| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2015, 23:00
| #16 | |
| /// the machine /// TB-Ausbilder    |  TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivierenZitat:
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 19:21
| #17 |
 | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber,
__________________anbei das Log Code:
ATTFilter 19:10:04.0905 0x1494 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:10:08.0527 0x1494 ============================================================
19:10:08.0527 0x1494 Current date / time: 2015/01/09 19:10:08.0527
19:10:08.0527 0x1494 SystemInfo:
19:10:08.0527 0x1494
19:10:08.0527 0x1494 OS Version: 6.1.7601 ServicePack: 1.0
19:10:08.0527 0x1494 Product type: Workstation
19:10:08.0527 0x1494 ComputerName: LUISE-PC
19:10:08.0527 0x1494 UserName: Luise
19:10:08.0527 0x1494 Windows directory: C:\windows
19:10:08.0527 0x1494 System windows directory: C:\windows
19:10:08.0527 0x1494 Running under WOW64
19:10:08.0527 0x1494 Processor architecture: Intel x64
19:10:08.0527 0x1494 Number of processors: 2
19:10:08.0527 0x1494 Page size: 0x1000
19:10:08.0527 0x1494 Boot type: Normal boot
19:10:08.0527 0x1494 ============================================================
19:10:08.0527 0x1494 BG loaded
19:10:08.0847 0x1494 System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
19:10:09.0257 0x1494 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:09.0257 0x1494 ============================================================
19:10:09.0257 0x1494 \Device\Harddisk0\DR0:
19:10:09.0257 0x1494 MBR partitions:
19:10:09.0257 0x1494 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:10:09.0257 0x1494 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
19:10:09.0297 0x1494 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
19:10:09.0297 0x1494 ============================================================
19:10:09.0327 0x1494 C: <-> \Device\Harddisk0\DR0\Partition2
19:10:09.0357 0x1494 D: <-> \Device\Harddisk0\DR0\Partition3
19:10:09.0357 0x1494 ============================================================
19:10:09.0367 0x1494 Initialize success
19:10:09.0367 0x1494 ============================================================
19:11:14.0100 0x1048 ============================================================
19:11:14.0100 0x1048 Scan started
19:11:14.0100 0x1048 Mode: Manual; SigCheck; TDLFS;
19:11:14.0100 0x1048 ============================================================
19:11:14.0100 0x1048 KSN ping started
19:11:16.0502 0x1048 KSN ping finished: true
19:11:17.0372 0x1048 ================ Scan system memory ========================
19:11:17.0372 0x1048 System memory - ok
19:11:17.0372 0x1048 ================ Scan services =============================
19:11:17.0562 0x1048 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:11:17.0632 0x1048 1394ohci - ok
19:11:17.0642 0x1048 Suspicious service (NoAccess): 6ab48a75c5156135
19:11:17.0672 0x1048 [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] 6ab48a75c5156135 C:\windows\System32\Drivers\6ab48a75c5156135.sys
19:11:17.0672 0x1048 Suspicious file ( NoAccess ): C:\windows\System32\Drivers\6ab48a75c5156135.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
19:11:17.0692 0x1048 6ab48a75c5156135 - detected Rootkit.Win32.Necurs.gen ( 0 )
19:11:20.0154 0x1048 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - infected
19:11:20.0154 0x1048 Force sending object to P2P due to detect: 6ab48a75c5156135
19:11:27.0106 0x1048 Object send P2P result: true
19:11:29.0637 0x1048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:11:29.0677 0x1048 ACPI - ok
19:11:29.0697 0x1048 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:11:29.0717 0x1048 AcpiPmi - ok
19:11:29.0877 0x1048 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:29.0917 0x1048 AdobeFlashPlayerUpdateSvc - ok
19:11:29.0959 0x1048 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:11:29.0979 0x1048 adp94xx - ok
19:11:30.0029 0x1048 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
19:11:30.0049 0x1048 adpahci - ok
19:11:30.0079 0x1048 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:11:30.0099 0x1048 adpu320 - ok
19:11:30.0119 0x1048 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:11:30.0159 0x1048 AeLookupSvc - ok
19:11:30.0249 0x1048 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
19:11:30.0289 0x1048 AFD - ok
19:11:30.0319 0x1048 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
19:11:30.0349 0x1048 agp440 - ok
19:11:30.0389 0x1048 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
19:11:30.0429 0x1048 ALG - ok
19:11:30.0469 0x1048 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
19:11:30.0489 0x1048 aliide - ok
19:11:30.0509 0x1048 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
19:11:30.0519 0x1048 amdide - ok
19:11:30.0549 0x1048 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:11:30.0559 0x1048 AmdK8 - ok
19:11:30.0569 0x1048 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:11:30.0579 0x1048 AmdPPM - ok
19:11:30.0629 0x1048 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:11:30.0659 0x1048 amdsata - ok
19:11:30.0689 0x1048 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:11:30.0709 0x1048 amdsbs - ok
19:11:30.0719 0x1048 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
19:11:30.0729 0x1048 amdxata - ok
19:11:30.0769 0x1048 [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus C:\windows\system32\DRIVERS\lgandbus64.sys
19:11:30.0799 0x1048 Andbus - ok
19:11:30.0819 0x1048 [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag C:\windows\system32\DRIVERS\lganddiag64.sys
19:11:30.0839 0x1048 AndDiag - ok
19:11:30.0849 0x1048 [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps C:\windows\system32\DRIVERS\lgandgps64.sys
19:11:30.0869 0x1048 AndGps - ok
19:11:30.0879 0x1048 [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem C:\windows\system32\DRIVERS\lgandmodem64.sys
19:11:30.0899 0x1048 ANDModem - ok
19:11:31.0049 0x1048 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:11:31.0079 0x1048 AntiVirSchedulerService - ok
19:11:31.0129 0x1048 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:11:31.0139 0x1048 AntiVirService - ok
19:11:31.0199 0x1048 [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
19:11:31.0229 0x1048 AntiVirWebService - ok
19:11:31.0270 0x1048 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
19:11:31.0300 0x1048 AppID - ok
19:11:31.0320 0x1048 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:11:31.0360 0x1048 AppIDSvc - ok
19:11:31.0410 0x1048 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
19:11:31.0440 0x1048 Appinfo - ok
19:11:31.0500 0x1048 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:31.0530 0x1048 Apple Mobile Device - ok
19:11:31.0580 0x1048 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
19:11:31.0590 0x1048 arc - ok
19:11:31.0610 0x1048 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
19:11:31.0620 0x1048 arcsas - ok
19:11:31.0760 0x1048 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:11:31.0790 0x1048 aspnet_state - ok
19:11:31.0820 0x1048 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:11:31.0850 0x1048 AsyncMac - ok
19:11:31.0890 0x1048 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
19:11:31.0900 0x1048 atapi - ok
19:11:31.0920 0x1048 AthBTPort - ok
19:11:32.0060 0x1048 [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr C:\windows\system32\DRIVERS\athrx.sys
19:11:32.0190 0x1048 athr - ok
19:11:32.0250 0x1048 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:11:32.0300 0x1048 AudioEndpointBuilder - ok
19:11:32.0330 0x1048 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:11:32.0380 0x1048 AudioSrv - ok
19:11:32.0450 0x1048 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
19:11:32.0480 0x1048 avgntflt - ok
19:11:32.0530 0x1048 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
19:11:32.0550 0x1048 avipbb - ok
19:11:32.0570 0x1048 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
19:11:32.0590 0x1048 avkmgr - ok
19:11:32.0640 0x1048 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
19:11:32.0680 0x1048 AxInstSV - ok
19:11:32.0730 0x1048 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:11:32.0770 0x1048 b06bdrv - ok
19:11:32.0810 0x1048 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:11:32.0830 0x1048 b57nd60a - ok
19:11:32.0900 0x1048 [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:11:32.0940 0x1048 BBSvc - ok
19:11:32.0980 0x1048 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
19:11:33.0000 0x1048 BDESVC - ok
19:11:33.0040 0x1048 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
19:11:33.0070 0x1048 Beep - ok
19:11:33.0150 0x1048 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
19:11:33.0202 0x1048 BFE - ok
19:11:33.0252 0x1048 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\system32\qmgr.dll
19:11:33.0312 0x1048 BITS - ok
19:11:33.0342 0x1048 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:11:33.0352 0x1048 blbdrive - ok
19:11:33.0442 0x1048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:11:33.0472 0x1048 Bonjour Service - ok
19:11:33.0522 0x1048 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:11:33.0562 0x1048 bowser - ok
19:11:33.0602 0x1048 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:11:33.0632 0x1048 BrFiltLo - ok
19:11:33.0632 0x1048 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:11:33.0652 0x1048 BrFiltUp - ok
19:11:33.0672 0x1048 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:11:33.0712 0x1048 BridgeMP - ok
19:11:33.0762 0x1048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
19:11:33.0792 0x1048 Browser - ok
19:11:33.0822 0x1048 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:11:33.0842 0x1048 Brserid - ok
19:11:33.0862 0x1048 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:11:33.0882 0x1048 BrSerWdm - ok
19:11:33.0902 0x1048 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:11:33.0932 0x1048 BrUsbMdm - ok
19:11:33.0952 0x1048 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:11:33.0972 0x1048 BrUsbSer - ok
19:11:33.0982 0x1048 BTATH_A2DP - ok
19:11:33.0992 0x1048 btath_avdt - ok
19:11:34.0002 0x1048 BTATH_BUS - ok
19:11:34.0012 0x1048 BTATH_HCRP - ok
19:11:34.0032 0x1048 BTATH_LWFLT - ok
19:11:34.0042 0x1048 BTATH_RCP - ok
19:11:34.0052 0x1048 BtFilter - ok
19:11:34.0092 0x1048 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:11:34.0132 0x1048 BthEnum - ok
19:11:34.0152 0x1048 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:11:34.0202 0x1048 BTHMODEM - ok
19:11:34.0222 0x1048 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:11:34.0272 0x1048 BthPan - ok
19:11:34.0342 0x1048 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:11:34.0402 0x1048 BTHPORT - ok
19:11:34.0452 0x1048 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
19:11:34.0502 0x1048 bthserv - ok
