Avast findet nichts aber MBMA einen Trojaner

CharlyAnton · 19.11.2014, 13:26

Hallo liebe Gemeinde!

Ich habe hier den Lapi vom Partner meiner Mutter.
Der soll relativ langsam laufen, man kann kaum emails abrufen und
was ich festgestellt habe...
Das Sicherheitscenter ist ausgeschaltet und läßt sich nicht einschalten.
Außerdem gibt es seit Tagen Probleme mit den Windows Updates. Es werden grds. 5 Stück ( Sicherheitsupdates für Microsoft NET Framework 4.5 und 4.5.1 und 4 andere die auch so anfangen) nicht runtergeladen.

Ich hoffe ihr könnt uns da iwie helfen.
Ich poste mal die Logs die wohl benötigt werden.

Wobi ich sagen muß, dass AVAST Free nichts findet, ich MBMA hab laufen laßen und das anzeigte Trojaner.Agent.MSDGen (in Quarantäne verschoben) und FRST mir 4x ne Fehlermeldung wg angeblich keiner Zugriffsberechtigung rausgehauen hat. Beim 5ten Mal hats aber geklappt.

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 19/11/2014 (XXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by XXX(administrator) on XXX-PC on 19-11-2014 12:31:03
Running from C:\Users\XXX\Desktop
Loaded Profile: XXX (Available profiles: XXX)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4718592 2008-01-23] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296 2007-11-21] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-03-10] (Sony Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
SearchScopes: HKLM -> DefaultScope {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM -> {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-11]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [229376 2008-03-10] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-04] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-04] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-04] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-11] ()
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:31 - 2014-11-19 12:31 - 00012797 _____ () C:\Users\XXX\Desktop\FRST.txt
2014-11-19 12:30 - 2014-11-19 12:31 - 00000000 ____D () C:\FRST
2014-11-19 12:28 - 2014-11-19 12:28 - 01108992 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2014-11-19 12:23 - 2014-11-19 12:24 - 00000472 _____ () C:\Users\XXX\Desktop\defogger_disable.log
2014-11-19 12:23 - 2014-11-19 12:23 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-11-19 12:22 - 2014-11-19 12:22 - 00050477 _____ () C:\Users\XXX\Desktop\Defogger.exe
2014-11-19 12:18 - 2014-11-19 12:18 - 00000000 ____D () C:\f51d59639f6019cf70873b34c53d
2014-11-19 12:17 - 2014-11-19 12:18 - 00000000 ____D () C:\943f51668c0a6edb1102cb2000
2014-11-19 12:07 - 2014-11-19 12:07 - 00001349 _____ () C:\Users\XXX\Desktop\mbma19.11..txt
2014-11-19 11:42 - 2014-11-19 11:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 11:41 - 2014-11-19 11:41 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-19 11:41 - 2014-11-19 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-19 11:40 - 2014-11-19 11:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-19 11:40 - 2014-11-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 11:40 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 11:35 - 2014-11-19 11:35 - 01125200 _____ () C:\Program Files\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-19 11:32 - 2014-11-19 11:32 - 00000104 _____ () C:\Users\XXX\Desktop\Papierkorb - Verknüpfung.lnk
2014-11-19 11:31 - 2014-11-19 11:31 - 00000174 _____ () C:\Users\XXX\Desktop\Neue Verknüpfung.lnk
2014-11-18 19:35 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-18 19:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-18 19:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-18 19:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-18 19:34 - 2014-11-18 19:35 - 00004751 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-18 19:31 - 2014-11-18 19:31 - 00000000 ____D () C:\5e2ab1924bd113b85078a9e6f9ac2e
2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\6f1177ac94c4712ea95f7218c214a1b8
2014-11-14 11:52 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 11:52 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 11:49 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 11:49 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 11:48 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 11:47 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 11:46 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 11:37 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 11:52 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 11:52 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 11:52 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 11:52 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 11:52 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 11:52 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 11:52 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 11:52 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 13:27 - 2014-11-11 13:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-23 10:42 - 2014-05-11 17:23 - 27737981 _____ () C:\Users\XXX\Desktop\Bilder XXX - Kopie.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:30 - 2011-11-25 00:15 - 01730389 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 12:23 - 2011-11-25 00:57 - 00000000 ____D () C:\Users\XXX
2014-11-19 12:20 - 2013-12-08 12:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:16 - 2011-11-25 22:16 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-19 12:09 - 2008-01-21 03:47 - 00156400 _____ () C:\Windows\PFRO.log
2014-11-19 12:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 12:08 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-19 11:32 - 2014-03-31 09:49 - 27738189 _____ () C:\Users\XXX\Desktop\Bilder XXX.zip
2014-11-18 19:37 - 2014-05-11 16:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Java
2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-14 13:21 - 2013-04-14 15:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-14 13:21 - 2012-02-23 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-14 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-14 12:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-14 12:22 - 2006-11-02 13:47 - 00389448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-14 11:44 - 2013-08-06 06:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 11:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 13:32 - 2008-01-21 08:16 - 00006804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 22:43 - 2012-05-28 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 12:08 - 2011-11-25 22:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-11-01 18:23 - 2013-04-14 15:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-31 13:02 - 2011-11-26 01:17 - 00002637 _____ () C:\Users\XXX\Desktop\Microsoft Office Word 2003.lnk

Files to move or delete:
====================
C:\Users\Public\jxpiinstall.exe


Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\AskSLib.dll
C:\Users\XXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\XXX\AppData\Local\Temp\installChecker.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\PicasaUpdater_11.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-19 12:23

==================== End Of Log ============================

FRST Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by XXXX at 2014-11-19 12:32:11
Running from C:\Users\XXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Atlantis - Sky Patrol (remove only) (HKLM\...\Atlantis - Sky Patrol) (Version:  - )
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Big Fish Games Center (HKLM\...\Big Fish Games Center) (Version:  - )
Big Fish Games Sudoku (remove only) (HKLM\...\Big Fish Games Sudoku) (Version:  - )
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.1.00.14140 - Sony Corporation)
Click to Disc (Version: 1.1.00.14140 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.1.00 - Sony Corporation)
Click to Disc Editor (Version: 1.1.00 - Sony Corporation) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.5 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4.3 - DivXNetworks, Inc.)
Glary Utilities 2.39.0.1310 (HKLM\...\Glary Utilities_is1) (Version: 2.39.0.1310 - Glarysoft Ltd)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Mahjong Towers Eternity EU (remove only) (HKLM\...\Mahjong Towers Eternity EU) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (8.0) (HKLM\...\Mozilla Thunderbird (8.0)) (Version: 8.0 (de) - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Club VAIO (HKLM\...\VAIO_My Club VAIO) (Version: 2.1 - )
Mystery Case Files - Prime Suspects (remove only) (HKLM\...\Mystery Case Files - Prime Suspects) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenMG Secure Module 5.0.00 (HKLM\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
OpenMG Secure Module 5.0.00 (Version: 5.0.00.11280 - Sony Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5532 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{A33E457B-5369-481F-8B53-71108AE2EB5B}) (Version: 10.1 - Roxio)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.2.00.14220 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.3.00 - Sony Corporation)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.14220 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{CC56A2CB-EC09-4175-B8BD-93E2440D410B}) (Version: 3.0.00.02040 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.0.00.02040 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{FACD3674-FC12-4B6C-A923-E1D687704E9B}) (Version: 3.0.01.03030 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.0.01.03030 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.2.00.12180 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.1.00.14150 - Sony Corporation)
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 3.3.00.11020 - Sony Corporation)
VAIO Guide (HKLM\...\{326DC400-1FC4-4D7D-946D-06D1EAB93200}) (Version: 2.3.00.13140 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.0.00.13040 - Sony Corporation)
Vaio Marketing Tools (HKLM\...\MarketingTools) (Version:  - Sony)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.0.00.15100 - Sony Corporation)
VAIO Media plus (Version: 1.0.00.15100 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.2.00.14130 - Sony Corporation)
VAIO Movie Story (Version: 1.2.00.14130 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.2.00.13220 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.0.00.14180 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.3.00.14230 - Sony Corporation)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.4.00.15100 - Sony Corporation)
VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 1.2.00.15100 - Sony Corporation)
VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.1.1.04090 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.1.00.12140 - Sony Corporation)
Virtual Villagers (remove only) (HKLM\...\Virtual Villagers) (Version:  - )
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.0.0 - Shark007)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.430 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.430 - InterVideo Inc.) Hidden
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{4361F69F-5ADC-4AC0-8039-76055C77B927}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-10-2014 08:21:45 Windows Update
24-10-2014 08:58:29 Windows Update
26-10-2014 11:10:41 Windows Update
27-10-2014 09:21:59 Windows Update
28-10-2014 09:44:30 Windows Update
29-10-2014 12:01:55 Windows Update
30-10-2014 13:54:02 Windows Update
31-10-2014 11:57:04 Windows Update
01-11-2014 11:09:04 Windows Update
02-11-2014 10:46:27 Windows Update
03-11-2014 06:33:07 Windows Update
04-11-2014 09:49:05 Windows Update
05-11-2014 09:11:45 Windows Update
06-11-2014 16:00:29 Windows Update
07-11-2014 14:33:09 Windows Update
08-11-2014 17:10:00 Windows Update
09-11-2014 10:32:13 Windows Update
10-11-2014 10:39:36 Windows Update
11-11-2014 11:59:00 Windows Update
12-11-2014 09:07:11 Windows Update
13-11-2014 09:55:01 Windows Update
14-11-2014 10:35:14 Windows Update
16-11-2014 13:12:52 Windows Update
18-11-2014 09:36:07 Windows Update
18-11-2014 18:27:25 Windows Update
18-11-2014 18:31:17 Windows Update
18-11-2014 18:33:35 Installed Java 7 Update 71
19-11-2014 10:32:07 Windows Update
19-11-2014 11:17:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {209C4AD1-CF9D-4598-8919-F9E700B1DC0A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-11] (AVAST Software)
Task: {803C77F5-734E-4672-B32B-765FE0089ED3} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2007-12-26] (Sony Corporation)
Task: {9477D340-E769-4FE0-A4F3-C8DF15D6C2A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {9BBE851F-1F98-4839-98CA-62CD13E182A5} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2011-11-01] (Glarysoft Ltd)
Task: {B2AD4939-A1AB-4F1D-94A1-C79A5B7BD8CF} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe

==================== Loaded Modules (whitelisted) =============

2014-11-19 11:29 - 2014-11-19 11:29 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111900\algo.dll
2008-03-13 13:12 - 2007-08-14 20:05 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-03-13 13:12 - 2007-08-14 20:05 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2008-02-05 01:08 - 2008-02-05 01:08 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-05-11 15:17 - 2014-05-11 15:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-11 13:27 - 2014-11-11 13:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-487733122-2592141994-505413994-500 - Administrator - Disabled)
XXXX (S-1-5-21-487733122-2592141994-505413994-1003 - Administrator - Enabled) => C:\Users\XXXX
Gast (S-1-5-21-487733122-2592141994-505413994-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.

Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.

Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.

Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.

Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)


System errors:
=============
Error: (11/19/2014 00:28:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201

Error: (11/19/2014 00:19:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202

Error: (11/19/2014 00:18:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203

Error: (11/19/2014 00:18:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972216){B1291F12-3E12-4D9A-AAD8-629BA609C230}202

Error: (11/19/2014 00:18:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5 und 4.5.1 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2894854){B9121108-A3F2-4223-8815-7739358278DA}203

Error: (11/19/2014 00:16:12 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc

Error: (11/19/2014 00:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201

Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202

Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203


Microsoft Office Sessions:
=========================
Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: -1

Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: 

Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: -1

Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: 

Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019


CodeIntegrity Errors:
===================================
  Date: 2014-11-19 12:32:04.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:04.023
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:03.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:03.353
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:02.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:02.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:01.980
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:32:01.637
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 11:48:50.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 11:48:50.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 63%
Total physical RAM: 2037.69 MB
Available physical RAM: 753.35 MB
Total Pagefile: 4314.63 MB
Available Pagefile: 2920.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.87 GB) (Free:164.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: EBF9C4F7)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-19 13:08:09
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\XXX\AppData\Local\Temp\aglorpog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwAddBootEntry [0x8DD33AA0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwAssignProcessToJobObject [0x8DD3457E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateEvent [0x8DD405C8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateEventPair [0x8DD40614]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateIoCompletion [0x8DD407AE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateMutant [0x8DD40536]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwCreateSection [0x8E61A6D2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateSemaphore [0x8DD4057E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateThread [0x8DD34AB4]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateTimer [0x8DD40768]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDebugActiveProcess [0x8DD3536C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDeleteBootEntry [0x8DD33B06]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDuplicateObject [0x8DD38B40]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwLoadDriver [0x8DD336F2]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwMapViewOfSection [0x8E61A7B2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwModifyBootEntry [0x8DD33B6C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwNotifyChangeKey [0x8DD38F36]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwNotifyChangeMultipleKeys [0x8DD35E54]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenEvent [0x8DD405F2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenEventPair [0x8DD40636]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenIoCompletion [0x8DD407D2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenMutant [0x8DD4055C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenProcess [0x8DD3843A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenSection [0x8DD406E6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenSemaphore [0x8DD405A6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenThread [0x8DD38822]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenTimer [0x8DD4078C]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwProtectVirtualMemory [0x8E61A556]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueryObject [0x8DD35CC8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueueApcThread [0x8DD3581E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetBootEntryOrder [0x8DD33BD2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetBootOptions [0x8DD33C38]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwSetContextThread [0x8E61A8AE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetSystemInformation [0x8DD3378C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetSystemPowerState [0x8DD3395E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwShutdownSystem [0x8DD338EC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSuspendProcess [0x8DD35536]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSuspendThread [0x8DD35698]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSystemDebugControl [0x8DD339E6]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwTerminateProcess [0x8E61A624]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwTerminateThread [0x8DD351C6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwVdmControl [0x8DD33C9E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwWriteVirtualMemory [0x8DD345DA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateThreadEx [0x8DD34CD0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 10D                                                                                82EF8758 4 Bytes  [A0, 3A, D3, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                82EF87DC 4 Bytes  [7E, 45, D3, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 1D1                                                                                82EF881C 8 Bytes  [C8, 05, D4, 8D, 14, 06, D4, ...] {ENTER 0xd405, 0x8d; ADC AL, 0x6; AAM 0x8d}
.text           ntkrnlpa.exe!KeSetEvent + 1DD                                                                                82EF8828 4 Bytes  [AE, 07, D4, 8D] {SCASB ; POP ES; AAM 0x8d}
.text           ntkrnlpa.exe!KeSetEvent + 1F5                                                                                82EF8840 4 Bytes  [36, 05, D4, 8D]
.text           ...                                                                                                          
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110                                                                  8308600F 4 Bytes  CALL 8DD36517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121                                                                 83089C83 4 Bytes  CALL 8DD3652D \SystemRoot\system32\drivers\aswSnx.sys
?               System32\drivers\dmhtbbo.sys                                                                                 Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[212] kernel32.dll!GetBinaryTypeW + 70                    7795252F 1 Byte  [62]
.text           c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[332] kernel32.dll!GetBinaryTypeW + 70          7795252F 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70                                          7795252F 1 Byte  [62]
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[656] kernel32.dll!GetBinaryTypeW + 70  7795252F 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[660] kernel32.dll!GetBinaryTypeW + 70                                        7795252F 1 Byte  [62]
.text           ...                                                                                                          
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!SetUnhandledExceptionFilter            7792A9BD 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!GetBinaryTypeW + 70                    7795252F 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!SetUnhandledExceptionFilter             7792A9BD 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!GetBinaryTypeW + 70                     7795252F 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[1736] kernel32.dll!GetBinaryTypeW + 70                                       7795252F 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 70                                       7795252F 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1868] kernel32.dll!GetBinaryTypeW + 70                                       7795252F 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70                                       7795252F 1 Byte  [62]
.text           ...                                                                                                          

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                      aswTdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                      aswTdi.sys

---- EOF - GMER 2.1 ----

und dann noch MBMA

Code:

ATTFilter

Version: 2.00.3.1025
Malware Datenbank: v2014.11.19.03
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: XXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293900
Verstrichene Zeit: 17 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 1
Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|60692, c:\progra~2\msevmeme.exe, In Quarantäne, [5a45320b275524126e4c5be4dc275ca4]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

Ich hoffe ihr könnt mir helfen, dass Problem zu beheben (sofern es eins gibt)

Lg
Stefan

schrauber · 19.11.2014, 13:42

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

CharlyAnton · 19.11.2014, 14:03

Hallo Schrauber!

Danke für die schnelle Antwort.

TDSSKiller hat nichts gefunden

Code:

