ATK Hotkey\LOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program
Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common
Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My
Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Media
Player\wmpnscfg.exe
(Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Synaptics, Inc.) C:\Program
Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework\v4.0.30319
\WPF\WPFFontCache_v0400.exe
(Thisisu) C:\Users\Phillip\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla
Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla
Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32
\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32
\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
==================== Registry (Whitelisted)
==================
(If an entry is included in the fixlist, the registry item
will be restored to default or removed. The file will not
be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program
Files\Windows Defender\MSASCui.exe [1008184 2008-01-21]
(Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-07]
(Synaptics, Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK
Hotkey\HcontrolUser.exe [98304 2008-07-03] ()
HKLM\...\Run: [KeybdUtility] => C:\Program Files\LG
Software\LG OSD\HotKey.exe [3026944 2008-09-04] (LG
Electronics)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel
Matrix Storage Manager\iaanotif.exe [182808 2008-07-21]
(Intel Corporation)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21]
(Adobe Systems Incorporated)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe
[69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir
Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations
GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program
Files\Common Files\Java\Java Update\jusched.exe [256896
2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My
Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira
Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] =>
rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] =>
rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media
Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft
Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963}
- F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000
\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb}
- E:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\Run: [WindowsWelcomeCenter] => rundll32.exe
oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media
Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft
Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963}
- F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1}
- G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007
\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb}
- E:\SETUP.EXE /AUTORUN
==================== Internet (Whitelisted)
====================
(If an item is included in the fixlist, if it is a
registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= hxxp://www.lge.com
HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://www.lge.com
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://www.lge.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-
B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7
\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b
-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7
\bin\jp2ssv.dll (Oracle Corporation)
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2}
file:///F:/viewer/ORDcmViewCD.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\Program Files\Common
Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll
[121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath:
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default
FF NetworkProxy: "http", "195.142.122.62"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32
\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer ->
C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll
(Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program
Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 ->
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
(Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 ->
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle
Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program
Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll (
Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 ->
C:\Program Files\Microsoft\Office Live\npOLW.dll
(Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 ->
C:\Windows\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 ->
C:\Program Files\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 ->
C:\Program Files\Google\Update\1.3.24.15
\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader
10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 ->
C:\PROGRA~1\MOZILL~1\plugins\NpFv530.dll (1 mal 1 Software
GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla
firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata:
C:\Users\Phillip\AppData\Roaming\mozilla\plugins\NpFv530.d
ll (1 mal 1 Software GmbH)
FF SearchPlugin:
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\searchplugins\google-images.xml
FF SearchPlugin:
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla
firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: DownloadHelper -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-
b86292ed211d} [2014-09-06]
FF Extension: Proxy-Listen.de - Proxyswitcher -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\admin@proxy-listen.de.xpi
[2013-10-04]
FF Extension: Hide My Ass Proxy Extension -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\extension@hidemyass.com.xpi
[2013-07-29]
FF Extension: Updated Ad Blocker for Firefox 11+ -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\{4DC70064-89E2-4a55-8FC6-
E8CDEAE3618C}.xpi [2013-06-11]
FF Extension: LeechBlock -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\{a95d8332-e4b4-6e7f-98ac-
20b733364387}.xpi [2014-05-28]
FF Extension: Adblock Plus -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-
2b9879e08c5d}.xpi [2012-08-21]
FF Extension: DownThemAll! -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\Extensions\{DDC359D1-844A-42a7-9AA1-
88A850A938A8}.xpi [2013-11-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3
-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5
\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\DotNetAssistantExtension [2012-08
-22]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] -
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\
q1t70ujh.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile:
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default
CHR Extension: (Google Docs) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
[2014-08-14]
CHR Extension: (Google Drive) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
[2014-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
[2014-09-09]
CHR Extension: (YouTube) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
[2014-08-14]
CHR Extension: (Google-Suche) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
[2014-08-14]
CHR Extension: (Avira Browser Safety) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
[2014-08-14]
CHR Extension: (AdBlock) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
[2014-09-09]
CHR Extension: (Google Wallet) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
[2014-02-25]
CHR Extension: (Google Mail) -
C:\Users\Phillip\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
[2014-08-14]
========================== Services (Whitelisted)
=================
(If an entry is included in the fixlist, the service will
be removed from the registry. The file will not be moved
unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir
Desktop\sched.exe [431920 2014-10-14] (Avira Operations
GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir
Desktop\avguard.exe [431920 2014-10-14] (Avira Operations
GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir
Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations
GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe
[94208 2007-10-03] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My
Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira
Operations GmbH & Co. KG)
R2 DCService.exe;
C:\ProgramData\DatacardService\DCService.exe [229376 2010
-05-08] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect
Secure Mobility Client\vpnagent.exe [479224 2012-12-10]
(Cisco Systems, Inc.)