19:11:34.0542 0x1048 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:11:34.0572 0x1048 BTHUSB - ok
19:11:34.0622 0x1048 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:11:34.0672 0x1048 cdfs - ok
19:11:34.0692 0x1048 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:11:34.0722 0x1048 cdrom - ok
19:11:34.0752 0x1048 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
19:11:34.0782 0x1048 CertPropSvc - ok
19:11:34.0832 0x1048 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
19:11:34.0872 0x1048 circlass - ok
19:11:34.0912 0x1048 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
19:11:34.0942 0x1048 CLFS - ok
19:11:35.0007 0x1048 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:35.0017 0x1048 clr_optimization_v2.0.50727_32 - ok
19:11:35.0047 0x1048 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:11:35.0067 0x1048 clr_optimization_v2.0.50727_64 - ok
19:11:35.0157 0x1048 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:35.0197 0x1048 clr_optimization_v4.0.30319_32 - ok
19:11:35.0214 0x1048 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:11:35.0229 0x1048 clr_optimization_v4.0.30319_64 - ok
19:11:35.0249 0x1048 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
19:11:35.0259 0x1048 clwvd - ok
19:11:35.0289 0x1048 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:11:35.0299 0x1048 CmBatt - ok
19:11:35.0329 0x1048 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
19:11:35.0339 0x1048 cmdide - ok
19:11:35.0389 0x1048 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
19:11:35.0419 0x1048 CNG - ok
19:11:35.0459 0x1048 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:11:35.0489 0x1048 Compbatt - ok
19:11:35.0509 0x1048 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:11:35.0549 0x1048 CompositeBus - ok
19:11:35.0559 0x1048 COMSysApp - ok
19:11:35.0589 0x1048 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:11:35.0599 0x1048 crcdisk - ok
19:11:35.0659 0x1048 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
19:11:35.0689 0x1048 CryptSvc - ok
19:11:35.0819 0x1048 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:11:35.0859 0x1048 cvhsvc - ok
19:11:35.0909 0x1048 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
19:11:35.0959 0x1048 DcomLaunch - ok
19:11:36.0019 0x1048 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
19:11:36.0069 0x1048 defragsvc - ok
19:11:36.0099 0x1048 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:11:36.0149 0x1048 DfsC - ok
19:11:36.0209 0x1048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
19:11:36.0239 0x1048 Dhcp - ok
19:11:36.0249 0x1048 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
19:11:36.0299 0x1048 discache - ok
19:11:36.0359 0x1048 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
19:11:36.0379 0x1048 Disk - ok
19:11:36.0419 0x1048 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:11:36.0449 0x1048 Dnscache - ok
19:11:36.0479 0x1048 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
19:11:36.0519 0x1048 dot3svc - ok
19:11:36.0529 0x1048 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
19:11:36.0569 0x1048 DPS - ok
19:11:36.0599 0x1048 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:11:36.0649 0x1048 drmkaud - ok
19:11:36.0729 0x1048 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:11:36.0769 0x1048 DXGKrnl - ok
19:11:36.0819 0x1048 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
19:11:36.0879 0x1048 EapHost - ok
19:11:37.0029 0x1048 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
19:11:37.0219 0x1048 ebdrv - ok
19:11:37.0270 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
19:11:37.0300 0x1048 EFS - ok
19:11:37.0400 0x1048 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:11:37.0440 0x1048 ehRecvr - ok
19:11:37.0450 0x1048 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
19:11:37.0460 0x1048 ehSched - ok
19:11:37.0530 0x1048 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:11:37.0560 0x1048 elxstor - ok
19:11:37.0580 0x1048 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
19:11:37.0590 0x1048 ErrDev - ok
19:11:37.0680 0x1048 [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD C:\windows\system32\DRIVERS\ETD.sys
19:11:37.0720 0x1048 ETD - ok
19:11:37.0790 0x1048 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
19:11:37.0840 0x1048 EventSystem - ok
19:11:37.0870 0x1048 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
19:11:37.0930 0x1048 exfat - ok
19:11:37.0950 0x1048 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
19:11:37.0990 0x1048 fastfat - ok
19:11:38.0070 0x1048 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
19:11:38.0100 0x1048 Fax - ok
19:11:38.0130 0x1048 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
19:11:38.0140 0x1048 fdc - ok
19:11:38.0170 0x1048 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
19:11:38.0200 0x1048 fdPHost - ok
19:11:38.0210 0x1048 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
19:11:38.0250 0x1048 FDResPub - ok
19:11:38.0270 0x1048 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:11:38.0280 0x1048 FileInfo - ok
19:11:38.0310 0x1048 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:11:38.0350 0x1048 Filetrace - ok
19:11:38.0360 0x1048 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:11:38.0370 0x1048 flpydisk - ok
19:11:38.0400 0x1048 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:11:38.0420 0x1048 FltMgr - ok
19:11:38.0510 0x1048 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
19:11:38.0570 0x1048 FontCache - ok
19:11:38.0620 0x1048 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:38.0630 0x1048 FontCache3.0.0.0 - ok
19:11:38.0650 0x1048 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:11:38.0660 0x1048 FsDepends - ok
19:11:38.0690 0x1048 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:11:38.0700 0x1048 Fs_Rec - ok
19:11:38.0750 0x1048 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:11:38.0770 0x1048 fvevol - ok
19:11:38.0800 0x1048 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:11:38.0810 0x1048 gagp30kx - ok
19:11:38.0880 0x1048 [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
19:11:38.0910 0x1048 GameConsoleService - ok
19:11:38.0940 0x1048 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:38.0950 0x1048 GEARAspiWDM - ok
19:11:39.0000 0x1048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
19:11:39.0060 0x1048 gpsvc - ok
19:11:39.0170 0x1048 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:11:39.0190 0x1048 gupdate - ok
19:11:39.0210 0x1048 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:11:39.0220 0x1048 gupdatem - ok
19:11:39.0260 0x1048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:11:39.0270 0x1048 gusvc - ok
19:11:39.0290 0x1048 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:11:39.0340 0x1048 hcw85cir - ok
19:11:39.0380 0x1048 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:11:39.0430 0x1048 HdAudAddService - ok
19:11:39.0450 0x1048 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:11:39.0490 0x1048 HDAudBus - ok
19:11:39.0510 0x1048 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:11:39.0530 0x1048 HidBatt - ok
19:11:39.0540 0x1048 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:11:39.0570 0x1048 HidBth - ok
19:11:39.0630 0x1048 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
19:11:39.0660 0x1048 HidIr - ok
19:11:39.0690 0x1048 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\System32\hidserv.dll
19:11:39.0730 0x1048 hidserv - ok
19:11:39.0780 0x1048 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
19:11:39.0830 0x1048 HidUsb - ok
19:11:39.0850 0x1048 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
19:11:39.0900 0x1048 hkmsvc - ok
19:11:39.0920 0x1048 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:11:39.0940 0x1048 HomeGroupListener - ok
19:11:39.0970 0x1048 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:11:39.0991 0x1048 HomeGroupProvider - ok
19:11:40.0031 0x1048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:11:40.0051 0x1048 HpSAMD - ok
19:11:40.0101 0x1048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:11:40.0181 0x1048 HTTP - ok
19:11:40.0211 0x1048 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:11:40.0221 0x1048 hwpolicy - ok
19:11:40.0271 0x1048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:11:40.0301 0x1048 i8042prt - ok
19:11:40.0391 0x1048 [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:11:40.0421 0x1048 iaStor - ok
19:11:40.0491 0x1048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:11:40.0521 0x1048 iaStorV - ok
19:11:40.0611 0x1048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:11:40.0651 0x1048 idsvc - ok
19:11:40.0691 0x1048 IEEtwCollectorService - ok
19:11:41.0131 0x1048 [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:11:41.0771 0x1048 igfx - ok
19:11:41.0851 0x1048 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:11:41.0881 0x1048 iirsp - ok
19:11:41.0941 0x1048 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
19:11:41.0981 0x1048 IKEEXT - ok
19:11:42.0141 0x1048 [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:11:42.0241 0x1048 IntcAzAudAddService - ok
19:11:42.0291 0x1048 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:11:42.0341 0x1048 IntcDAud - ok
19:11:42.0361 0x1048 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
19:11:42.0371 0x1048 intelide - ok
19:11:42.0421 0x1048 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:11:42.0461 0x1048 intelppm - ok
19:11:42.0511 0x1048 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:11:42.0561 0x1048 IPBusEnum - ok
19:11:42.0581 0x1048 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:11:42.0651 0x1048 IpFilterDriver - ok
19:11:42.0731 0x1048 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:11:42.0771 0x1048 iphlpsvc - ok
19:11:42.0781 0x1048 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:11:42.0801 0x1048 IPMIDRV - ok
19:11:42.0821 0x1048 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:11:42.0871 0x1048 IPNAT - ok
19:11:42.0911 0x1048 [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:11:42.0941 0x1048 iPod Service - ok
19:11:42.0961 0x1048 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
19:11:42.0971 0x1048 IRENUM - ok
19:11:43.0001 0x1048 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:11:43.0011 0x1048 isapnp - ok
19:11:43.0041 0x1048 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:11:43.0061 0x1048 iScsiPrt - ok
19:11:43.0091 0x1048 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:11:43.0101 0x1048 kbdclass - ok
19:11:43.0131 0x1048 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:11:43.0161 0x1048 kbdhid - ok
19:11:43.0181 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
19:11:43.0191 0x1048 KeyIso - ok
19:11:43.0231 0x1048 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:11:43.0261 0x1048 KSecDD - ok