ATTFilter

13:57:57.0431 0x1514  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:58:00.0505 0x1514  ============================================================
13:58:00.0505 0x1514  Current date / time: 2014/11/19 13:58:00.0505
13:58:00.0505 0x1514  SystemInfo:
13:58:00.0505 0x1514  
13:58:00.0505 0x1514  OS Version: 6.0.6002 ServicePack: 2.0
13:58:00.0505 0x1514  Product type: Workstation
13:58:00.0506 0x1514  ComputerName: XXX-PC
13:58:00.0506 0x1514  UserName: XXX
13:58:00.0506 0x1514  Windows directory: C:\Windows
13:58:00.0506 0x1514  System windows directory: C:\Windows
13:58:00.0506 0x1514  Processor architecture: Intel x86
13:58:00.0506 0x1514  Number of processors: 2
13:58:00.0506 0x1514  Page size: 0x1000
13:58:00.0506 0x1514  Boot type: Normal boot
13:58:00.0506 0x1514  ============================================================
13:58:00.0673 0x1514  KLMD registered as C:\Windows\system32\drivers\20873032.sys
13:58:00.0934 0x1514  System UUID: {537CCADD-C9A9-6240-77D6-ACEEF4032C57}
13:58:01.0894 0x1514  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:58:01.0944 0x1514  ============================================================
13:58:01.0944 0x1514  \Device\Harddisk0\DR0:
13:58:01.0944 0x1514  MBR partitions:
13:58:01.0944 0x1514  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE06800, BlocksNum 0x1C3BE970
13:58:01.0944 0x1514  ============================================================
13:58:01.0992 0x1514  C: <-> \Device\Harddisk0\DR0\Partition1
13:58:01.0992 0x1514  ============================================================
13:58:01.0992 0x1514  Initialize success
13:58:01.0992 0x1514  ============================================================
13:58:46.0031 0x04dc  ============================================================
13:58:46.0031 0x04dc  Scan started
13:58:46.0031 0x04dc  Mode: Manual; SigCheck; TDLFS; 
13:58:46.0031 0x04dc  ============================================================
13:58:46.0031 0x04dc  KSN ping started
13:58:59.0774 0x04dc  KSN ping finished: true
13:59:00.0149 0x04dc  ================ Scan system memory ========================
13:59:00.0149 0x04dc  System memory - ok
13:59:00.0149 0x04dc  ================ Scan services =============================
13:59:00.0320 0x04dc  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:59:00.0445 0x04dc  ACPI - ok
13:59:00.0601 0x04dc  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:59:00.0632 0x04dc  AdobeARMservice - ok
13:59:00.0757 0x04dc  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:59:00.0788 0x04dc  AdobeFlashPlayerUpdateSvc - ok
13:59:00.0898 0x04dc  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:59:00.0944 0x04dc  adp94xx - ok
13:59:00.0976 0x04dc  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:59:01.0007 0x04dc  adpahci - ok
13:59:01.0038 0x04dc  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:59:01.0054 0x04dc  adpu160m - ok
13:59:01.0085 0x04dc  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:59:01.0116 0x04dc  adpu320 - ok
13:59:01.0163 0x04dc  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:59:01.0225 0x04dc  AeLookupSvc - ok
13:59:01.0272 0x04dc  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
13:59:01.0350 0x04dc  AFD - ok
13:59:01.0397 0x04dc  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:59:01.0428 0x04dc  agp440 - ok
13:59:01.0459 0x04dc  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:59:01.0475 0x04dc  aic78xx - ok
13:59:01.0506 0x04dc  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
13:59:01.0537 0x04dc  ALG - ok
13:59:01.0568 0x04dc  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
13:59:01.0584 0x04dc  aliide - ok
13:59:01.0615 0x04dc  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:59:01.0631 0x04dc  amdagp - ok
13:59:01.0662 0x04dc  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
13:59:01.0678 0x04dc  amdide - ok
13:59:01.0724 0x04dc  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:59:01.0771 0x04dc  AmdK7 - ok
13:59:01.0802 0x04dc  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:59:01.0865 0x04dc  AmdK8 - ok
13:59:01.0912 0x04dc  [ 9325E49D555D8F12CE1735227DBB3D80, 0BD9E83A0BC72CCACFD9B9CAB6D21BD559913EB425B3C32CC59F298356EC577A ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
13:59:01.0943 0x04dc  ApfiltrService - ok
13:59:02.0005 0x04dc  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
13:59:02.0052 0x04dc  Appinfo - ok
13:59:02.0083 0x04dc  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
13:59:02.0099 0x04dc  arc - ok
13:59:02.0161 0x04dc  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:59:02.0177 0x04dc  arcsas - ok
13:59:02.0317 0x04dc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:59:02.0348 0x04dc  aspnet_state - ok
13:59:02.0395 0x04dc  [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:59:02.0411 0x04dc  aswHwid - ok
13:59:02.0426 0x04dc  [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:59:02.0458 0x04dc  aswMonFlt - ok
13:59:02.0504 0x04dc  [ FFB1BDC9CAF255019D678DB5BEDAF0F0, 5FBCD3F2AFFB25EB717B913E709EFBEEAC6520B910B8AC11BF830A5B7E33F797 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
13:59:02.0520 0x04dc  aswRdr - ok
13:59:02.0536 0x04dc  [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:59:02.0567 0x04dc  aswRvrt - ok
13:59:02.0676 0x04dc  [ D13182758BAC9B4996D592E7684C9267, 8CDF8F3962659A6F3AE77AD9A4982E2D754E0DE3610BE26985444A4DCCDF181A ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:59:02.0754 0x04dc  aswSnx - ok
13:59:02.0816 0x04dc  [ D1A68A33B082FA1C7087CE54A7923D90, 9B776122078044A1336D0E7C5F3F016BC7196571DBF379F804AF70C49D642714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:59:02.0863 0x04dc  aswSP - ok
13:59:02.0941 0x04dc  [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:59:02.0957 0x04dc  aswTdi - ok
13:59:03.0004 0x04dc  [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:59:03.0035 0x04dc  aswVmm - ok
13:59:03.0066 0x04dc  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:59:03.0113 0x04dc  AsyncMac - ok
13:59:03.0160 0x04dc  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
13:59:03.0191 0x04dc  atapi - ok
13:59:03.0269 0x04dc  [ AB0E8983BEB0B036485E0E97E23B69AD, 34091A76F490DE3968AE21B8B2BD715FB7BB90EB4A6D2CF43AF87A5B87D3120D ] athr            C:\Windows\system32\DRIVERS\athr.sys
13:59:03.0394 0x04dc  athr - ok
13:59:03.0456 0x04dc  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:59:03.0503 0x04dc  AudioEndpointBuilder - ok
13:59:03.0518 0x04dc  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:59:03.0550 0x04dc  Audiosrv - ok
13:59:03.0721 0x04dc  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:59:03.0752 0x04dc  avast! Antivirus - ok
13:59:03.0815 0x04dc  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:59:03.0877 0x04dc  Beep - ok
13:59:03.0940 0x04dc  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
13:59:04.0002 0x04dc  BFE - ok
13:59:04.0174 0x04dc  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
13:59:04.0298 0x04dc  BITS - ok
13:59:04.0345 0x04dc  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:59:04.0392 0x04dc  blbdrive - ok
13:59:04.0423 0x04dc  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:59:04.0470 0x04dc  bowser - ok
13:59:04.0517 0x04dc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:59:04.0564 0x04dc  BrFiltLo - ok
13:59:04.0595 0x04dc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:59:04.0642 0x04dc  BrFiltUp - ok
13:59:04.0688 0x04dc  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
13:59:04.0766 0x04dc  Browser - ok
13:59:04.0813 0x04dc  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:59:04.0891 0x04dc  Brserid - ok
13:59:04.0922 0x04dc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:59:04.0969 0x04dc  BrSerWdm - ok
13:59:05.0016 0x04dc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:59:05.0110 0x04dc  BrUsbMdm - ok
13:59:05.0141 0x04dc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:59:05.0219 0x04dc  BrUsbSer - ok
13:59:05.0266 0x04dc  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:59:05.0328 0x04dc  BTHMODEM - ok
13:59:05.0344 0x1034  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
13:59:05.0375 0x04dc  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:59:05.0437 0x04dc  cdfs - ok
13:59:05.0468 0x04dc  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:59:05.0500 0x04dc  cdrom - ok
13:59:05.0578 0x04dc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
13:59:05.0624 0x04dc  CertPropSvc - ok
13:59:05.0671 0x04dc  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:59:05.0702 0x04dc  circlass - ok
13:59:05.0749 0x04dc  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
13:59:05.0780 0x04dc  CLFS - ok
13:59:06.0155 0x04dc  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:06.0186 0x04dc  clr_optimization_v2.0.50727_32 - ok
13:59:06.0233 0x04dc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:59:06.0264 0x04dc  clr_optimization_v4.0.30319_32 - ok
13:59:06.0342 0x04dc  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:59:06.0389 0x04dc  CmBatt - ok
13:59:06.0404 0x04dc  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:59:06.0436 0x04dc  cmdide - ok
13:59:06.0467 0x04dc  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:59:06.0482 0x04dc  Compbatt - ok
13:59:06.0482 0x04dc  COMSysApp - ok
13:59:06.0498 0x04dc  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:59:06.0514 0x04dc  crcdisk - ok
13:59:06.0529 0x04dc  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:59:06.0576 0x04dc  Crusoe - ok
13:59:06.0623 0x04dc  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:59:06.0670 0x04dc  CryptSvc - ok
13:59:06.0748 0x04dc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:59:06.0841 0x04dc  DcomLaunch - ok
13:59:06.0904 0x04dc  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:59:06.0966 0x04dc  DfsC - ok
13:59:07.0122 0x04dc  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
13:59:07.0294 0x04dc  DFSR - ok
13:59:07.0403 0x04dc  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:59:07.0450 0x04dc  Dhcp - ok
13:59:07.0512 0x04dc  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
13:59:07.0543 0x04dc  disk - ok
13:59:07.0590 0x04dc  [ F206E28ED74C491FD5D7C0A1119CE37F, DB6AA9C9278F5F62717504F3B21BC2250EC5EB324EBEEAF01D42268D5657B83D ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
13:59:07.0606 0x04dc  DMICall - ok
13:59:07.0668 0x04dc  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:59:07.0699 0x04dc  Dnscache - ok
13:59:07.0730 0x04dc  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
13:59:07.0777 0x04dc  dot3svc - ok
13:59:07.0840 0x04dc  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
13:59:07.0886 0x04dc  DPS - ok
13:59:07.0918 0x1034  Object send P2P result: true
13:59:07.0949 0x04dc  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:59:07.0980 0x04dc  drmkaud - ok