R2 postgresql-8.4; C:/Program
Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N
"postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data"
-w [X]
==================== Drivers (Whitelisted)
====================
(If an entry is included in the fixlist, the service will
be removed from the registry. The file will not be moved
unless listed separately.)
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888
2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320
2012-12-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys
[98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216
2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352
2013-11-26] (Avira Operations GmbH & Co. KG)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-
03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS
[22688 2014-08-12] (REALiX(tm))
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784
2007-12-19] (ITE Tech. Inc. )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680
2006-12-15] (ATK0100)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432
2012-03-26] (Apple Inc.) [File not signed]
S3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [124928
2008-08-07] (Realtek Corporation
) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys
[1807744 2008-04-02] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011
-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [646392
2012-08-27] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520
2013-08-05] (Avira GmbH)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008
-03-26] (CyberLink)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIV.sys [X]
==================== NetSvcs (Whitelisted)
===================
(If an item is included in the fixlist, it will be removed
from the registry. Any associated file could be listed
separately to be moved.)
==================== One Month Created Files and Folders
========
(If an entry is included in the fixlist, the file\folder
will be moved.)
2014-10-17 09:42 - 2014-10-17 09:42 - 00000000 ____D ()
C:\Users\Phillip\Downloads\FRST-OlderVersion
2014-10-17 09:41 - 2014-10-17 09:42 - 00000771 _____ ()
C:\Users\Phillip\Desktop\JRT.txt
2014-10-17 09:29 - 2014-10-17 09:29 - 00000000 ____D ()
C:\Windows\ERUNT
2014-10-17 09:28 - 2014-10-17 09:28 - 01705698 _____
(Thisisu) C:\Users\Phillip\Downloads\JRT.exe
2014-10-17 09:27 - 2014-10-17 09:27 - 00001566 _____ ()
C:\Users\Phillip\Desktop\AdwCleaner[S0].txt
2014-10-17 09:01 - 2014-09-05 01:27 - 00143360 _____
(Microsoft Corporation) C:\Windows\system32
\Drivers\fastfat.sys
2014-10-17 08:54 - 2014-09-16 18:56 - 00066560 _____
(Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 08:52 - 2014-10-17 09:07 - 00000000 ____D ()
C:\AdwCleaner
2014-10-16 21:33 - 2014-10-16 21:50 - 00001389 _____ ()
C:\Users\Phillip\Desktop\mbam.txt
2014-10-16 20:39 - 2014-10-17 09:23 - 00001032 _____ ()
C:\Windows\PFRO.log
2014-10-16 20:31 - 2014-10-16 21:49 - 00114904 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\MBAMSwissArmy.sys
2014-10-16 20:30 - 2014-10-16 20:30 - 00000899 _____ ()
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-16 20:30 - 2014-10-16 20:30 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\ Malwarebytes Anti-Malware
2014-10-16 20:30 - 2014-10-16 20:30 - 00000000 ____D ()
C:\ProgramData\Malwarebytes