19:11:43.0281 0x1048 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:11:43.0291 0x1048 KSecPkg - ok
19:11:43.0321 0x1048 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:11:43.0371 0x1048 ksthunk - ok
19:11:43.0411 0x1048 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
19:11:43.0461 0x1048 KtmRm - ok
19:11:43.0491 0x1048 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\System32\srvsvc.dll
19:11:43.0541 0x1048 LanmanServer - ok
19:11:43.0561 0x1048 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:11:43.0601 0x1048 LanmanWorkstation - ok
19:11:43.0641 0x1048 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:11:43.0691 0x1048 lltdio - ok
19:11:43.0731 0x1048 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
19:11:43.0781 0x1048 lltdsvc - ok
19:11:43.0801 0x1048 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
19:11:43.0841 0x1048 lmhosts - ok
19:11:43.0931 0x1048 [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:11:43.0961 0x1048 LMS - ok
19:11:44.0001 0x1048 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:11:44.0011 0x1048 LSI_FC - ok
19:11:44.0041 0x1048 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:11:44.0051 0x1048 LSI_SAS - ok
19:11:44.0061 0x1048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:11:44.0071 0x1048 LSI_SAS2 - ok
19:11:44.0091 0x1048 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:11:44.0101 0x1048 LSI_SCSI - ok
19:11:44.0131 0x1048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
19:11:44.0191 0x1048 luafv - ok
19:11:44.0221 0x1048 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:11:44.0241 0x1048 Mcx2Svc - ok
19:11:44.0261 0x1048 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
19:11:44.0271 0x1048 megasas - ok
19:11:44.0301 0x1048 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:11:44.0321 0x1048 MegaSR - ok
19:11:44.0361 0x1048 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:11:44.0371 0x1048 MEIx64 - ok
19:11:44.0401 0x1048 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
19:11:44.0441 0x1048 MMCSS - ok
19:11:44.0451 0x1048 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
19:11:44.0491 0x1048 Modem - ok
19:11:44.0521 0x1048 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:11:44.0551 0x1048 monitor - ok
19:11:44.0571 0x1048 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:11:44.0591 0x1048 mouclass - ok
19:11:44.0631 0x1048 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:11:44.0651 0x1048 mouhid - ok
19:11:44.0681 0x1048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:11:44.0691 0x1048 mountmgr - ok
19:11:44.0711 0x1048 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
19:11:44.0721 0x1048 mpio - ok
19:11:44.0751 0x1048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:11:44.0791 0x1048 mpsdrv - ok
19:11:44.0851 0x1048 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
19:11:44.0951 0x1048 MpsSvc - ok
19:11:44.0991 0x1048 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:11:45.0012 0x1048 MRxDAV - ok
19:11:45.0042 0x1048 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:11:45.0082 0x1048 mrxsmb - ok
19:11:45.0092 0x1048 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:11:45.0112 0x1048 mrxsmb10 - ok
19:11:45.0142 0x1048 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:11:45.0152 0x1048 mrxsmb20 - ok
19:11:45.0182 0x1048 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
19:11:45.0192 0x1048 msahci - ok
19:11:45.0232 0x1048 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:11:45.0242 0x1048 msdsm - ok
19:11:45.0262 0x1048 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
19:11:45.0282 0x1048 MSDTC - ok
19:11:45.0312 0x1048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:11:45.0362 0x1048 Msfs - ok
19:11:45.0382 0x1048 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:11:45.0432 0x1048 mshidkmdf - ok
19:11:45.0462 0x1048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:11:45.0472 0x1048 msisadrv - ok
19:11:45.0522 0x1048 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:11:45.0582 0x1048 MSiSCSI - ok
19:11:45.0592 0x1048 msiserver - ok
19:11:45.0632 0x1048 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:11:45.0682 0x1048 MSKSSRV - ok
19:11:45.0702 0x1048 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:11:45.0742 0x1048 MSPCLOCK - ok
19:11:45.0772 0x1048 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:11:45.0822 0x1048 MSPQM - ok
19:11:45.0852 0x1048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:11:45.0872 0x1048 MsRPC - ok
19:11:45.0892 0x1048 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:11:45.0902 0x1048 mssmbios - ok
19:11:45.0922 0x1048 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:11:45.0972 0x1048 MSTEE - ok
19:11:46.0002 0x1048 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:11:46.0022 0x1048 MTConfig - ok
19:11:46.0032 0x1048 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
19:11:46.0042 0x1048 Mup - ok
19:11:46.0082 0x1048 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
19:11:46.0142 0x1048 napagent - ok
19:11:46.0192 0x1048 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:11:46.0222 0x1048 NativeWifiP - ok
19:11:46.0292 0x1048 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
19:11:46.0332 0x1048 NDIS - ok
19:11:46.0372 0x1048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:11:46.0422 0x1048 NdisCap - ok
19:11:46.0462 0x1048 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:11:46.0502 0x1048 NdisTapi - ok
19:11:46.0512 0x1048 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:11:46.0562 0x1048 Ndisuio - ok
19:11:46.0582 0x1048 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:11:46.0632 0x1048 NdisWan - ok
19:11:46.0662 0x1048 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:11:46.0712 0x1048 NDProxy - ok
19:11:46.0852 0x1048 [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
19:11:46.0872 0x1048 NeroMediaHomeService.4 - ok
19:11:46.0892 0x1048 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:11:46.0952 0x1048 NetBIOS - ok
19:11:46.0982 0x1048 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:11:47.0022 0x1048 NetBT - ok
19:11:47.0052 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
19:11:47.0062 0x1048 Netlogon - ok
19:11:47.0092 0x1048 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
19:11:47.0162 0x1048 Netman - ok
19:11:47.0222 0x1048 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0252 0x1048 NetMsmqActivator - ok
19:11:47.0262 0x1048 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0282 0x1048 NetPipeActivator - ok
19:11:47.0322 0x1048 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
19:11:47.0372 0x1048 netprofm - ok
19:11:47.0422 0x1048 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0432 0x1048 NetTcpActivator - ok
19:11:47.0442 0x1048 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0452 0x1048 NetTcpPortSharing - ok
19:11:47.0902 0x1048 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
19:11:48.0492 0x1048 NETwNs64 - ok
19:11:48.0552 0x1048 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:11:48.0562 0x1048 nfrd960 - ok
19:11:48.0602 0x1048 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
19:11:48.0622 0x1048 NlaSvc - ok
19:11:48.0762 0x1048 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:11:48.0846 0x1048 NOBU - ok
19:11:48.0876 0x1048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
19:11:48.0906 0x1048 Npfs - ok
19:11:48.0936 0x1048 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
19:11:48.0976 0x1048 nsi - ok
19:11:48.0996 0x1048 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:11:49.0038 0x1048 nsiproxy - ok
19:11:49.0130 0x1048 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:11:49.0190 0x1048 Ntfs - ok
19:11:49.0230 0x1048 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
19:11:49.0280 0x1048 Null - ok
19:11:49.0774 0x1048 [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:11:50.0320 0x1048 nvlddmkm - ok
19:11:50.0400 0x1048 [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
19:11:50.0410 0x1048 nvpciflt - ok
19:11:50.0440 0x1048 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
19:11:50.0460 0x1048 nvraid - ok
19:11:50.0490 0x1048 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
19:11:50.0500 0x1048 nvstor - ok
19:11:50.0580 0x1048 [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc C:\windows\system32\nvvsvc.exe
19:11:50.0620 0x1048 NVSvc - ok
19:11:50.0761 0x1048 [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:11:50.0822 0x1048 nvUpdatusService - ok
19:11:50.0852 0x1048 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:11:50.0862 0x1048 nv_agp - ok
19:11:50.0872 0x1048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:11:50.0892 0x1048 ohci1394 - ok
19:11:50.0922 0x1048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:50.0942 0x1048 ose - ok
19:11:51.0162 0x1048 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:11:51.0362 0x1048 osppsvc - ok
19:11:51.0402 0x1048 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:11:51.0442 0x1048 p2pimsvc - ok
19:11:51.0482 0x1048 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
19:11:51.0512 0x1048 p2psvc - ok
19:11:51.0552 0x1048 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
19:11:51.0562 0x1048 Parport - ok
19:11:51.0592 0x1048 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
19:11:51.0602 0x1048 partmgr - ok
19:11:51.0622 0x1048 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
19:11:51.0662 0x1048 PcaSvc - ok
19:11:51.0692 0x1048 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
19:11:51.0712 0x1048 pci - ok
19:11:51.0752 0x1048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
19:11:51.0762 0x1048 pciide - ok
19:11:51.0792 0x1048 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:11:51.0812 0x1048 pcmcia - ok
19:11:51.0822 0x1048 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
19:11:51.0842 0x1048 pcw - ok
19:11:51.0872 0x1048 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:11:51.0942 0x1048 PEAUTH - ok
19:11:52.0022 0x1048 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
19:11:52.0052 0x1048 PerfHost - ok
19:11:52.0122 0x1048 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
19:11:52.0222 0x1048 pla - ok
19:11:52.0303 0x1048 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:11:52.0353 0x1048 PlugPlay - ok
19:11:52.0383 0x1048 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:11:52.0413 0x1048 PNRPAutoReg - ok
19:11:52.0443 0x1048 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:11:52.0463 0x1048 PNRPsvc - ok
19:11:52.0503 0x1048 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:11:52.0553 0x1048 PolicyAgent - ok
19:11:52.0583 0x1048 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
19:11:52.0623 0x1048 Power - ok
19:11:52.0673 0x1048 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:11:52.0713 0x1048 PptpMiniport - ok