13:59:08.0074 0x04dc  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:59:08.0136 0x04dc  DXGKrnl - ok
13:59:08.0214 0x04dc  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:59:08.0261 0x04dc  E1G60 - ok
13:59:08.0323 0x04dc  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
13:59:08.0370 0x04dc  EapHost - ok
13:59:08.0448 0x04dc  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:59:08.0464 0x04dc  Ecache - ok
13:59:08.0542 0x04dc  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:59:08.0588 0x04dc  ehRecvr - ok
13:59:08.0604 0x04dc  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
13:59:08.0635 0x04dc  ehSched - ok
13:59:08.0651 0x04dc  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
13:59:08.0682 0x04dc  ehstart - ok
13:59:08.0760 0x04dc  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:59:08.0791 0x04dc  elxstor - ok
13:59:08.0854 0x04dc  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:59:08.0947 0x04dc  EMDMgmt - ok
13:59:09.0010 0x04dc  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:59:09.0072 0x04dc  ErrDev - ok
13:59:09.0119 0x04dc  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
13:59:09.0166 0x04dc  EventSystem - ok
13:59:09.0212 0x04dc  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:59:09.0259 0x04dc  exfat - ok
13:59:09.0290 0x04dc  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:59:09.0337 0x04dc  fastfat - ok
13:59:09.0400 0x04dc  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:59:09.0446 0x04dc  fdc - ok
13:59:09.0478 0x04dc  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
13:59:09.0509 0x04dc  fdPHost - ok
13:59:09.0509 0x04dc  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:59:09.0602 0x04dc  FDResPub - ok
13:59:09.0634 0x04dc  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:59:09.0649 0x04dc  FileInfo - ok
13:59:09.0680 0x04dc  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:59:09.0712 0x04dc  Filetrace - ok
13:59:09.0727 0x04dc  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:59:09.0774 0x04dc  flpydisk - ok
13:59:09.0821 0x04dc  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:59:09.0852 0x04dc  FltMgr - ok
13:59:09.0961 0x04dc  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
13:59:10.0070 0x04dc  FontCache - ok
13:59:10.0164 0x04dc  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:59:10.0180 0x04dc  FontCache3.0.0.0 - ok
13:59:10.0211 0x04dc  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:59:10.0258 0x04dc  Fs_Rec - ok
13:59:10.0289 0x04dc  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:59:10.0304 0x04dc  gagp30kx - ok
13:59:10.0367 0x04dc  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
13:59:10.0429 0x04dc  gpsvc - ok
13:59:10.0476 0x04dc  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:59:10.0492 0x04dc  gusvc - ok
13:59:10.0570 0x04dc  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:59:10.0648 0x04dc  HdAudAddService - ok
13:59:10.0710 0x04dc  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:59:10.0788 0x04dc  HDAudBus - ok
13:59:10.0835 0x04dc  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:59:10.0882 0x04dc  HidBth - ok
13:59:10.0928 0x04dc  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:59:10.0991 0x04dc  HidIr - ok
13:59:11.0022 0x04dc  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
13:59:11.0053 0x04dc  hidserv - ok
13:59:11.0084 0x04dc  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:59:11.0116 0x04dc  HidUsb - ok
13:59:11.0147 0x04dc  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:59:11.0178 0x04dc  hkmsvc - ok
13:59:11.0209 0x04dc  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:59:11.0225 0x04dc  HpCISSs - ok
13:59:11.0303 0x04dc  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:59:11.0350 0x04dc  HSFHWAZL - ok
13:59:11.0428 0x04dc  [ 7BC42C65B5C6281777C1A7605B253BA8, 71885EB4E8625450ECA4623466FB3D5437DAABE739A5DC3B5F4CF982A65F8A86 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:59:11.0521 0x04dc  HSF_DPV - ok
13:59:11.0599 0x04dc  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E, A11CE324DD8E8BDFFDF513429C32D3C16EC79DC9A7517048587759B26BF38583 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:59:11.0615 0x04dc  HSXHWAZL - ok
13:59:11.0662 0x04dc  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:59:11.0740 0x04dc  HTTP - ok
13:59:11.0786 0x04dc  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:59:11.0802 0x04dc  i2omp - ok
13:59:11.0864 0x04dc  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:59:11.0896 0x04dc  i8042prt - ok
13:59:11.0958 0x04dc  [ FD7F9D74C2B35DBDA400804A3F5ED5D8, 93BAEE15428E9B3FF2D5F7EE156697EA8C24E176C3A8E56D1B1AFF4E541867E4 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:59:11.0974 0x04dc  iaStor - ok
13:59:12.0005 0x04dc  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:59:12.0052 0x04dc  iaStorV - ok
13:59:12.0145 0x04dc  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:59:12.0208 0x04dc  idsvc - ok
13:59:12.0332 0x04dc  [ 62448322731AC1BEDA52E2B3327046EE, CDF729ACD2BB26BD8EAA117CF180C22419255DC257ABE1C6C2F3D5BB3498DFA0 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:59:12.0504 0x04dc  igfx - ok
13:59:12.0535 0x04dc  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:59:12.0551 0x04dc  iirsp - ok
13:59:12.0598 0x04dc  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:59:12.0660 0x04dc  IKEEXT - ok
13:59:12.0800 0x04dc  [ A82C70CBAEC7B10E4C9C1341D729640F, 131A900F65891C228FA44B53687C5A652008DE962ADC53DC5B9048A0D1237E53 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:59:12.0925 0x04dc  IntcAzAudAddService - ok
13:59:13.0019 0x04dc  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
13:59:13.0034 0x04dc  intelide - ok
13:59:13.0050 0x04dc  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:59:13.0097 0x04dc  intelppm - ok
13:59:13.0144 0x04dc  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:59:13.0190 0x04dc  IPBusEnum - ok
13:59:13.0222 0x04dc  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:13.0253 0x04dc  IpFilterDriver - ok
13:59:13.0300 0x04dc  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:59:13.0346 0x04dc  iphlpsvc - ok
13:59:13.0346 0x04dc  IpInIp - ok
13:59:13.0393 0x04dc  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:59:13.0440 0x04dc  IPMIDRV - ok
13:59:13.0471 0x04dc  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:59:13.0518 0x04dc  IPNAT - ok
13:59:13.0534 0x04dc  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:59:13.0565 0x04dc  IRENUM - ok
13:59:13.0596 0x04dc  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:59:13.0627 0x04dc  isapnp - ok
13:59:13.0690 0x04dc  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:59:13.0705 0x04dc  iScsiPrt - ok
13:59:13.0736 0x04dc  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:59:13.0752 0x04dc  iteatapi - ok
13:59:13.0768 0x04dc  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:59:13.0783 0x04dc  iteraid - ok
13:59:13.0846 0x04dc  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:59:13.0861 0x04dc  IviRegMgr - ok
13:59:13.0892 0x04dc  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:59:13.0908 0x04dc  kbdclass - ok
13:59:13.0924 0x04dc  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:59:13.0955 0x04dc  kbdhid - ok
13:59:14.0002 0x04dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
13:59:14.0064 0x04dc  KeyIso - ok
13:59:14.0142 0x04dc  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:59:14.0220 0x04dc  KSecDD - ok
13:59:14.0298 0x04dc  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:59:14.0423 0x04dc  KtmRm - ok
13:59:14.0470 0x04dc  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:59:14.0516 0x04dc  LanmanServer - ok
13:59:14.0594 0x04dc  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:59:14.0641 0x04dc  LanmanWorkstation - ok
13:59:14.0704 0x04dc  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:59:14.0750 0x04dc  lltdio - ok
13:59:14.0782 0x04dc  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:59:14.0828 0x04dc  lltdsvc - ok
13:59:14.0844 0x04dc  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:59:14.0906 0x04dc  lmhosts - ok
13:59:14.0938 0x04dc  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:59:14.0953 0x04dc  LSI_FC - ok
13:59:14.0969 0x04dc  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:59:15.0000 0x04dc  LSI_SAS - ok
13:59:15.0031 0x04dc  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:59:15.0047 0x04dc  LSI_SCSI - ok
13:59:15.0078 0x04dc  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:59:15.0140 0x04dc  luafv - ok
13:59:15.0187 0x04dc  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:59:15.0218 0x04dc  Mcx2Svc - ok
13:59:15.0281 0x04dc  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:59:15.0296 0x04dc  mdmxsdk - ok
13:59:15.0359 0x04dc  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
13:59:15.0374 0x04dc  megasas - ok
13:59:15.0406 0x04dc  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:59:15.0452 0x04dc  MegaSR - ok
13:59:15.0484 0x04dc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
13:59:15.0562 0x04dc  MMCSS - ok
13:59:15.0593 0x04dc  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
13:59:15.0655 0x04dc  Modem - ok
13:59:15.0702 0x04dc  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:59:15.0749 0x04dc  monitor - ok
13:59:15.0780 0x04dc  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:59:15.0796 0x04dc  mouclass - ok
13:59:15.0811 0x04dc  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:59:15.0858 0x04dc  mouhid - ok
13:59:15.0889 0x04dc  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:59:15.0905 0x04dc  MountMgr - ok
13:59:15.0983 0x04dc  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:59:15.0998 0x04dc  MozillaMaintenance - ok
13:59:16.0030 0x04dc  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:59:16.0045 0x04dc  mpio - ok
13:59:16.0061 0x04dc  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:59:16.0123 0x04dc  mpsdrv - ok
13:59:16.0170 0x04dc  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:59:16.0248 0x04dc  MpsSvc - ok
13:59:16.0295 0x04dc  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:59:16.0310 0x04dc  Mraid35x - ok
13:59:16.0326 0x04dc  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:59:16.0373 0x04dc  MRxDAV - ok
13:59:16.0404 0x04dc  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:16.0466 0x04dc  mrxsmb - ok
13:59:16.0482 0x04dc  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:16.0513 0x04dc  mrxsmb10 - ok
13:59:16.0529 0x04dc  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:16.0560 0x04dc  mrxsmb20 - ok
13:59:16.0607 0x04dc  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:59:16.0622 0x04dc  msahci - ok
13:59:16.0700 0x04dc  [ 31FE01F58C95E1296F909BE52DEA63DD, CAB608A55628318BC5BBB364F92656419423E615479B6922B2DB8FE2CC6EEE7A ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