2014-10-16 20:30 - 2014-10-16 20:30 - 00000000 ____D ()
C:\Program Files\ Malwarebytes Anti-Malware
2014-10-16 20:30 - 2014-10-01 11:11 - 00075480 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbamchameleon.sys
2014-10-16 20:30 - 2014-10-01 11:11 - 00051928 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mwac.sys
2014-10-16 20:30 - 2014-10-01 11:11 - 00023256 _____
(Malwarebytes Corporation) C:\Windows\system32
\Drivers\mbam.sys
2014-10-16 20:28 - 2014-10-16 20:29 - 01976320 _____ ()
C:\Users\Phillip\Downloads\AdwCleaner_4.000.exe
2014-10-16 20:27 - 2014-10-16 20:27 - 19828376 _____
(Malwarebytes Corporation )
C:\Users\Phillip\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 22:17 - 2014-10-15 22:17 - 99921584 _____ ()
C:\Users\Phillip\Downloads\8223_Hm2AutoUpdate.exe
2014-10-15 20:26 - 2014-10-15 20:27 - 04181856 _____
(Kaspersky Lab ZAO)
C:\Users\Phillip\Desktop\tdsskiller.exe
2014-10-15 20:19 - 2014-10-15 20:19 - 00000000 ____D ()
C:\Users\Phillip\AppData\Local\AuxClient
2014-10-15 18:43 - 2014-10-15 18:43 - 00005970 _____ ()
C:\Users\Phillip\Desktop\GMER.log
2014-10-15 18:06 - 2014-10-15 18:06 - 00380416 _____ ()
C:\Users\Phillip\Downloads\bgxczuhg.exe
2014-10-15 17:54 - 2014-10-15 17:59 - 00036753 _____ ()
C:\Users\Phillip\Downloads\Addition.txt
2014-10-15 17:49 - 2014-10-17 09:43 - 00000000 ____D ()
C:\FRST
2014-10-15 17:49 - 2014-10-17 09:42 - 00018062 _____ ()
C:\Users\Phillip\Downloads\FRST.txt
2014-10-15 17:48 - 2014-10-15 17:48 - 01054912 _____
(Adobe)
C:\Users\Phillip\Downloads\install_flashplayer15x32au_mssd
_aaa_aih.exe
2014-10-15 17:42 - 2014-10-15 17:42 - 00380416 _____ ()
C:\Users\Phillip\Downloads\Gmer-19357.exe
2014-10-15 17:41 - 2014-10-17 09:42 - 01102848 _____
(Farbar) C:\Users\Phillip\Downloads\FRST.exe
2014-10-15 17:41 - 2014-10-15 17:42 - 00000636 _____ ()
C:\Users\Phillip\Downloads\defogger_disable.log
2014-10-15 17:41 - 2014-10-15 17:42 - 00000020 _____ ()
C:\Users\Phillip\defogger_reenable
2014-10-15 15:06 - 2014-10-15 15:12 - 00050477 _____ ()
C:\Users\Phillip\Downloads\Defogger.exe
2014-10-15 14:50 - 2014-10-15 14:50 - 00000000 ____D ()
C:\Program Files\Mozilla Firefox
2014-10-13 16:48 - 2014-10-13 16:48 - 00001002 _____ ()
C:\Users\Public\Desktop\Avira.lnk
2014-09-30 10:46 - 2014-09-30 10:46 - 00000000 ____D ()
C:\Users\Phillip\AppData\Local\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D ()
C:\Program Files\PDF24
2014-09-30 10:42 - 2011-05-13 12:16 - 00493056 _____ (
datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-30 10:42 - 2011-03-25 20:42 - 00338432 _____ ()
C:\Windows\system32\sqlite36_engine.dll
2014-09-30 10:41 - 2014-09-30 10:41 - 01101648 _____ ()
C:\Users\Phillip\Downloads\PDF24 Creator - CHIP-
Installer.exe
2014-09-30 10:39 - 2014-09-30 10:39 - 00000000 ____D ()
C:\Users\Phillip\.pdfsam
2014-09-26 08:25 - 2014-09-09 08:24 - 00002048 _____
(Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:07 - 2014-09-23 18:43 - 176351867 _____ ()
C:\Users\Phillip\Downloads\Rulez.NOF.21st.Sept.2014.HDTV
Ptt (1).mp4
2014-09-20 12:59 - 2014-09-20 12:59 - 06958304 _____
(Microsoft Corporation)
C:\Users\Phillip\Downloads\Silverlight.exe
==================== One Month Modified Files and Folders
=======
(If an entry is included in the fixlist, the file\folder
will be moved.)