19:11:52.0723 0x1048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
19:11:52.0753 0x1048 Processor - ok
19:11:52.0773 0x1048 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
19:11:52.0813 0x1048 ProfSvc - ok
19:11:52.0833 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
19:11:52.0843 0x1048 ProtectedStorage - ok
19:11:52.0873 0x1048 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:11:52.0923 0x1048 Psched - ok
19:11:53.0003 0x1048 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:11:53.0063 0x1048 ql2300 - ok
19:11:53.0083 0x1048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:11:53.0093 0x1048 ql40xx - ok
19:11:53.0133 0x1048 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
19:11:53.0153 0x1048 QWAVE - ok
19:11:53.0183 0x1048 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:11:53.0213 0x1048 QWAVEdrv - ok
19:11:53.0213 0x1048 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:11:53.0263 0x1048 RasAcd - ok
19:11:53.0303 0x1048 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:11:53.0343 0x1048 RasAgileVpn - ok
19:11:53.0363 0x1048 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
19:11:53.0403 0x1048 RasAuto - ok
19:11:53.0443 0x1048 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:11:53.0483 0x1048 Rasl2tp - ok
19:11:53.0523 0x1048 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
19:11:53.0573 0x1048 RasMan - ok
19:11:53.0593 0x1048 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:11:53.0653 0x1048 RasPppoe - ok
19:11:53.0673 0x1048 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:11:53.0723 0x1048 RasSstp - ok
19:11:53.0753 0x1048 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:11:53.0803 0x1048 rdbss - ok
19:11:53.0833 0x1048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:11:53.0843 0x1048 rdpbus - ok
19:11:53.0863 0x1048 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:11:53.0903 0x1048 RDPCDD - ok
19:11:53.0913 0x1048 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:11:53.0963 0x1048 RDPENCDD - ok
19:11:53.0993 0x1048 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:11:54.0033 0x1048 RDPREFMP - ok
19:11:54.0063 0x1048 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:11:54.0093 0x1048 RDPWD - ok
19:11:54.0113 0x1048 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:11:54.0133 0x1048 rdyboost - ok
19:11:54.0163 0x1048 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
19:11:54.0203 0x1048 RemoteAccess - ok
19:11:54.0223 0x1048 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:11:54.0263 0x1048 RemoteRegistry - ok
19:11:54.0283 0x1048 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:11:54.0313 0x1048 RFCOMM - ok
19:11:54.0383 0x1048 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:11:54.0403 0x1048 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
19:11:56.0755 0x1048 Detect skipped due to KSN trusted
19:11:56.0755 0x1048 RichVideo - ok
19:11:56.0795 0x1048 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:11:56.0835 0x1048 RpcEptMapper - ok
19:11:56.0865 0x1048 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
19:11:56.0875 0x1048 RpcLocator - ok
19:11:56.0895 0x1048 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
19:11:56.0945 0x1048 RpcSs - ok
19:11:56.0975 0x1048 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:11:57.0025 0x1048 rspndr - ok
19:11:57.0075 0x1048 [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:11:57.0095 0x1048 RTL8167 - ok
19:11:57.0165 0x1048 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys
19:11:57.0185 0x1048 rtport - ok
19:11:57.0215 0x1048 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys
19:11:57.0245 0x1048 SABI - ok
19:11:57.0265 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
19:11:57.0285 0x1048 SamSs - ok
19:11:57.0315 0x1048 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:11:57.0325 0x1048 sbp2port - ok
19:11:57.0355 0x1048 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
19:11:57.0405 0x1048 SCardSvr - ok
19:11:57.0415 0x1048 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:11:57.0455 0x1048 scfilter - ok
19:11:57.0505 0x1048 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
19:11:57.0585 0x1048 Schedule - ok
19:11:57.0605 0x1048 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
19:11:57.0645 0x1048 SCPolicySvc - ok
19:11:57.0675 0x1048 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:11:57.0695 0x1048 SDRSVC - ok
19:11:57.0855 0x1048 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:11:57.0905 0x1048 SDScannerService - ok
19:11:58.0045 0x1048 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:11:58.0115 0x1048 SDUpdateService - ok
19:11:58.0135 0x1048 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:11:58.0145 0x1048 SDWSCService - ok
19:11:58.0185 0x1048 [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:11:58.0205 0x1048 SeaPort - ok
19:11:58.0235 0x1048 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
19:11:58.0275 0x1048 secdrv - ok
19:11:58.0305 0x1048 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
19:11:58.0335 0x1048 seclogon - ok
19:11:58.0345 0x1048 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\system32\sens.dll
19:11:58.0385 0x1048 SENS - ok
19:11:58.0395 0x1048 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
19:11:58.0425 0x1048 SensrSvc - ok
19:11:58.0455 0x1048 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
19:11:58.0475 0x1048 Serenum - ok
19:11:58.0485 0x1048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
19:11:58.0505 0x1048 Serial - ok
19:11:58.0545 0x1048 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
19:11:58.0555 0x1048 sermouse - ok
19:11:58.0585 0x1048 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
19:11:58.0625 0x1048 SessionEnv - ok
19:11:58.0635 0x1048 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:11:58.0655 0x1048 sffdisk - ok
19:11:58.0655 0x1048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:11:58.0675 0x1048 sffp_mmc - ok
19:11:58.0675 0x1048 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:11:58.0705 0x1048 sffp_sd - ok
19:11:58.0715 0x1048 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:11:58.0735 0x1048 sfloppy - ok
19:11:58.0845 0x1048 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
19:11:58.0885 0x1048 Sftfs - ok
19:11:58.0975 0x1048 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:11:59.0005 0x1048 sftlist - ok
19:11:59.0025 0x1048 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
19:11:59.0045 0x1048 Sftplay - ok
19:11:59.0075 0x1048 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
19:11:59.0085 0x1048 Sftredir - ok
19:11:59.0105 0x1048 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
19:11:59.0115 0x1048 Sftvol - ok
19:11:59.0155 0x1048 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:11:59.0165 0x1048 sftvsa - ok
19:11:59.0215 0x1048 [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
19:11:59.0255 0x1048 SGDrv - ok
19:11:59.0295 0x1048 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
19:11:59.0345 0x1048 SharedAccess - ok
19:11:59.0375 0x1048 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:11:59.0425 0x1048 ShellHWDetection - ok
19:11:59.0465 0x1048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:11:59.0495 0x1048 SiSRaid2 - ok
19:11:59.0525 0x1048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:11:59.0535 0x1048 SiSRaid4 - ok
19:11:59.0595 0x1048 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:11:59.0615 0x1048 SkypeUpdate - ok
19:11:59.0645 0x1048 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:11:59.0695 0x1048 Smb - ok
19:11:59.0745 0x1048 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:11:59.0765 0x1048 SNMPTRAP - ok
19:11:59.0785 0x1048 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
19:11:59.0795 0x1048 spldr - ok
19:11:59.0835 0x1048 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
19:11:59.0885 0x1048 Spooler - ok
19:12:00.0035 0x1048 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
19:12:00.0226 0x1048 sppsvc - ok
19:12:00.0246 0x1048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:12:00.0286 0x1048 sppuinotify - ok
19:12:00.0326 0x1048 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
19:12:00.0386 0x1048 srv - ok
19:12:00.0426 0x1048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:12:00.0466 0x1048 srv2 - ok
19:12:00.0476 0x1048 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:12:00.0506 0x1048 srvnet - ok
19:12:00.0526 0x1048 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:12:00.0566 0x1048 SSDPSRV - ok
19:12:00.0576 0x1048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
19:12:00.0616 0x1048 SstpSvc - ok
19:12:00.0646 0x1048 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
19:12:00.0656 0x1048 stexstor - ok
19:12:00.0726 0x1048 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
19:12:00.0756 0x1048 stisvc - ok
19:12:00.0776 0x1048 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:12:00.0786 0x1048 swenum - ok
19:12:00.0826 0x1048 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
19:12:00.0896 0x1048 swprv - ok
19:12:00.0986 0x1048 SWUpdateService - ok
19:12:01.0088 0x1048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
19:12:01.0178 0x1048 SysMain - ok
19:12:01.0208 0x1048 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
19:12:01.0228 0x1048 TabletInputService - ok
19:12:01.0248 0x1048 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
19:12:01.0298 0x1048 TapiSrv - ok
19:12:01.0308 0x1048 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
19:12:01.0338 0x1048 TBS - ok
19:12:01.0448 0x1048 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:12:01.0518 0x1048 Tcpip - ok
19:12:01.0618 0x1048 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:12:01.0678 0x1048 TCPIP6 - ok
19:12:01.0718 0x1048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:12:01.0738 0x1048 tcpipreg - ok
19:12:01.0778 0x1048 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:12:01.0828 0x1048 TDPIPE - ok
19:12:01.0848 0x1048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:12:01.0868 0x1048 TDTCP - ok
19:12:01.0888 0x1048 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:12:01.0938 0x1048 tdx - ok
19:12:01.0968 0x1048 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:12:01.0978 0x1048 TermDD - ok
19:12:02.0048 0x1048 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
19:12:02.0118 0x1048 TermService - ok
19:12:02.0128 0x1048 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
19:12:02.0158 0x1048 Themes - ok
19:12:02.0188 0x1048 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
19:12:02.0228 0x1048 THREADORDER - ok
19:12:02.0258 0x1048 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
19:12:02.0298 0x1048 TrkWks - ok
19:12:02.0368 0x1048 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:12:02.0418 0x1048 TrustedInstaller - ok