13:59:16.0732 0x04dc  MSCSPTISRV - detected UnsignedFile.Multi.Generic ( 1 )
13:59:19.0150 0x04dc  Detect skipped due to KSN trusted
13:59:19.0150 0x04dc  MSCSPTISRV - ok
13:59:19.0196 0x04dc  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:59:19.0212 0x04dc  msdsm - ok
13:59:19.0243 0x04dc  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
13:59:19.0274 0x04dc  MSDTC - ok
13:59:19.0337 0x04dc  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:59:19.0384 0x04dc  Msfs - ok
13:59:19.0399 0x04dc  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:59:19.0415 0x04dc  msisadrv - ok
13:59:19.0446 0x04dc  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:59:19.0493 0x04dc  MSiSCSI - ok
13:59:19.0493 0x04dc  msiserver - ok
13:59:19.0540 0x04dc  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:59:19.0586 0x04dc  MSKSSRV - ok
13:59:19.0618 0x04dc  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:19.0649 0x04dc  MSPCLOCK - ok
13:59:19.0664 0x04dc  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:59:19.0696 0x04dc  MSPQM - ok
13:59:19.0742 0x04dc  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:59:19.0758 0x04dc  MsRPC - ok
13:59:19.0789 0x04dc  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:59:19.0805 0x04dc  mssmbios - ok
13:59:19.0883 0x04dc  MSSQL$MSSMLBIZ - ok
13:59:19.0914 0x04dc  [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:59:19.0930 0x04dc  MSSQLServerADHelper - ok
13:59:19.0976 0x04dc  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:59:20.0008 0x04dc  MSTEE - ok
13:59:20.0039 0x04dc  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:59:20.0054 0x04dc  Mup - ok
13:59:20.0101 0x04dc  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
13:59:20.0148 0x04dc  napagent - ok
13:59:20.0226 0x04dc  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:59:20.0351 0x04dc  NativeWifiP - ok
13:59:20.0476 0x04dc  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:59:20.0554 0x04dc  NDIS - ok
13:59:20.0600 0x04dc  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:20.0647 0x04dc  NdisTapi - ok
13:59:20.0678 0x04dc  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:20.0710 0x04dc  Ndisuio - ok
13:59:20.0725 0x04dc  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:20.0772 0x04dc  NdisWan - ok
13:59:20.0819 0x04dc  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:59:20.0881 0x04dc  NDProxy - ok
13:59:20.0912 0x04dc  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:59:20.0990 0x04dc  NetBIOS - ok
13:59:21.0037 0x04dc  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:59:21.0146 0x04dc  netbt - ok
13:59:21.0178 0x04dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
13:59:21.0224 0x04dc  Netlogon - ok
13:59:21.0302 0x04dc  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
13:59:21.0365 0x04dc  Netman - ok
13:59:21.0412 0x04dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:21.0443 0x04dc  NetMsmqActivator - ok
13:59:21.0458 0x04dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:21.0490 0x04dc  NetPipeActivator - ok
13:59:21.0568 0x04dc  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
13:59:21.0646 0x04dc  netprofm - ok
13:59:21.0692 0x04dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:21.0724 0x04dc  NetTcpActivator - ok
13:59:21.0755 0x04dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:21.0770 0x04dc  NetTcpPortSharing - ok
13:59:21.0833 0x04dc  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:59:21.0848 0x04dc  nfrd960 - ok
13:59:21.0895 0x04dc  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:59:21.0958 0x04dc  NlaSvc - ok
13:59:21.0989 0x04dc  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:59:22.0020 0x04dc  Npfs - ok
13:59:22.0051 0x04dc  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
13:59:22.0082 0x04dc  nsi - ok
13:59:22.0114 0x04dc  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:59:22.0176 0x04dc  nsiproxy - ok
13:59:22.0285 0x04dc  [ 1374BB02B2593325EB16289DA37636F9, 248BDB98468F962B8C1C8F5B8B2FFECC83A42266E92A34B1C3A5161C74EB5E59 ] NSUService      C:\Program Files\Sony\Network Utility\NSUService.exe
13:59:22.0316 0x04dc  NSUService - detected UnsignedFile.Multi.Generic ( 1 )
13:59:24.0734 0x04dc  Detect skipped due to KSN trusted
13:59:24.0734 0x04dc  NSUService - ok
13:59:24.0859 0x04dc  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:59:24.0984 0x04dc  Ntfs - ok
13:59:25.0031 0x04dc  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:59:25.0093 0x04dc  ntrigdigi - ok
13:59:25.0124 0x04dc  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
13:59:25.0171 0x04dc  Null - ok
13:59:25.0577 0x04dc  [ 442EAC1B12ACF1BAD6F1224167E034C8, A8A19FA50001AF2CD4DADFDC96B1092A1015204C2D24D9585E3EFE747D7D5F50 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:59:26.0138 0x04dc  nvlddmkm - ok
13:59:26.0201 0x04dc  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:59:26.0216 0x04dc  nvraid - ok
13:59:26.0232 0x04dc  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:59:26.0263 0x04dc  nvstor - ok
13:59:26.0279 0x04dc  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:59:26.0310 0x04dc  nv_agp - ok
13:59:26.0310 0x04dc  NwlnkFlt - ok
13:59:26.0326 0x04dc  NwlnkFwd - ok
13:59:26.0357 0x04dc  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:59:26.0404 0x04dc  ohci1394 - ok
13:59:26.0482 0x04dc  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:26.0513 0x04dc  ose - ok
13:59:26.0560 0x04dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:59:26.0622 0x04dc  p2pimsvc - ok
13:59:26.0669 0x04dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:59:26.0716 0x04dc  p2psvc - ok
13:59:26.0762 0x04dc  [ F5395A0379C51283471354402F7B949D, 995EEACDA9D5025D72E52285DD160202FD58F52F2FD3A5B159664E71A668E1D1 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
13:59:26.0809 0x04dc  PACSPTISVR - detected UnsignedFile.Multi.Generic ( 1 )
13:59:29.0196 0x04dc  Detect skipped due to KSN trusted
13:59:29.0196 0x04dc  PACSPTISVR - ok
13:59:29.0274 0x04dc  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
13:59:29.0321 0x04dc  Parport - ok
13:59:29.0368 0x04dc  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:59:29.0383 0x04dc  partmgr - ok
13:59:29.0414 0x04dc  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:59:29.0492 0x04dc  Parvdm - ok
13:59:29.0524 0x04dc  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:59:29.0555 0x04dc  PcaSvc - ok
13:59:29.0586 0x04dc  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
13:59:29.0617 0x04dc  pci - ok
13:59:29.0648 0x04dc  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:59:29.0664 0x04dc  pciide - ok
13:59:29.0711 0x04dc  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:59:29.0758 0x04dc  pcmcia - ok
13:59:29.0820 0x04dc  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:59:29.0945 0x04dc  PEAUTH - ok
13:59:30.0054 0x04dc  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
13:59:30.0226 0x04dc  pla - ok
13:59:30.0272 0x04dc  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:59:30.0335 0x04dc  PlugPlay - ok
13:59:30.0382 0x04dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:59:30.0428 0x04dc  PNRPAutoReg - ok
13:59:30.0569 0x04dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:59:30.0616 0x04dc  PNRPsvc - ok
13:59:30.0662 0x04dc  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:59:30.0709 0x04dc  PolicyAgent - ok
13:59:30.0740 0x04dc  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:59:30.0803 0x04dc  PptpMiniport - ok
13:59:30.0818 0x04dc  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
13:59:30.0865 0x04dc  Processor - ok
13:59:30.0912 0x04dc  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
13:59:30.0959 0x04dc  ProfSvc - ok
13:59:30.0974 0x04dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
13:59:30.0990 0x04dc  ProtectedStorage - ok
13:59:31.0021 0x04dc  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:59:31.0068 0x04dc  PSched - ok
13:59:31.0115 0x04dc  [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
13:59:31.0130 0x04dc  PxHelp20 - ok
13:59:31.0224 0x04dc  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:59:31.0318 0x04dc  ql2300 - ok
13:59:31.0349 0x04dc  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:59:31.0364 0x04dc  ql40xx - ok
13:59:31.0411 0x04dc  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
13:59:31.0458 0x04dc  QWAVE - ok
13:59:31.0489 0x04dc  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:59:31.0505 0x04dc  QWAVEdrv - ok
13:59:31.0536 0x04dc  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:59:31.0583 0x04dc  RasAcd - ok
13:59:31.0614 0x04dc  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
13:59:31.0661 0x04dc  RasAuto - ok
13:59:31.0676 0x04dc  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:31.0739 0x04dc  Rasl2tp - ok
13:59:31.0786 0x04dc  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
13:59:31.0817 0x04dc  RasMan - ok
13:59:31.0832 0x04dc  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:31.0864 0x04dc  RasPppoe - ok
13:59:31.0879 0x04dc  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:59:31.0910 0x04dc  RasSstp - ok
13:59:31.0942 0x04dc  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:59:31.0973 0x04dc  rdbss - ok
13:59:31.0988 0x04dc  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:32.0051 0x04dc  RDPCDD - ok
13:59:32.0082 0x04dc  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:59:32.0129 0x04dc  rdpdr - ok
13:59:32.0144 0x04dc  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:59:32.0191 0x04dc  RDPENCDD - ok
13:59:32.0254 0x04dc  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:59:32.0285 0x04dc  RDPWD - ok
13:59:32.0316 0x04dc  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
13:59:32.0332 0x04dc  regi - ok
13:59:32.0394 0x04dc  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:59:32.0441 0x04dc  RemoteAccess - ok
13:59:32.0488 0x04dc  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:59:32.0534 0x04dc  RemoteRegistry - ok
13:59:32.0550 0x04dc  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
13:59:32.0581 0x04dc  RpcLocator - ok
13:59:32.0628 0x04dc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
13:59:32.0690 0x04dc  RpcSs - ok
13:59:32.0753 0x04dc  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:59:32.0800 0x04dc  rspndr - ok
13:59:32.0831 0x04dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
13:59:32.0846 0x04dc  SamSs - ok
13:59:32.0878 0x04dc  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:59:32.0893 0x04dc  sbp2port - ok
13:59:32.0940 0x04dc  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:59:32.0971 0x04dc  SCardSvr - ok
13:59:33.0018 0x04dc  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
13:59:33.0080 0x04dc  Schedule - ok
13:59:33.0096 0x04dc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:59:33.0127 0x04dc  SCPolicySvc - ok