2014-10-17 09:44 - 2012-08-22 20:15 - 00000884 _____ ()
C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 09:33 - 2008-12-10 23:49 - 01751569 _____ ()
C:\Windows\WindowsUpdate.log
2014-10-17 09:26 - 2014-02-25 11:05 - 00001096 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 09:24 - 2006-11-02 14:47 - 00003216 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 09:24 - 2006-11-02 14:47 - 00003216 ____H ()
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 09:23 - 2014-02-25 11:05 - 00001100 _____ ()
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 09:23 - 2006-11-02 15:01 - 00000006 ____H ()
C:\Windows\Tasks\SA.DAT
2014-10-17 09:19 - 2008-10-08 20:25 - 00000012 _____ ()
C:\Windows\bthservsdp.dat
2014-10-17 09:19 - 2006-11-02 15:01 - 00032514 _____ ()
C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-17 09:18 - 2013-08-15 10:06 - 00000000 ____D ()
C:\Windows\system32\MRT
2014-10-17 09:18 - 2006-11-02 13:18 - 00000000 ____D ()
C:\Windows\Microsoft.NET
2014-10-17 09:01 - 2006-11-02 12:24 - 100290944 _____
(Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-15 23:29 - 2012-08-23 11:33 - 00000000 ____D ()
C:\Users\Phillip\AppData\Roaming\HoldemManager
2014-10-15 22:37 - 2012-08-22 20:52 - 00000000 ____D ()
C:\Users\Phillip\AppData\Local\PokerStars.EU
2014-10-15 22:27 - 2012-11-06 10:57 - 00000000 ____D ()
C:\Program Files\Kodak
2014-10-15 22:27 - 2012-10-16 10:05 - 00000000 ____D ()
C:\ProgramData\Kodak
2014-10-15 22:27 - 2012-10-16 10:01 - 00000000 ____D ()
C:\Windows\system32\kodak
2014-10-15 22:27 - 2006-11-02 14:37 - 00000000 ____D ()
C:\Windows\twain_32
2014-10-15 22:26 - 2012-11-06 11:04 - 00000000 ____D ()
C:\Users\Phillip\AppData\Local\Eastman_Kodak_Company
2014-10-15 22:19 - 2013-10-11 17:14 - 00000885 _____ ()
C:\Users\Public\Desktop\HoldemManager2.lnk
2014-10-15 22:19 - 2013-05-10 08:13 - 00000000 ____D ()
C:\Program Files\Holdem Manager 2
2014-10-15 20:33 - 2013-02-18 16:16 - 00000000 ____D ()
C:\Program Files\Full Tilt Poker.Eu
2014-10-15 17:44 - 2012-08-21 23:02 - 00000000 ____D ()
C:\Program Files\Mozilla Maintenance Service
2014-10-15 17:41 - 2009-03-06 20:15 - 00000000 ____D ()
C:\Users\Phillip
2014-10-14 16:02 - 2013-08-05 23:39 - 00136216 _____
(Avira Operations GmbH & Co. KG) C:\Windows\system32
\Drivers\avipbb.sys
2014-10-14 16:01 - 2013-08-05 23:39 - 00098160 _____
(Avira Operations GmbH & Co. KG) C:\Windows\system32
\Drivers\avgntflt.sys
2014-10-13 18:25 - 2012-08-23 15:00 - 00001786 ____H ()
C:\Users\Phillip\Documents\Default.rdp
2014-10-13 16:48 - 2014-08-08 10:34 - 00000000 ____D ()
C:\ProgramData\Package Cache
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D ()
C:\Program Files\Avira
2014-09-26 08:45 - 2006-11-02 13:18 - 00000000 ____D ()
C:\Windows\rescache
2014-09-26 08:29 - 2006-11-02 13:18 - 00000000 ____D ()
C:\Windows\system32\de-DE
2014-09-23 22:24 - 2012-10-15 19:34 - 00000000 ____D ()
C:\Users\Phillip\WWE
2014-09-23 21:44 - 2012-08-22 20:15 - 00701104 _____
(Adobe Systems Incorporated) C:\Windows\system32
\FlashPlayerApp.exe
2014-09-23 21:44 - 2012-08-22 20:15 - 00071344 _____
(Adobe Systems Incorporated) C:\Windows\system32
\FlashPlayerCPLApp.cpl
2014-09-19 10:49 - 2012-08-23 16:45 - 00002425 _____ ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
Reader X.lnk
2014-09-18 11:16 - 2013-02-20 21:02 - 00000000 ____D ()
C:\Users\Phillip\Documents\Nathi
Some content of TEMP:
====================
C:\Users\Phillip\AppData\Local\Temp\avgnt.exe
C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe
C:\Users\Phillip\AppData\Local\Temp\sqlite3.dll
C:\Users\Phillip\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check