19:12:02.0448 0x1048 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:12:02.0478 0x1048 tssecsrv - ok
19:12:02.0498 0x1048 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:12:02.0528 0x1048 TsUsbFlt - ok
19:12:02.0548 0x1048 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:12:02.0568 0x1048 TsUsbGD - ok
19:12:02.0598 0x1048 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:12:02.0648 0x1048 tunnel - ok
19:12:02.0668 0x1048 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:12:02.0678 0x1048 uagp35 - ok
19:12:02.0708 0x1048 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:12:02.0788 0x1048 udfs - ok
19:12:02.0818 0x1048 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
19:12:02.0828 0x1048 UI0Detect - ok
19:12:02.0858 0x1048 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:12:02.0868 0x1048 uliagpkx - ok
19:12:02.0878 0x1048 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:12:02.0908 0x1048 umbus - ok
19:12:02.0948 0x1048 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
19:12:02.0948 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:12:02.0948 0x1048 UmPass - detected LockedFile.Multi.Generic ( 1 )
19:12:05.0350 0x1048 Detect skipped due to KSN trusted
19:12:05.0350 0x1048 UmPass - ok
19:12:05.0560 0x1048 [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:12:05.0640 0x1048 UNS - ok
19:12:05.0690 0x1048 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
19:12:05.0750 0x1048 upnphost - ok
19:12:05.0770 0x1048 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:12:05.0800 0x1048 USBAAPL64 - ok
19:12:05.0870 0x1048 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:12:05.0870 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A
19:12:05.0870 0x1048 usbaudio - detected LockedFile.Multi.Generic ( 1 )
19:12:08.0250 0x1048 Detect skipped due to KSN trusted
19:12:08.0250 0x1048 usbaudio - ok
19:12:08.0310 0x1048 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:12:08.0310 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
19:12:08.0310 0x1048 usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:12:10.0703 0x1048 Detect skipped due to KSN trusted
19:12:10.0703 0x1048 usbccgp - ok
19:12:10.0783 0x1048 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
19:12:10.0783 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
19:12:10.0783 0x1048 usbcir - detected LockedFile.Multi.Generic ( 1 )
19:12:13.0163 0x1048 Detect skipped due to KSN trusted
19:12:13.0163 0x1048 usbcir - ok
19:12:13.0213 0x1048 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
19:12:13.0223 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
19:12:13.0223 0x1048 usbehci - detected LockedFile.Multi.Generic ( 1 )
19:12:15.0609 0x1048 Detect skipped due to KSN trusted
19:12:15.0609 0x1048 usbehci - ok
19:12:15.0699 0x1048 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:12:15.0699 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
19:12:15.0699 0x1048 usbhub - detected LockedFile.Multi.Generic ( 1 )
19:12:21.0375 0x1048 Detect skipped due to KSN trusted
19:12:21.0375 0x1048 usbhub - ok
19:12:21.0425 0x1048 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
19:12:21.0425 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
19:12:21.0425 0x1048 usbohci - detected LockedFile.Multi.Generic ( 1 )
19:12:23.0805 0x1048 Detect skipped due to KSN trusted
19:12:23.0805 0x1048 usbohci - ok
19:12:23.0855 0x1048 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:12:23.0855 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:12:23.0855 0x1048 usbprint - detected LockedFile.Multi.Generic ( 1 )
19:12:26.0247 0x1048 Detect skipped due to KSN trusted
19:12:26.0247 0x1048 usbprint - ok
19:12:26.0327 0x1048 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\drivers\usbscan.sys
19:12:26.0327 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
19:12:26.0327 0x1048 usbscan - detected LockedFile.Multi.Generic ( 1 )
19:12:28.0697 0x1048 Detect skipped due to KSN trusted
19:12:28.0697 0x1048 usbscan - ok
19:12:28.0717 0x1048 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:12:28.0717 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
19:12:28.0717 0x1048 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:12:31.0079 0x1048 Detect skipped due to KSN trusted
19:12:31.0079 0x1048 USBSTOR - ok
19:12:31.0129 0x1048 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:12:31.0129 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
19:12:31.0129 0x1048 usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:12:33.0509 0x1048 Detect skipped due to KSN trusted
19:12:33.0509 0x1048 usbuhci - ok
19:12:33.0569 0x1048 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:12:33.0569 0x1048 Suspicious file ( NoAccess ): C:\windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
19:12:33.0569 0x1048 usbvideo - detected LockedFile.Multi.Generic ( 1 )
19:12:35.0970 0x1048 Detect skipped due to KSN trusted
19:12:35.0970 0x1048 usbvideo - ok
19:12:36.0010 0x1048 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
19:12:36.0080 0x1048 UxSms - ok
19:12:36.0100 0x1048 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
19:12:36.0110 0x1048 VaultSvc - ok
19:12:36.0130 0x1048 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:12:36.0130 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:12:36.0140 0x1048 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:12:38.0520 0x1048 Detect skipped due to KSN trusted
19:12:38.0520 0x1048 vdrvroot - ok
19:12:38.0590 0x1048 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
19:12:38.0680 0x1048 vds - ok
19:12:38.0720 0x1048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:12:38.0720 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:12:38.0720 0x1048 vga - detected LockedFile.Multi.Generic ( 1 )
19:12:41.0112 0x1048 Detect skipped due to KSN trusted
19:12:41.0112 0x1048 vga - ok
19:12:41.0152 0x1048 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
19:12:41.0152 0x1048 Suspicious file ( NoAccess ): C:\windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:12:41.0152 0x1048 VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:12:43.0523 0x1048 Detect skipped due to KSN trusted
19:12:43.0523 0x1048 VgaSave - ok
19:12:43.0583 0x1048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:12:43.0583 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
19:12:43.0583 0x1048 vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:12:45.0975 0x1048 Detect skipped due to KSN trusted
19:12:45.0975 0x1048 vhdmp - ok
19:12:46.0005 0x1048 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
19:12:46.0005 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:12:46.0005 0x1048 viaide - detected LockedFile.Multi.Generic ( 1 )
19:12:48.0375 0x1048 Detect skipped due to KSN trusted
19:12:48.0375 0x1048 viaide - ok
19:12:48.0455 0x1048 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:12:48.0455 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
19:12:48.0455 0x1048 volmgr - detected LockedFile.Multi.Generic ( 1 )
19:12:50.0827 0x1048 Detect skipped due to KSN trusted
19:12:50.0827 0x1048 volmgr - ok
19:12:50.0887 0x1048 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:12:50.0887 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
19:12:50.0887 0x1048 volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:12:53.0267 0x1048 Detect skipped due to KSN trusted
19:12:53.0267 0x1048 volmgrx - ok
19:12:53.0337 0x1048 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
19:12:53.0337 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\volsnap.sys. md5: DF8126BD41180351A093A3AD2FC8903B, sha256: AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A
19:12:53.0337 0x1048 volsnap - detected LockedFile.Multi.Generic ( 1 )
19:12:55.0710 0x1048 Detect skipped due to KSN trusted
19:12:55.0710 0x1048 volsnap - ok
19:12:55.0760 0x1048 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:12:55.0760 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:12:55.0760 0x1048 vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0200 0x1048 Detect skipped due to KSN trusted
19:12:58.0200 0x1048 vsmraid - ok
19:12:58.0330 0x1048 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
19:12:58.0430 0x1048 VSS - ok
19:12:58.0440 0x1048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:12:58.0440 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:12:58.0450 0x1048 vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:13:00.0812 0x1048 Detect skipped due to KSN trusted
19:13:00.0812 0x1048 vwifibus - ok
19:13:00.0862 0x1048 [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:13:00.0862 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwififlt.sys. md5: 13A0DECD1794DE60A8427862C8669D27, sha256: 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF
19:13:00.0872 0x1048 vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:13:03.0242 0x1048 Detect skipped due to KSN trusted
19:13:03.0242 0x1048 vwififlt - ok
19:13:03.0322 0x1048 [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:13:03.0322 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifimp.sys. md5: 49003B357D101CDC474937437ECF5ABC, sha256: D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6
19:13:03.0322 0x1048 vwifimp - detected LockedFile.Multi.Generic ( 1 )
19:13:05.0714 0x1048 Detect skipped due to KSN trusted
19:13:05.0714 0x1048 vwifimp - ok
19:13:05.0774 0x1048 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
19:13:05.0844 0x1048 W32Time - ok
19:13:05.0874 0x1048 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:13:05.0874 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:13:05.0874 0x1048 WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:13:08.0234 0x1048 Detect skipped due to KSN trusted
19:13:08.0234 0x1048 WacomPen - ok
19:13:08.0294 0x1048 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:13:08.0294 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:13:08.0294 0x1048 WANARP - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0676 0x1048 Detect skipped due to KSN trusted
19:13:10.0676 0x1048 WANARP - ok
19:13:10.0716 0x1048 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:13:10.0716 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:13:10.0716 0x1048 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0716 0x1048 Detect skipped due to KSN trusted
19:13:10.0716 0x1048 Wanarpv6 - ok
19:13:10.0816 0x1048 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
19:13:10.0896 0x1048 wbengine - ok
19:13:10.0916 0x1048 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:13:10.0946 0x1048 WbioSrvc - ok
19:13:10.0986 0x1048 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
19:13:11.0056 0x1048 wcncsvc - ok
19:13:11.0076 0x1048 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:13:11.0096 0x1048 WcsPlugInService - ok
19:13:11.0116 0x1048 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