13:59:33.0158 0x04dc  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:59:33.0190 0x04dc  SDRSVC - ok
13:59:33.0221 0x04dc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:59:33.0283 0x04dc  secdrv - ok
13:59:33.0314 0x04dc  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
13:59:33.0346 0x04dc  seclogon - ok
13:59:33.0361 0x04dc  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
13:59:33.0408 0x04dc  SENS - ok
13:59:33.0439 0x04dc  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:59:33.0502 0x04dc  Serenum - ok
13:59:33.0533 0x04dc  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
13:59:33.0595 0x04dc  Serial - ok
13:59:33.0611 0x04dc  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:59:33.0642 0x04dc  sermouse - ok
13:59:33.0689 0x04dc  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:59:33.0720 0x04dc  SessionEnv - ok
13:59:33.0767 0x04dc  [ 8B7C1768D2CDE2E02E09A66563DDFD16, F46278B914A2FD32575CC7F083BEEA039E15D30061D6B39F22E39DAEEA80DB93 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
13:59:33.0798 0x04dc  SFEP - ok
13:59:33.0814 0x04dc  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:59:33.0845 0x04dc  sffdisk - ok
13:59:33.0876 0x04dc  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:59:33.0907 0x04dc  sffp_mmc - ok
13:59:33.0938 0x04dc  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:59:33.0985 0x04dc  sffp_sd - ok
13:59:34.0016 0x04dc  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:59:34.0079 0x04dc  sfloppy - ok
13:59:34.0126 0x04dc  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:59:34.0188 0x04dc  SharedAccess - ok
13:59:34.0235 0x04dc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:59:34.0297 0x04dc  ShellHWDetection - ok
13:59:34.0344 0x04dc  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:59:34.0360 0x04dc  sisagp - ok
13:59:34.0375 0x04dc  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:59:34.0391 0x04dc  SiSRaid2 - ok
13:59:34.0422 0x04dc  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:59:34.0438 0x04dc  SiSRaid4 - ok
13:59:34.0609 0x04dc  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
13:59:34.0859 0x04dc  slsvc - ok
13:59:34.0906 0x04dc  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:59:34.0937 0x04dc  SLUINotify - ok
13:59:34.0952 0x04dc  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:59:34.0999 0x04dc  Smb - ok
13:59:35.0046 0x04dc  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:59:35.0077 0x04dc  SNMPTRAP - ok
13:59:35.0124 0x04dc  [ D07F3C6FE13D291A5C27E2D2E8EC7F52, 0F185199CA5A7858606929C005DED9E6465316650AD5A4C737779921AF15BD62 ] SOHCImp         C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
13:59:35.0140 0x04dc  SOHCImp - ok
13:59:35.0171 0x04dc  [ E507433FC0237B9FFCB6F97235E8C47D, 5C82E6F2C40DE752AEC26F7982312710C78F5423671F48256BAEB4A917EC8AA4 ] SOHDms          C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
13:59:35.0202 0x04dc  SOHDms - ok
13:59:35.0233 0x04dc  [ E674417F83C45679CD9C804D77E485A3, 5EF71E8619286DC6B2CF628F87969F322BD90B1A7D9E255C0BD040D1588ED912 ] SOHDs           C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
13:59:35.0249 0x04dc  SOHDs - ok
13:59:35.0280 0x04dc  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:59:35.0296 0x04dc  spldr - ok
13:59:35.0327 0x04dc  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
13:59:35.0358 0x04dc  Spooler - ok
13:59:35.0405 0x04dc  [ 5673E79BBB62A4C35B10D821FF1B4ACA, 26B809F1AC8B988E8DA86522A11DE03DF6FDBC09A09F3A359306DAAFBA4038FD ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:59:35.0436 0x04dc  SQLBrowser - ok
13:59:35.0452 0x04dc  [ 9263C8898732E2B890F7E954E7729AB7, DEBFD81E702893427972A6565A9AAA54A09B9F7F30CA9391011C6F7FB758A3F4 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:59:35.0467 0x04dc  SQLWriter - ok
13:59:35.0514 0x04dc  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:59:35.0545 0x04dc  srv - ok
13:59:35.0576 0x04dc  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:59:35.0608 0x04dc  srv2 - ok
13:59:35.0623 0x04dc  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:59:35.0670 0x04dc  srvnet - ok
13:59:35.0717 0x04dc  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:59:35.0748 0x04dc  SSDPSRV - ok
13:59:35.0810 0x04dc  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:59:35.0842 0x04dc  SstpSvc - ok
13:59:35.0920 0x04dc  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
13:59:35.0982 0x04dc  stisvc - ok
13:59:36.0013 0x04dc  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:59:36.0029 0x04dc  swenum - ok
13:59:36.0076 0x04dc  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
13:59:36.0138 0x04dc  swprv - ok
13:59:36.0169 0x04dc  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:59:36.0185 0x04dc  Symc8xx - ok
13:59:36.0200 0x04dc  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:59:36.0216 0x04dc  Sym_hi - ok
13:59:36.0232 0x04dc  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:59:36.0247 0x04dc  Sym_u3 - ok
13:59:36.0294 0x04dc  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
13:59:36.0372 0x04dc  SysMain - ok
13:59:36.0388 0x04dc  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:59:36.0434 0x04dc  TabletInputService - ok
13:59:36.0481 0x04dc  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:59:36.0559 0x04dc  TapiSrv - ok
13:59:36.0590 0x04dc  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
13:59:36.0637 0x04dc  TBS - ok
13:59:36.0715 0x04dc  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:59:36.0778 0x04dc  Tcpip - ok
13:59:36.0856 0x04dc  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:59:36.0918 0x04dc  Tcpip6 - ok
13:59:36.0949 0x04dc  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:59:36.0980 0x04dc  tcpipreg - ok
13:59:37.0012 0x04dc  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:59:37.0043 0x04dc  TDPIPE - ok
13:59:37.0058 0x04dc  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:59:37.0090 0x04dc  TDTCP - ok
13:59:37.0121 0x04dc  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:59:37.0168 0x04dc  tdx - ok
13:59:37.0183 0x04dc  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:59:37.0199 0x04dc  TermDD - ok
13:59:37.0261 0x04dc  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
13:59:37.0324 0x04dc  TermService - ok
13:59:37.0386 0x04dc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
13:59:37.0417 0x04dc  Themes - ok
13:59:37.0433 0x04dc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:59:37.0464 0x04dc  THREADORDER - ok
13:59:37.0573 0x04dc  [ 909CD987B54A8179C9AEE874D754721A, E532791D8DC9B861E6486BC35C25F0263D2581F01181AE3964BC6A0503E678F8 ] ti21sony        C:\Windows\system32\drivers\ti21sony.sys
13:59:37.0682 0x04dc  ti21sony - ok
13:59:37.0714 0x04dc  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
13:59:37.0776 0x04dc  TrkWks - ok
13:59:37.0838 0x04dc  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:59:37.0870 0x04dc  TrustedInstaller - ok
13:59:37.0901 0x04dc  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:37.0916 0x04dc  tssecsrv - ok
13:59:37.0948 0x04dc  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:59:37.0994 0x04dc  tunmp - ok
13:59:38.0026 0x04dc  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:59:38.0041 0x04dc  tunnel - ok
13:59:38.0072 0x04dc  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:59:38.0088 0x04dc  uagp35 - ok
13:59:38.0119 0x04dc  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:59:38.0182 0x04dc  udfs - ok
13:59:38.0228 0x04dc  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:59:38.0275 0x04dc  UI0Detect - ok
13:59:38.0291 0x04dc  UIUSys - ok
13:59:38.0338 0x04dc  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:59:38.0353 0x04dc  uliagpkx - ok
13:59:38.0369 0x04dc  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:59:38.0400 0x04dc  uliahci - ok
13:59:38.0431 0x04dc  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:59:38.0447 0x04dc  UlSata - ok
13:59:38.0478 0x04dc  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:59:38.0494 0x04dc  ulsata2 - ok
13:59:38.0509 0x04dc  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:59:38.0572 0x04dc  umbus - ok
13:59:38.0618 0x04dc  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
13:59:38.0681 0x04dc  upnphost - ok
13:59:38.0712 0x04dc  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:38.0759 0x04dc  usbccgp - ok
13:59:38.0790 0x04dc  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:59:38.0852 0x04dc  usbcir - ok
13:59:38.0915 0x04dc  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:59:38.0930 0x04dc  usbehci - ok
13:59:38.0962 0x04dc  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:59:38.0993 0x04dc  usbhub - ok
13:59:39.0024 0x04dc  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:59:39.0102 0x04dc  usbohci - ok
13:59:39.0133 0x04dc  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:59:39.0164 0x04dc  usbprint - ok
13:59:39.0227 0x04dc  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:59:39.0242 0x04dc  usbscan - ok
13:59:39.0274 0x04dc  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:39.0305 0x04dc  USBSTOR - ok
13:59:39.0336 0x04dc  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:59:39.0383 0x04dc  usbuhci - ok
13:59:39.0430 0x04dc  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
13:59:39.0461 0x04dc  UxSms - ok
13:59:39.0508 0x04dc  [ D6E6BD77F4BEDD695553D5EA1FFDFCDD, 730FC565638DCCFCC1EC300F8630863BB624C6087D34CDEF3E6587BB3EFD971A ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
13:59:39.0523 0x04dc  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic ( 1 )
13:59:42.0004 0x04dc  Detect skipped due to KSN trusted
13:59:42.0004 0x04dc  VAIO Entertainment TV Device Arbitration Service - ok
13:59:42.0097 0x04dc  [ 8A9F18ADAD471402236CA931553BF79B, D6FBECC83C5A8052C3F65A6B43BC42466212D9BE3B704CC150A8BA49E37F0291 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
13:59:42.0128 0x04dc  VAIO Event Service - ok
13:59:42.0175 0x04dc  [ 9D1DD772DEC13B0DA3289A4B266B0767, 474B6AB5923E2E2678456C3D89C16F8A7EF78E534CB29DC409EA5996D8A66245 ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
13:59:42.0206 0x04dc  VcmIAlzMgr - ok
13:59:42.0253 0x04dc  [ C44A507B71EB90E8299D2AF8FB05AE5B, DA17ED29002F68498AE567629679AD94B7CD7088DD0EB047E6479DAF7F3F460C ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
13:59:42.0269 0x04dc  VcmXmlIfHelper - ok
13:59:42.0284 0x04dc  Vcsw - ok
13:59:42.0331 0x04dc  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
13:59:42.0409 0x04dc  vds - ok
13:59:42.0456 0x04dc  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:42.0503 0x04dc  vga - ok
13:59:42.0518 0x04dc  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:59:42.0581 0x04dc  VgaSave - ok
13:59:42.0596 0x04dc  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:59:42.0628 0x04dc  viaagp - ok