=================
(There is no automatic fix for files that do not pass
verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally
signed
C:\Windows\system32\wininit.exe => File is digitally
signed
C:\Windows\system32\svchost.exe => File is digitally
signed
C:\Windows\system32\services.exe => File is digitally
signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally
signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is
digitally signed
LastRegBack: 2014-10-17 09:30
==================== End Of Log
============================
|
|
17.10.2014, 21:47
| #6 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in FirefoxESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Videos ruckeln besonders in Firefox |
|
22.10.2014, 19:13
| #7 | |
| | Videos ruckeln besonders in FirefoxZitat:
eine kurze Rückmeldung: Ich habe jetzt vier- bis fünfmal versucht, ESET über den Laptop laufen zu lassen. Allerdings bin ich dabei nie bis zum Ende gekommen, da der PC sich nach etwa acht Stunden festfährt. Dabei lässt sich die Maus nicht mehr bewegen, die Zeitangabe in ESET läuft hingegen weiter. |
|
23.10.2014, 11:18
| #8 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in Firefox ESET weglassen, mach dafür nen Vollscan mit deinem AV Programm.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2014, 15:07
| #9 |
| | Videos ruckeln besonders in Firefox Hallo schrauber, leider wurde auch das nach unzähligen Versuchen nichts. Der PC hängt sich nach ein paar Stunden auf. Mittlerweile ist das Problem aber schon so, dass der Laptop bereits nach wenigen Minuten (unterschiedlich, etwa 20 min) nichts mehr tut. Das äußert sich wie folgt: Der Mauszeiger verwandelt sich kurzzeitig in das Wartesymbol (dieser Kreis von Vista) und lässt sich noch bewegen. Wenig später ist er verschwunden und man muss den Standby-Knopf drücken, da nichts mehr geht. Gruß |
|
09.12.2014, 19:07
| #10 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in Firefox ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen). Und Process Explorer vorher öffnen und offen lassen, damit Du siehst was abgeht wenn der Rechner hängt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2014, 19:50
| #11 |
| | Videos ruckeln besonders in Firefox Danke für Deine schnelle Antwort. Der Prozess, der den höchsten Wert bei CPU einnimmt, ist System ilde process. Im Anhang die gesamte Übersicht sowie die Eigenschaften von System ilde process. |
|
10.12.2014, 15:23
| #12 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in Firefox System Idle ist der Leerlauf, der muss so hoch wie möglich sein. Das ist normal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.12.2014, 08:54
| #13 |
| | Videos ruckeln besonders in Firefox Ok, danke, das wusste ich nicht. Fällt Dir sonst irgendetwas auf? Firefox ist ansonsten der größte Prozess. |
|
11.12.2014, 22:49
| #14 |
| /// the machine /// TB-Ausbilder | Videos ruckeln besonders in Firefox Schalte mal die Hardwarebeschleunigung ab in Firefox. Wie verhält sich der Rechner jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.12.2014, 16:10
| #15 | |
| | Videos ruckeln besonders in FirefoxZitat:
Durch das Deaktivieren der Hardwarebeschleunigung im Firefox ist das Ruckeln leider nicht behoben. |
|
| Themen zu Videos ruckeln besonders in Firefox |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware, antivir, antivirus, avira, bonjour, branding, browser, converter, cpu, desktop, device driver, dvdvideosoft ltd., firefox, flash player, home, mozilla, mp3, problem, realtek, registry, required, rundll, scan, security, shark, software, svchost.exe, system, windows |
Linear-Darstellung