19:13:11.0126 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:13:11.0126 0x1048 Wd - detected LockedFile.Multi.Generic ( 1 )
19:13:13.0496 0x1048 Detect skipped due to KSN trusted
19:13:13.0496 0x1048 Wd - ok
19:13:13.0596 0x1048 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:13:13.0596 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
19:13:13.0596 0x1048 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:13:15.0980 0x1048 Detect skipped due to KSN trusted
19:13:15.0980 0x1048 Wdf01000 - ok
19:13:16.0020 0x1048 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
19:13:16.0120 0x1048 WdiServiceHost - ok
19:13:16.0130 0x1048 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
19:13:16.0160 0x1048 WdiSystemHost - ok
19:13:16.0210 0x1048 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
19:13:16.0240 0x1048 WebClient - ok
19:13:16.0260 0x1048 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
19:13:16.0310 0x1048 Wecsvc - ok
19:13:16.0320 0x1048 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:13:16.0360 0x1048 wercplsupport - ok
19:13:16.0400 0x1048 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
19:13:16.0440 0x1048 WerSvc - ok
19:13:16.0460 0x1048 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:13:16.0460 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:13:16.0460 0x1048 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:13:18.0830 0x1048 Detect skipped due to KSN trusted
19:13:18.0830 0x1048 WfpLwf - ok
19:13:18.0900 0x1048 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:13:18.0900 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:13:18.0900 0x1048 WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:13:21.0282 0x1048 Detect skipped due to KSN trusted
19:13:21.0282 0x1048 WIMMount - ok
19:13:21.0302 0x1048 WinDefend - ok
19:13:21.0332 0x1048 WinHttpAutoProxySvc - ok
19:13:21.0412 0x1048 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:13:21.0462 0x1048 Winmgmt - ok
19:13:21.0552 0x1048 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
19:13:21.0662 0x1048 WinRM - ok
19:13:21.0712 0x1048 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:13:21.0712 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
19:13:21.0732 0x1048 WinUsb - detected LockedFile.Multi.Generic ( 1 )
19:13:25.0052 0x1048 Detect skipped due to KSN trusted
19:13:25.0052 0x1048 WinUsb - ok
19:13:25.0172 0x1048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
19:13:25.0222 0x1048 Wlansvc - ok
19:13:25.0292 0x1048 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:13:25.0322 0x1048 wlcrasvc - ok
19:13:25.0472 0x1048 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:13:25.0552 0x1048 wlidsvc - ok
19:13:25.0572 0x1048 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:13:25.0572 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:13:25.0572 0x1048 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:13:27.0942 0x1048 Detect skipped due to KSN trusted
19:13:27.0942 0x1048 WmiAcpi - ok
19:13:28.0012 0x1048 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:13:28.0062 0x1048 wmiApSrv - ok
19:13:28.0098 0x1048 WMPNetworkSvc - ok
19:13:28.0134 0x1048 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
19:13:28.0164 0x1048 WPCSvc - ok
19:13:28.0184 0x1048 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:13:28.0204 0x1048 WPDBusEnum - ok
19:13:28.0234 0x1048 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:13:28.0234 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:13:28.0234 0x1048 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:13:30.0606 0x1048 Detect skipped due to KSN trusted
19:13:30.0606 0x1048 ws2ifsl - ok
19:13:30.0656 0x1048 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\system32\wscsvc.dll
19:13:30.0696 0x1048 wscsvc - ok
19:13:30.0706 0x1048 WSearch - ok
19:13:30.0826 0x1048 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
19:13:30.0916 0x1048 wuauserv - ok
19:13:30.0946 0x1048 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:13:30.0946 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
19:13:30.0946 0x1048 WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:13:33.0316 0x1048 Detect skipped due to KSN trusted
19:13:33.0316 0x1048 WudfPf - ok
19:13:33.0406 0x1048 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:13:33.0406 0x1048 Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
19:13:33.0406 0x1048 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:13:35.0788 0x1048 Detect skipped due to KSN trusted
19:13:35.0788 0x1048 WUDFRd - ok
19:13:35.0838 0x1048 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:13:35.0878 0x1048 wudfsvc - ok
19:13:35.0928 0x1048 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
19:13:35.0958 0x1048 WwanSvc - ok
19:13:36.0008 0x1048 ================ Scan global ===============================
19:13:36.0028 0x1048 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
19:13:36.0058 0x1048 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:13:36.0078 0x1048 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:13:36.0108 0x1048 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
19:13:36.0128 0x1048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
19:13:36.0138 0x1048 [ Global ] - ok
19:13:36.0138 0x1048 ================ Scan MBR ==================================
19:13:36.0148 0x1048 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:13:36.0728 0x1048 \Device\Harddisk0\DR0 - ok
19:13:36.0728 0x1048 ================ Scan VBR ==================================
19:13:36.0738 0x1048 [ 12DAF88A34F6BBCA003BC600F4B3E7BD ] \Device\Harddisk0\DR0\Partition1
19:13:36.0748 0x1048 \Device\Harddisk0\DR0\Partition1 - ok
19:13:36.0758 0x1048 [ 722C8CA0C3066ADB168BDEDE7EDF626E ] \Device\Harddisk0\DR0\Partition2
19:13:36.0758 0x1048 \Device\Harddisk0\DR0\Partition2 - ok
19:13:36.0778 0x1048 [ A0812CB5A031E4013F7EEEDDE0A4AEC5 ] \Device\Harddisk0\DR0\Partition3
19:13:36.0788 0x1048 \Device\Harddisk0\DR0\Partition3 - ok
19:13:36.0788 0x1048 ================ Scan generic autorun ======================
19:13:37.0268 0x1048 [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:13:37.0818 0x1048 RtHDVCpl - ok
19:13:37.0828 0x1048 ETDCtrl - ok
19:13:38.0108 0x1048 [ 5F3939E2FBA9BFE055E545826ACC0D97, C8C3C691B33E3B5F3F0E6FB79996F5753AC69C09827E03BE9FF73A4E6DE9A732 ] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
19:13:38.0298 0x1048 Nero MediaHome 4 - ok
19:13:38.0338 0x1048 [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:13:38.0358 0x1048 APSDaemon - ok
19:13:38.0398 0x1048 [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
19:13:38.0428 0x1048 iTunesHelper - ok
19:13:38.0508 0x1048 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
19:13:38.0538 0x1048 avgnt - ok
19:13:38.0708 0x1048 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
19:13:38.0898 0x1048 SDTray - ok
19:13:38.0998 0x1048 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:39.0078 0x1048 Sidebar - ok
19:13:39.0108 0x1048 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:39.0128 0x1048 mctadmin - ok
19:13:39.0178 0x1048 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:39.0228 0x1048 Sidebar - ok
19:13:39.0238 0x1048 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:39.0258 0x1048 mctadmin - ok
19:13:39.0418 0x1048 [ D6B3AF9E3CE610B69AB1D38262DAE833, CBE366A5459A651537466B9F5017AB87FA8AD5B28F4FADE3FA66B4D97950B5D7 ] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
19:13:39.0498 0x1048 Plex Media Server - ok
19:13:40.0230 0x1048 [ BA5819A23150B3B7C4F94125E7F11E83, 0EAFE4931B4EDD9A67DDCD9DAF83BFD190DADC2FCB149733071F956228E4D1E5 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:13:40.0910 0x1048 Skype - ok
19:13:41.0130 0x1048 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
19:13:41.0360 0x1048 Spybot-S&D Cleaning - ok
19:13:41.0420 0x1048 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:41.0470 0x1048 Sidebar - ok
19:13:41.0480 0x1048 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:41.0500 0x1048 mctadmin - ok
19:13:41.0550 0x1048 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:41.0600 0x1048 Sidebar - ok
19:13:41.0610 0x1048 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:41.0630 0x1048 mctadmin - ok
19:13:41.0640 0x1048 Waiting for KSN requests completion. In queue: 19
19:13:42.0640 0x1048 Waiting for KSN requests completion. In queue: 19
19:13:43.0640 0x1048 Waiting for KSN requests completion. In queue: 19
19:13:44.0660 0x1048 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
19:13:44.0670 0x1048 Win FW state via NFP2: enabled
19:13:47.0062 0x1048 ============================================================
19:13:47.0062 0x1048 Scan finished
19:13:47.0062 0x1048 ============================================================
19:13:47.0082 0x16f8 Detected object count: 1
19:13:47.0082 0x16f8 Actual detected object count: 1
19:14:03.0558 0x16f8 C:\windows\System32\Drivers\6ab48a75c5156135.sys - copied to quarantine
19:14:03.0568 0x16f8 HKLM\SYSTEM\ControlSet001\services\6ab48a75c5156135 - will be deleted on reboot
19:14:03.0588 0x16f8 HKLM\SYSTEM\ControlSet002\services\6ab48a75c5156135 - will be deleted on reboot
19:14:03.0748 0x16f8 C:\windows\System32\Drivers\6ab48a75c5156135.sys - will be deleted on reboot
19:14:03.0748 0x16f8 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
19:14:03.0818 0x16f8 KLMD registered as C:\windows\system32\drivers\21478227.sys
19:14:09.0197 0x051c Deinitialize success
|
|
09.01.2015, 19:22
| #18 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber,
__________________und hier das 2. Log Code:
ATTFilter 19:18:09.0421 0x0624 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:18:10.0341 0x0624 ============================================================
19:18:10.0341 0x0624 Current date / time: 2015/01/09 19:18:10.0341
19:18:10.0341 0x0624 SystemInfo:
19:18:10.0341 0x0624
19:18:10.0341 0x0624 OS Version: 6.1.7601 ServicePack: 1.0
19:18:10.0341 0x0624 Product type: Workstation
19:18:10.0341 0x0624 ComputerName: LUISE-PC
19:18:10.0341 0x0624 UserName: Luise
19:18:10.0341 0x0624 Windows directory: C:\windows
19:18:10.0341 0x0624 System windows directory: C:\windows
19:18:10.0341 0x0624 Running under WOW64
19:18:10.0341 0x0624 Processor architecture: Intel x64
19:18:10.0341 0x0624 Number of processors: 2
19:18:10.0341 0x0624 Page size: 0x1000
19:18:10.0341 0x0624 Boot type: Normal boot
19:18:10.0341 0x0624 ============================================================
19:18:10.0341 0x0624 BG loaded
19:18:12.0305 0x0624 System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
19:18:13.0562 0x0624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:13.0578 0x0624 ============================================================
19:18:13.0578 0x0624 \Device\Harddisk0\DR0:
19:18:13.0578 0x0624 MBR partitions:
19:18:13.0578 0x0624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:18:13.0578 0x0624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
19:18:13.0671 0x0624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
19:18:13.0671 0x0624 ============================================================
19:18:13.0937 0x0624 C: <-> \Device\Harddisk0\DR0\Partition2
19:18:14.0061 0x0624 D: <-> \Device\Harddisk0\DR0\Partition3
19:18:14.0061 0x0624 ============================================================
19:18:14.0061 0x0624 Initialize success
19:18:14.0061 0x0624 ============================================================
|
|
09.01.2015, 20:48
| #19 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren TDSSKiller nochmal scannen lassen, Log posten. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 08:34
| #20 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Guten morgen Schrauber anbei der Report von TDSSKILLER Code:
ATTFilter 08:31:16.0055 0x0188 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
08:31:19.0360 0x0188 ============================================================
08:31:19.0360 0x0188 Current date / time: 2015/01/10 08:31:19.0360
08:31:19.0360 0x0188 SystemInfo:
08:31:19.0360 0x0188
08:31:19.0360 0x0188 OS Version: 6.1.7601 ServicePack: 1.0
08:31:19.0360 0x0188 Product type: Workstation
08:31:19.0360 0x0188 ComputerName: LUISE-PC
08:31:19.0360 0x0188 UserName: Luise
08:31:19.0360 0x0188 Windows directory: C:\windows
08:31:19.0360 0x0188 System windows directory: C:\windows
08:31:19.0360 0x0188 Running under WOW64
08:31:19.0360 0x0188 Processor architecture: Intel x64
08:31:19.0360 0x0188 Number of processors: 2
08:31:19.0360 0x0188 Page size: 0x1000
08:31:19.0360 0x0188 Boot type: Normal boot
08:31:19.0360 0x0188 ============================================================
08:31:19.0370 0x0188 BG loaded
08:31:19.0871 0x0188 System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
08:31:20.0884 0x0188 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:20.0894 0x0188 ============================================================
08:31:20.0894 0x0188 \Device\Harddisk0\DR0:
08:31:20.0894 0x0188 MBR partitions:
08:31:20.0894 0x0188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:31:20.0894 0x0188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
08:31:20.0914 0x0188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
08:31:20.0914 0x0188 ============================================================
08:31:20.0934 0x0188 C: <-> \Device\Harddisk0\DR0\Partition2
08:31:21.0004 0x0188 D: <-> \Device\Harddisk0\DR0\Partition3
08:31:21.0004 0x0188 ============================================================
08:31:21.0004 0x0188 Initialize success
08:31:21.0004 0x0188 ============================================================
08:31:30.0374 0x0d10 ============================================================
08:31:30.0374 0x0d10 Scan started
08:31:30.0374 0x0d10 Mode: Manual; SigCheck; TDLFS;
08:31:30.0374 0x0d10 ============================================================
08:31:30.0374 0x0d10 KSN ping started
08:31:32.0979 0x0d10 KSN ping finished: true
08:31:33.0799 0x0d10 ================ Scan system memory ========================
08:31:33.0799 0x0d10 System memory - ok
08:31:33.0799 0x0d10 ================ Scan services =============================
08:31:33.0979 0x0d10 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
08:31:34.0129 0x0d10 1394ohci - ok
08:31:34.0189 0x0d10 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
08:31:34.0239 0x0d10 ACPI - ok
08:31:34.0259 0x0d10 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
08:31:34.0299 0x0d10 AcpiPmi - ok
08:31:34.0439 0x0d10 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:31:34.0479 0x0d10 AdobeFlashPlayerUpdateSvc - ok
08:31:34.0539 0x0d10 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
08:31:34.0589 0x0d10 adp94xx - ok
08:31:34.0639 0x0d10 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
08:31:34.0679 0x0d10 adpahci - ok
08:31:34.0719 0x0d10 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
08:31:34.0749 0x0d10 adpu320 - ok
08:31:34.0789 0x0d10 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
08:31:34.0879 0x0d10 AeLookupSvc - ok
08:31:34.0969 0x0d10 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
08:31:35.0029 0x0d10 AFD - ok
08:31:35.0059 0x0d10 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
08:31:35.0089 0x0d10 agp440 - ok
08:31:35.0129 0x0d10 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
08:31:35.0159 0x0d10 ALG - ok
08:31:35.0209 0x0d10 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
08:31:35.0229 0x0d10 aliide - ok
08:31:35.0249 0x0d10 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
08:31:35.0269 0x0d10 amdide - ok
08:31:35.0299 0x0d10 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
08:31:35.0329 0x0d10 AmdK8 - ok
08:31:35.0339 0x0d10 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
08:31:35.0369 0x0d10 AmdPPM - ok
08:31:35.0409 0x0d10 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
08:31:35.0439 0x0d10 amdsata - ok
08:31:35.0479 0x0d10 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
08:31:35.0509 0x0d10 amdsbs - ok
08:31:35.0519 0x0d10 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
08:31:35.0539 0x0d10 amdxata - ok
08:31:35.0589 0x0d10 [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus C:\windows\system32\DRIVERS\lgandbus64.sys
08:31:35.0619 0x0d10 Andbus - ok
08:31:35.0649 0x0d10 [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag C:\windows\system32\DRIVERS\lganddiag64.sys
08:31:35.0669 0x0d10 AndDiag - ok
08:31:35.0689 0x0d10 [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps C:\windows\system32\DRIVERS\lgandgps64.sys
08:31:35.0719 0x0d10 AndGps - ok
08:31:35.0729 0x0d10 [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem C:\windows\system32\DRIVERS\lgandmodem64.sys
08:31:35.0759 0x0d10 ANDModem - ok
08:31:35.0909 0x0d10 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:31:35.0969 0x0d10 AntiVirSchedulerService - ok
08:31:36.0041 0x0d10 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:31:36.0088 0x0d10 AntiVirService - ok
08:31:36.0183 0x0d10 [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
08:31:36.0253 0x0d10 AntiVirWebService - ok
08:31:36.0283 0x0d10 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
08:31:36.0363 0x0d10 AppID - ok
08:31:36.0383 0x0d10 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
08:31:36.0463 0x0d10 AppIDSvc - ok
08:31:36.0503 0x0d10 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
08:31:36.0533 0x0d10 Appinfo - ok
08:31:36.0593 0x0d10 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:31:36.0623 0x0d10 Apple Mobile Device - ok
08:31:36.0683 0x0d10 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
08:31:36.0703 0x0d10 arc - ok
08:31:36.0733 0x0d10 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
08:31:36.0763 0x0d10 arcsas - ok
08:31:36.0913 0x0d10 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:31:36.0943 0x0d10 aspnet_state - ok
08:31:36.0973 0x0d10 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
08:31:37.0053 0x0d10 AsyncMac - ok
08:31:37.0083 0x0d10 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
08:31:37.0103 0x0d10 atapi - ok
08:31:37.0123 0x0d10 AthBTPort - ok
08:31:37.0313 0x0d10 [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr C:\windows\system32\DRIVERS\athrx.sys
08:31:37.0523 0x0d10 athr - ok
08:31:37.0623 0x0d10 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:31:37.0743 0x0d10 AudioEndpointBuilder - ok
08:31:37.0793 0x0d10 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
08:31:37.0903 0x0d10 AudioSrv - ok
08:31:38.0001 0x0d10 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
08:31:38.0061 0x0d10 avgntflt - ok
08:31:38.0121 0x0d10 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
08:31:38.0161 0x0d10 avipbb - ok
08:31:38.0191 0x0d10 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
08:31:38.0221 0x0d10 avkmgr - ok
08:31:38.0261 0x0d10 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
08:31:38.0321 0x0d10 AxInstSV - ok
08:31:38.0391 0x0d10 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
08:31:38.0451 0x0d10 b06bdrv - ok
08:31:38.0491 0x0d10 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
08:31:38.0541 0x0d10 b57nd60a - ok
08:31:38.0611 0x0d10 [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:31:38.0651 0x0d10 BBSvc - ok
08:31:38.0691 0x0d10 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
08:31:38.0731 0x0d10 BDESVC - ok
08:31:38.0761 0x0d10 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
08:31:38.0851 0x0d10 Beep - ok
08:31:38.0931 0x0d10 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
08:31:39.0021 0x0d10 BFE - ok
08:31:39.0101 0x0d10 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\system32\qmgr.dll
08:31:39.0231 0x0d10 BITS - ok
08:31:39.0261 0x0d10 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
08:31:39.0291 0x0d10 blbdrive - ok
08:31:39.0371 0x0d10 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:31:39.0431 0x0d10 Bonjour Service - ok
08:31:39.0481 0x0d10 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
08:31:39.0531 0x0d10 bowser - ok
08:31:39.0561 0x0d10 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
08:31:39.0601 0x0d10 BrFiltLo - ok
08:31:39.0611 0x0d10 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
08:31:39.0641 0x0d10 BrFiltUp - ok
08:31:39.0651 0x0d10 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
08:31:39.0731 0x0d10 BridgeMP - ok
08:31:39.0781 0x0d10 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
08:31:39.0821 0x0d10 Browser - ok
08:31:39.0861 0x0d10 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
08:31:39.0921 0x0d10 Brserid - ok
08:31:39.0931 0x0d10 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
08:31:39.0971 0x0d10 BrSerWdm - ok
08:31:39.0981 0x0d10 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
08:31:40.0021 0x0d10 BrUsbMdm - ok
08:31:40.0041 0x0d10 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
08:31:40.0071 0x0d10 BrUsbSer - ok
08:31:40.0081 0x0d10 BTATH_A2DP - ok
08:31:40.0091 0x0d10 btath_avdt - ok
08:31:40.0091 0x0d10 BTATH_BUS - ok
08:31:40.0111 0x0d10 BTATH_HCRP - ok
08:31:40.0141 0x0d10 BTATH_LWFLT - ok
08:31:40.0161 0x0d10 BTATH_RCP - ok
08:31:40.0171 0x0d10 BtFilter - ok
08:31:40.0211 0x0d10 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
08:31:40.0251 0x0d10 BthEnum - ok
08:31:40.0261 0x0d10 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
08:31:40.0301 0x0d10 BTHMODEM - ok
08:31:40.0331 0x0d10 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
08:31:40.0381 0x0d10 BthPan - ok
08:31:40.0461 0x0d10 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
08:31:40.0551 0x0d10 BTHPORT - ok
08:31:40.0591 0x0d10 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
08:31:40.0681 0x0d10 bthserv - ok