13:59:42.0628 0x04dc  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:59:42.0674 0x04dc  ViaC7 - ok
13:59:42.0690 0x04dc  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
13:59:42.0706 0x04dc  viaide - ok
13:59:42.0737 0x04dc  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:59:42.0752 0x04dc  volmgr - ok
13:59:42.0799 0x04dc  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:59:42.0830 0x04dc  volmgrx - ok
13:59:42.0846 0x04dc  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:59:42.0877 0x04dc  volsnap - ok
13:59:42.0940 0x04dc  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:59:42.0955 0x04dc  vsmraid - ok
13:59:43.0033 0x04dc  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
13:59:43.0174 0x04dc  VSS - ok
13:59:43.0267 0x04dc  [ AD137204D107A60D563030145C3BE695, 4470AD9D1D2B0302A2CAA56CD3847287D9CEC56D274405B4B8DF4448EFD45EB0 ] VUAgent         C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
13:59:43.0314 0x04dc  VUAgent - ok
13:59:43.0408 0x04dc  [ 0E2357BF1E70E17EFB13D08FCE74FCBC, BCA91F702DD5D3192BC14AF7713223802E1B0BCC99CD26F72E25DF8CF5A0241B ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
13:59:43.0439 0x04dc  VzCdbSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:59:45.0935 0x04dc  Detect skipped due to KSN trusted
13:59:45.0935 0x04dc  VzCdbSvc - ok
13:59:45.0982 0x04dc  [ 99BCBD7F13779AE06944776A8D4BB5C3, 3E68493F0C68297CB6F7D50E5FEC9CBC2D66E9B3CD298B95FFC6A0344E717B81 ] VzFw            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
13:59:45.0997 0x04dc  VzFw - detected UnsignedFile.Multi.Generic ( 1 )
13:59:48.0400 0x04dc  Detect skipped due to KSN trusted
13:59:48.0400 0x04dc  VzFw - ok
13:59:48.0478 0x04dc  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
13:59:48.0524 0x04dc  W32Time - ok
13:59:48.0556 0x04dc  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:59:48.0634 0x04dc  WacomPen - ok
13:59:48.0665 0x04dc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:59:48.0696 0x04dc  Wanarp - ok
13:59:48.0712 0x04dc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:59:48.0743 0x04dc  Wanarpv6 - ok
13:59:48.0790 0x04dc  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:59:48.0836 0x04dc  wcncsvc - ok
13:59:48.0868 0x04dc  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:59:48.0930 0x04dc  WcsPlugInService - ok
13:59:48.0961 0x04dc  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
13:59:48.0977 0x04dc  Wd - ok
13:59:49.0024 0x04dc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:59:49.0102 0x04dc  Wdf01000 - ok
13:59:49.0164 0x04dc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:59:49.0211 0x04dc  WdiServiceHost - ok
13:59:49.0226 0x04dc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:59:49.0258 0x04dc  WdiSystemHost - ok
13:59:49.0304 0x04dc  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
13:59:49.0351 0x04dc  WebClient - ok
13:59:49.0382 0x04dc  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:59:49.0445 0x04dc  Wecsvc - ok
13:59:49.0492 0x04dc  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:59:49.0570 0x04dc  wercplsupport - ok
13:59:49.0601 0x04dc  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:59:49.0632 0x04dc  WerSvc - ok
13:59:49.0694 0x04dc  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4, A6020D41FEA0CC76D0C3CA3A88F3E9493022CD5A549E18B02D69A482B579F339 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:59:49.0710 0x04dc  WimFltr - ok
13:59:49.0757 0x04dc  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA, 711DD957AF98F1B835ECE0FEBCCF8FCC7763F1DAA232F1C9E80DE6DA123C7F33 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:59:49.0819 0x04dc  winachsf - ok
13:59:49.0882 0x04dc  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:59:49.0928 0x04dc  WinDefend - ok
13:59:49.0928 0x04dc  WinHttpAutoProxySvc - ok
13:59:50.0022 0x04dc  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:59:50.0053 0x04dc  Winmgmt - ok
13:59:50.0131 0x04dc  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:59:50.0272 0x04dc  WinRM - ok
13:59:50.0350 0x04dc  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:59:50.0412 0x04dc  Wlansvc - ok
13:59:50.0443 0x04dc  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:59:50.0474 0x04dc  WmiAcpi - ok
13:59:50.0521 0x04dc  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:59:50.0552 0x04dc  wmiApSrv - ok
13:59:50.0630 0x04dc  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:59:50.0708 0x04dc  WMPNetworkSvc - ok
13:59:50.0786 0x04dc  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:59:50.0849 0x04dc  WPCSvc - ok
13:59:50.0896 0x04dc  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:59:50.0911 0x04dc  WPDBusEnum - ok
13:59:51.0005 0x04dc  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:59:51.0067 0x04dc  WPFFontCache_v0400 - ok
13:59:51.0083 0x04dc  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:59:51.0114 0x04dc  ws2ifsl - ok
13:59:51.0145 0x04dc  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:59:51.0192 0x04dc  wscsvc - ok
13:59:51.0208 0x04dc  WSearch - ok
13:59:51.0332 0x04dc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:59:51.0457 0x04dc  wuauserv - ok
13:59:51.0504 0x04dc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:59:51.0520 0x04dc  WudfPf - ok
13:59:51.0551 0x04dc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:51.0582 0x04dc  WUDFRd - ok
13:59:51.0598 0x04dc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:59:51.0629 0x04dc  wudfsvc - ok
13:59:51.0660 0x04dc  [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
13:59:51.0676 0x04dc  XAudio - ok
13:59:51.0707 0x04dc  [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
13:59:51.0738 0x04dc  XAudioService - ok
13:59:51.0816 0x04dc  [ 2D07E65ED0023BB10B13A912B27DFB1A, 9462F3BCA8C8C1D284DB483C9EFB1CB770225E912A3508D71084F1CA93927C47 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
13:59:51.0878 0x04dc  yukonwlh - ok
13:59:51.0878 0x04dc  ================ Scan global ===============================
13:59:51.0925 0x04dc  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:59:51.0972 0x04dc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:59:52.0019 0x04dc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:59:52.0066 0x04dc  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
13:59:52.0097 0x04dc  [ Global ] - ok
13:59:52.0097 0x04dc  ================ Scan MBR ==================================
13:59:52.0097 0x04dc  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:59:52.0440 0x04dc  \Device\Harddisk0\DR0 - ok
13:59:52.0440 0x04dc  ================ Scan VBR ==================================
13:59:52.0456 0x04dc  [ D5534380007F5C7F1B964CDDF257D793 ] \Device\Harddisk0\DR0\Partition1
13:59:52.0487 0x04dc  \Device\Harddisk0\DR0\Partition1 - ok
13:59:52.0487 0x04dc  ================ Scan generic autorun ======================
13:59:52.0487 0x04dc  NvSvc - ok
13:59:52.0487 0x04dc  NvCplDaemon - ok
13:59:52.0502 0x04dc  NvMediaCenter - ok
13:59:52.0518 0x04dc  [ 9977504E1DF19E49F0A202E830347226, FAEE1C579A2A99FFDA4492A85F7527C01EB64856BC3EB8B1B39F216DF6A86FF2 ] C:\Windows\system32\igfxtray.exe
13:59:52.0534 0x04dc  IgfxTray - ok
13:59:52.0549 0x04dc  [ C7281D6A8649446A1EC22F8903438529, E6FB578A0D3E133AF8408E4C7707440980917EB3C83D0ADCD9DBF6D141828D67 ] C:\Windows\system32\hkcmd.exe
13:59:52.0580 0x04dc  HotKeysCmds - ok
13:59:52.0596 0x04dc  [ 939380CCFA97FC56E0EFB6B626CA752D, AFA251DBA2A6479DB3AF521A5FB9BFB211551252A0D05E3FEAC99991403022B0 ] C:\Windows\system32\igfxpers.exe
13:59:52.0627 0x04dc  Persistence - ok
13:59:52.0830 0x04dc  [ 598DAA6F3B34C8F523AC1AE1AB483799, 84359B5BC758259B31F17DA34280AB2E8B342B930D3D3923224CED4EE97129EE ] C:\Windows\RtHDVCpl.exe
13:59:53.0173 0x04dc  RtHDVCpl - ok
13:59:53.0251 0x04dc  [ 8B53050C93073D4239907776A28DB565, C72EB6A5BDCBEFE305AA2FEE82ECD734ED5AEE9A593A869C358ADD0E96622D05 ] C:\Program Files\Apoint\Apoint.exe
13:59:53.0282 0x04dc  Apoint - ok
13:59:53.0314 0x04dc  [ AE46CBFF53E552ED1A0DA0888AE9D79F, 13EA90266AEFE8C6138F3642CA776FB83972DEAE4B73220BE0BE692BE34FAC9F ] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
13:59:53.0360 0x04dc  ISBMgr.exe - detected UnsignedFile.Multi.Generic ( 1 )
13:59:55.0856 0x04dc  Detect skipped due to KSN trusted
13:59:55.0856 0x04dc  ISBMgr.exe - ok
13:59:55.0981 0x04dc  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:59:56.0044 0x04dc  Adobe ARM - ok
13:59:56.0293 0x04dc  [ 21B8FAAFA5CCD89663AAD5833ABF4B35, DE46AD49AE1ED34697EE387BB77E73BCD7DA60E6063E02660021A9C2EA3C0801 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:59:56.0527 0x04dc  AvastUI.exe - ok
13:59:56.0621 0x04dc  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:59:56.0652 0x04dc  SunJavaUpdateSched - ok
13:59:56.0761 0x04dc  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:59:56.0933 0x04dc  Sidebar - ok
13:59:56.0933 0x04dc  WindowsWelcomeCenter - ok
13:59:57.0026 0x04dc  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:59:57.0151 0x04dc  Sidebar - ok
13:59:57.0151 0x04dc  WindowsWelcomeCenter - ok
13:59:57.0214 0x04dc  [ E7E3D65EE553065994B5D7F47F442E72, 839AD32D3BC0848DD337C3C2BD563C4E5A21B62F6BA6997AF301073AE26FD400 ] C:\Program Files\Sony\Network Utility\LANUtil.exe
13:59:57.0245 0x04dc  NSUFloatingUI - detected UnsignedFile.Multi.Generic ( 1 )
13:59:59.0632 0x04dc  Detect skipped due to KSN trusted
13:59:59.0632 0x04dc  NSUFloatingUI - ok
13:59:59.0725 0x04dc  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
13:59:59.0756 0x04dc  ehTray.exe - ok
13:59:59.0756 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:00.0770 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:01.0784 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:02.0798 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:03.0812 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:04.0826 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:05.0840 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:06.0854 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:07.0868 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:08.0882 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:09.0896 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:10.0910 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:11.0924 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:12.0938 0x04dc  Waiting for KSN requests completion. In queue: 46
14:00:13.0968 0x04dc  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe (  ), 0x41000 ( enabled : updated )
14:00:14.0015 0x04dc  Win FW state via NFP2: enabled
14:00:16.0511 0x04dc  ============================================================
14:00:16.0511 0x04dc  Scan finished
14:00:16.0511 0x04dc  ============================================================
14:00:16.0558 0x12bc  Detected object count: 0
14:00:16.0558 0x12bc  Actual detected object count: 0

lg

schrauber · 19.11.2014, 19:07

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CharlyAnton · 19.11.2014, 20:16

Servus!

So,hier is dan combofix

Code:

ATTFilter

ComboFix 14-11-17.01 - XXX 19.11.2014  19:44:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.1128 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\jxpiinstall.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-19 bis 2014-11-19  ))))))))))))))))))))))))))))))
.
.
2014-11-19 18:55 . 2014-11-19 18:55	--------	d-----w-	c:\users\XXX\AppData\Local\temp
2014-11-19 18:55 . 2014-11-19 18:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-19 13:16 . 2014-11-19 13:16	--------	d-----w-	c:\program files\CCleaner
2014-11-19 13:08 . 2014-11-19 13:08	--------	d-----w-	c:\program files\VideoLAN
2014-11-19 13:07 . 2014-11-19 13:07	1125200	----a-w-	c:\program files\VLC media player 32 Bit - CHIP-Installer.exe
2014-11-19 11:30 . 2014-11-19 11:34	--------	d-----w-	C:\FRST
2014-11-19 11:19 . 2014-10-24 01:03	499200	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 11:18 . 2014-11-19 11:18	--------	d-----w-	C:\f51d59639f6019cf70873b34c53d
2014-11-19 11:17 . 2014-11-19 11:18	--------	d-----w-	C:\943f51668c0a6edb1102cb2000
2014-11-19 10:42 . 2014-11-19 13:47	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-19 10:40 . 2014-11-19 10:41	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-11-19 10:40 . 2014-11-19 10:40	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-19 10:40 . 2014-10-01 10:11	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-19 10:40 . 2014-10-01 10:11	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-19 10:40 . 2014-10-01 10:11	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-19 10:35 . 2014-11-19 10:35	1125200	----a-w-	c:\program files\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-18 18:35 . 2014-11-19 12:56	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-11-18 18:31 . 2014-11-18 18:31	--------	d-----w-	C:\5e2ab1924bd113b85078a9e6f9ac2e
2014-11-18 18:28 . 2014-11-18 18:28	--------	d-----w-	C:\6f1177ac94c4712ea95f7218c214a1b8
2014-11-14 10:52 . 2014-10-10 01:00	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-14 10:52 . 2014-10-09 23:22	619520	----a-w-	c:\windows\system32\adtschema.dll
2014-11-14 10:52 . 2014-10-10 01:01	449536	----a-w-	c:\windows\system32\termsrv.dll
2014-11-14 10:52 . 2014-10-10 01:00	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-14 10:51 . 2014-08-27 00:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-11-14 10:51 . 2014-08-27 00:55	1249280	----a-w-	c:\windows\system32\msxml3.dll
2014-11-14 10:49 . 2014-09-19 00:50	278528	----a-w-	c:\windows\system32\schannel.dll
2014-11-14 10:49 . 2014-10-24 01:04	67072	----a-w-	c:\windows\system32\packager.dll
2014-11-14 10:48 . 2014-08-12 02:25	729600	----a-w-	c:\windows\system32\IMJP10K.DLL
2014-11-14 10:47 . 2014-10-03 01:17	396800	----a-w-	c:\windows\system32\AudioEng.dll
2014-11-14 10:47 . 2014-10-03 01:17	316928	----a-w-	c:\windows\system32\audiosrv.dll
2014-11-14 10:47 . 2014-10-03 01:18	274432	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-11-14 10:47 . 2014-10-03 01:17	170496	----a-w-	c:\windows\system32\EncDump.dll
2014-11-14 10:46 . 2014-10-18 01:08	564224	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-14 10:37 . 2014-10-12 23:34	2054656	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 12:21 . 2013-04-14 14:31	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-14 12:21 . 2012-02-23 07:34	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 06:24 . 2014-09-25 08:33	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-04 23:27 . 2014-10-16 08:39	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-08-23 01:03 . 2014-08-30 11:55	297984	----a-w-	c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-11 14:17	260976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-23 4825880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-07 3890208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2014\mshaktuell.exe [2014-5-25 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Skytel"=Skytel.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe"
"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 12:21]
.
2014-11-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-25 12:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-19 19:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-11-19  19:57:59
ComboFix-quarantined-files.txt  2014-11-19 18:57
.
Vor Suchlauf: 23 Verzeichnis(se), 176.847.120.384 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 177.708.591.104 Bytes frei
.
- - End Of File - - E48213A8D8E26A918031DD5B9A16C650
5C616939100B85E558DA92B899A0FC36

schrauber · 20.11.2014, 16:36

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

CharlyAnton · 20.11.2014, 19:29

Hi

hier ist

adwCleaner

Code:

ATTFilter

# AdwCleaner v4.101 - Bericht erstellt am 20/11/2014 um 17:50:58
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : XXX - XXX-PC
# Gestartet von : C:\Users\XXX\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v33.1 (x86 de)


*************************

AdwCleaner[R0].txt - [1370 octets] - [20/11/2014 17:44:20]
AdwCleaner[S0].txt - [1291 octets] - [20/11/2014 17:50:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1351 octets] ##########

und MBMA

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.11.2014
Suchlauf-Zeit: 17:57:59
Logdatei: mbma20.11.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: XXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 305118
Verstrichene Zeit: 15 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows Vista (TM) Home Premium x86
Ran by XXX on 20.11.2014 at 18:18:06,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\inikgwlg.default-1364405014146\minidumps [79 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.11.2014 at 18:21:33,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 21.11.2014, 16:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

CharlyAnton · 21.11.2014, 21:35

Hi Schrauber!

Keine Probleme mehr... außer das ich die Windows Updates noch immer nicht installieren kann...

Hier der ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bce90bbe09890e4db1e6d127a3f0c10b
# engine=21206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-21 08:16:17
# local_time=2014-11-21 09:16:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 4094691 16783273 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 254133705 0 0
# scanned=111373
# found=0
# cleaned=0
# scan_time=4387

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.90  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 71  
 Java 8 Update 25  
 Java(TM) 6 Update 4  
 Adobe Flash Player 	15.0.0.223  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (33.1) 
 Mozilla Thunderbird (8.0). Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by XXX (administrator) on XXX-PC on 21-11-2014 21:31:43
Running from C:\Users\XXX\Desktop\tools
Loaded Profile: XXX (Available profiles: XXX)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4718592 2008-01-23] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296 2007-11-21] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-03-10] (Sony Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
SearchScopes: HKLM -> DefaultScope {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM -> {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-11]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [229376 2008-03-10] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-04] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-04] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-04] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-11] ()
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\XXX\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 21:25 - 2014-11-21 21:25 - 00854414 _____ () C:\Users\XXX\Desktop\SecurityCheck.exe
2014-11-21 19:41 - 2014-11-21 19:41 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-11-20 18:18 - 2014-11-20 18:18 - 00000000 ____D () C:\Windows\ERUNT
2014-11-20 17:44 - 2014-11-20 17:50 - 00000000 ____D () C:\AdwCleaner
2014-11-20 17:23 - 2014-11-20 17:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 17:23 - 2014-11-20 17:23 - 00000000 _____ () C:\Windows\setupact.log
2014-11-19 19:58 - 2014-11-19 19:58 - 00009571 _____ () C:\ComboFix.txt
2014-11-19 19:40 - 2014-11-19 19:58 - 00000000 ____D () C:\ComboFix
2014-11-19 19:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 19:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 19:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 19:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 19:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 19:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 19:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 19:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 19:39 - 2014-11-19 19:58 - 00000000 ____D () C:\Qoobox
2014-11-19 19:39 - 2014-11-19 19:56 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 14:32 - 2014-11-20 17:52 - 00001960 _____ () C:\Windows\PFRO.log
2014-11-19 14:16 - 2014-11-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-19 14:16 - 2014-11-19 14:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-19 14:09 - 2014-11-19 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-19 14:08 - 2014-11-19 14:08 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-19 14:07 - 2014-11-19 14:07 - 01125200 _____ () C:\Program Files\VLC media player 32 Bit - CHIP-Installer.exe
2014-11-19 13:40 - 2014-11-21 21:31 - 00000000 ____D () C:\Users\XXX\Desktop\tools
2014-11-19 12:30 - 2014-11-21 21:31 - 00000000 ____D () C:\FRST
2014-11-19 12:23 - 2014-11-19 12:23 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-11-19 12:19 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:18 - 2014-11-19 12:18 - 00000000 ____D () C:\f51d59639f6019cf70873b34c53d
2014-11-19 12:17 - 2014-11-19 12:18 - 00000000 ____D () C:\943f51668c0a6edb1102cb2000
2014-11-19 11:42 - 2014-11-20 17:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 11:41 - 2014-11-19 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-19 11:40 - 2014-11-19 11:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-19 11:40 - 2014-11-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 11:40 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 11:35 - 2014-11-19 11:35 - 01125200 _____ () C:\Program Files\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-19 11:32 - 2014-11-19 11:32 - 00000104 _____ () C:\Users\XXX\Desktop\Papierkorb - Verknüpfung.lnk
2014-11-18 19:35 - 2014-11-19 13:56 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-18 19:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-18 19:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-18 19:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-18 19:34 - 2014-11-18 19:35 - 00004751 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-18 19:31 - 2014-11-18 19:31 - 00000000 ____D () C:\5e2ab1924bd113b85078a9e6f9ac2e
2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\6f1177ac94c4712ea95f7218c214a1b8
2014-11-14 11:52 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 11:52 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 11:49 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 11:49 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 11:48 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 11:47 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 11:46 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 11:37 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 11:52 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 11:52 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 11:52 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 11:52 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 11:52 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 11:52 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 11:52 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 11:52 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 13:27 - 2014-11-11 13:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 21:28 - 2011-11-25 00:15 - 02015467 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 21:25 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 21:25 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 21:20 - 2013-12-08 12:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 19:41 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-21 19:26 - 2011-11-25 22:16 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-21 19:25 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 20:01 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-20 19:33 - 2008-01-21 08:16 - 00006804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 19:58 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-11-19 19:58 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-11-19 19:55 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 14:20 - 2014-09-02 09:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 14:20 - 2008-03-13 19:02 - 00000000 ____D () C:\Windows\Panther
2014-11-19 13:57 - 2014-05-11 16:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 13:56 - 2014-05-11 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 13:56 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-19 13:55 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Java
2014-11-19 13:42 - 2014-03-31 09:49 - 27737981 _____ () C:\Users\XXX\Desktop\Bilder XXX.zip
2014-11-19 12:23 - 2011-11-25 00:57 - 00000000 ____D () C:\Users\XXX
2014-11-14 13:21 - 2013-04-14 15:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-14 13:21 - 2012-02-23 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-14 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-14 12:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-14 12:22 - 2006-11-02 13:47 - 00389448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-14 11:44 - 2013-08-06 06:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 11:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 22:43 - 2012-05-28 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 12:08 - 2011-11-25 22:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-11-04 14:30 - 2011-11-25 22:39 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 18:23 - 2013-04-14 15:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-31 13:02 - 2011-11-26 01:17 - 00002637 _____ () C:\Users\XXX\Desktop\Microsoft Office Word 2003.lnk

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\temp\Quarantine.exe
C:\Users\XXX\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-21 19:40

==================== End Of Log ============================

--- --- ---

--- --- ---

und

schrauber · 22.11.2014, 18:25

Adobe und thunderbird updaten.

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

Teste WIndows Update nochmal. Wenn es nicht geht brauche ich die genaue Fehlermeldng und um welche Updates (KB Nummer) es geht.

Avast findet nichts aber MBMA einen Trojaner

Plagegeister aller Art und deren Bekämpfung: Avast findet nichts aber MBMA einen Trojaner