08:31:40.0721 0x0d10 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
08:31:40.0751 0x0d10 BTHUSB - ok
08:31:40.0801 0x0d10 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
08:31:40.0881 0x0d10 cdfs - ok
08:31:40.0911 0x0d10 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
08:31:40.0951 0x0d10 cdrom - ok
08:31:41.0001 0x0d10 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
08:31:41.0071 0x0d10 CertPropSvc - ok
08:31:41.0101 0x0d10 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
08:31:41.0131 0x0d10 circlass - ok
08:31:41.0171 0x0d10 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
08:31:41.0211 0x0d10 CLFS - ok
08:31:41.0251 0x0d10 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:31:41.0281 0x0d10 clr_optimization_v2.0.50727_32 - ok
08:31:41.0321 0x0d10 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:31:41.0351 0x0d10 clr_optimization_v2.0.50727_64 - ok
08:31:41.0461 0x0d10 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:31:41.0501 0x0d10 clr_optimization_v4.0.30319_32 - ok
08:31:41.0531 0x0d10 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:31:41.0561 0x0d10 clr_optimization_v4.0.30319_64 - ok
08:31:41.0591 0x0d10 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
08:31:41.0611 0x0d10 clwvd - ok
08:31:41.0641 0x0d10 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
08:31:41.0671 0x0d10 CmBatt - ok
08:31:41.0701 0x0d10 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
08:31:41.0721 0x0d10 cmdide - ok
08:31:41.0771 0x0d10 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
08:31:41.0831 0x0d10 CNG - ok
08:31:41.0871 0x0d10 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
08:31:41.0891 0x0d10 Compbatt - ok
08:31:41.0911 0x0d10 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
08:31:41.0951 0x0d10 CompositeBus - ok
08:31:41.0961 0x0d10 COMSysApp - ok
08:31:41.0991 0x0d10 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
08:31:42.0021 0x0d10 crcdisk - ok
08:31:42.0101 0x0d10 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
08:31:42.0151 0x0d10 CryptSvc - ok
08:31:42.0303 0x0d10 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:31:42.0373 0x0d10 cvhsvc - ok
08:31:42.0423 0x0d10 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
08:31:42.0533 0x0d10 DcomLaunch - ok
08:31:42.0593 0x0d10 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
08:31:42.0693 0x0d10 defragsvc - ok
08:31:42.0723 0x0d10 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
08:31:42.0803 0x0d10 DfsC - ok
08:31:42.0863 0x0d10 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
08:31:42.0913 0x0d10 Dhcp - ok
08:31:42.0943 0x0d10 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
08:31:43.0024 0x0d10 discache - ok
08:31:43.0084 0x0d10 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
08:31:43.0114 0x0d10 Disk - ok
08:31:43.0154 0x0d10 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
08:31:43.0204 0x0d10 Dnscache - ok
08:31:43.0244 0x0d10 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
08:31:43.0344 0x0d10 dot3svc - ok
08:31:43.0374 0x0d10 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
08:31:43.0454 0x0d10 DPS - ok
08:31:43.0484 0x0d10 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
08:31:43.0504 0x0d10 drmkaud - ok
08:31:43.0594 0x0d10 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
08:31:43.0674 0x0d10 DXGKrnl - ok
08:31:43.0724 0x0d10 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
08:31:43.0804 0x0d10 EapHost - ok
08:31:44.0014 0x0d10 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
08:31:44.0284 0x0d10 ebdrv - ok
08:31:44.0344 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
08:31:44.0374 0x0d10 EFS - ok
08:31:44.0464 0x0d10 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
08:31:44.0544 0x0d10 ehRecvr - ok
08:31:44.0564 0x0d10 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
08:31:44.0594 0x0d10 ehSched - ok
08:31:44.0684 0x0d10 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
08:31:44.0744 0x0d10 elxstor - ok
08:31:44.0754 0x0d10 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
08:31:44.0784 0x0d10 ErrDev - ok
08:31:44.0854 0x0d10 [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD C:\windows\system32\DRIVERS\ETD.sys
08:31:44.0894 0x0d10 ETD - ok
08:31:44.0954 0x0d10 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
08:31:45.0064 0x0d10 EventSystem - ok
08:31:45.0084 0x0d10 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
08:31:45.0174 0x0d10 exfat - ok
08:31:45.0194 0x0d10 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
08:31:45.0284 0x0d10 fastfat - ok
08:31:45.0354 0x0d10 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
08:31:45.0424 0x0d10 Fax - ok
08:31:45.0454 0x0d10 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
08:31:45.0484 0x0d10 fdc - ok
08:31:45.0514 0x0d10 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
08:31:45.0594 0x0d10 fdPHost - ok
08:31:45.0604 0x0d10 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
08:31:45.0684 0x0d10 FDResPub - ok
08:31:45.0704 0x0d10 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
08:31:45.0734 0x0d10 FileInfo - ok
08:31:45.0764 0x0d10 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
08:31:45.0854 0x0d10 Filetrace - ok
08:31:45.0874 0x0d10 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
08:31:45.0904 0x0d10 flpydisk - ok
08:31:45.0944 0x0d10 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
08:31:45.0984 0x0d10 FltMgr - ok
08:31:46.0094 0x0d10 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
08:31:46.0224 0x0d10 FontCache - ok
08:31:46.0274 0x0d10 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:31:46.0304 0x0d10 FontCache3.0.0.0 - ok
08:31:46.0334 0x0d10 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
08:31:46.0364 0x0d10 FsDepends - ok
08:31:46.0394 0x0d10 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
08:31:46.0424 0x0d10 Fs_Rec - ok
08:31:46.0474 0x0d10 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
08:31:46.0524 0x0d10 fvevol - ok
08:31:46.0564 0x0d10 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
08:31:46.0584 0x0d10 gagp30kx - ok
08:31:46.0654 0x0d10 [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
08:31:46.0684 0x0d10 GameConsoleService - ok
08:31:46.0734 0x0d10 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:31:46.0754 0x0d10 GEARAspiWDM - ok
08:31:46.0844 0x0d10 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
08:31:46.0974 0x0d10 gpsvc - ok
08:31:47.0084 0x0d10 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:31:47.0104 0x0d10 gupdate - ok
08:31:47.0124 0x0d10 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:31:47.0144 0x0d10 gupdatem - ok
08:31:47.0194 0x0d10 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:31:47.0224 0x0d10 gusvc - ok
08:31:47.0254 0x0d10 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
08:31:47.0284 0x0d10 hcw85cir - ok
08:31:47.0324 0x0d10 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:31:47.0394 0x0d10 HdAudAddService - ok
08:31:47.0424 0x0d10 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
08:31:47.0474 0x0d10 HDAudBus - ok
08:31:47.0504 0x0d10 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
08:31:47.0534 0x0d10 HidBatt - ok
08:31:47.0544 0x0d10 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
08:31:47.0574 0x0d10 HidBth - ok
08:31:47.0594 0x0d10 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
08:31:47.0625 0x0d10 HidIr - ok
08:31:47.0655 0x0d10 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\System32\hidserv.dll
08:31:47.0735 0x0d10 hidserv - ok
08:31:47.0785 0x0d10 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
08:31:47.0825 0x0d10 HidUsb - ok
08:31:47.0855 0x0d10 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
08:31:47.0955 0x0d10 hkmsvc - ok
08:31:47.0978 0x0d10 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:31:48.0028 0x0d10 HomeGroupListener - ok
08:31:48.0068 0x0d10 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:31:48.0108 0x0d10 HomeGroupProvider - ok
08:31:48.0148 0x0d10 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
08:31:48.0168 0x0d10 HpSAMD - ok
08:31:48.0228 0x0d10 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
08:31:48.0358 0x0d10 HTTP - ok
08:31:48.0388 0x0d10 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
08:31:48.0418 0x0d10 hwpolicy - ok
08:31:48.0448 0x0d10 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
08:31:48.0488 0x0d10 i8042prt - ok
08:31:48.0578 0x0d10 [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
08:31:48.0628 0x0d10 iaStor - ok
08:31:48.0688 0x0d10 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
08:31:48.0728 0x0d10 iaStorV - ok
08:31:48.0828 0x0d10 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:31:48.0898 0x0d10 idsvc - ok
08:31:48.0938 0x0d10 IEEtwCollectorService - ok
08:31:49.0670 0x0d10 [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
08:31:50.0610 0x0d10 igfx - ok
08:31:50.0690 0x0d10 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
08:31:50.0720 0x0d10 iirsp - ok
08:31:50.0810 0x0d10 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
08:31:50.0890 0x0d10 IKEEXT - ok
08:31:51.0110 0x0d10 [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
08:31:51.0300 0x0d10 IntcAzAudAddService - ok
08:31:51.0360 0x0d10 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
08:31:51.0420 0x0d10 IntcDAud - ok
08:31:51.0440 0x0d10 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
08:31:51.0470 0x0d10 intelide - ok
08:31:51.0520 0x0d10 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
08:31:51.0570 0x0d10 intelppm - ok
08:31:51.0610 0x0d10 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
08:31:51.0700 0x0d10 IPBusEnum - ok
08:31:51.0720 0x0d10 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
08:31:51.0810 0x0d10 IpFilterDriver - ok
08:31:51.0890 0x0d10 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
08:31:51.0950 0x0d10 iphlpsvc - ok
08:31:51.0980 0x0d10 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
08:31:52.0020 0x0d10 IPMIDRV - ok
08:31:52.0060 0x0d10 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
08:31:52.0140 0x0d10 IPNAT - ok
08:31:52.0200 0x0d10 [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:31:52.0250 0x0d10 iPod Service - ok
08:31:52.0270 0x0d10 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
08:31:52.0310 0x0d10 IRENUM - ok
08:31:52.0331 0x0d10 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
08:31:52.0352 0x0d10 isapnp - ok
08:31:52.0392 0x0d10 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
08:31:52.0422 0x0d10 iScsiPrt - ok
08:31:52.0452 0x0d10 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
08:31:52.0472 0x0d10 kbdclass - ok
08:31:52.0502 0x0d10 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
08:31:52.0532 0x0d10 kbdhid - ok
08:31:52.0542 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
08:31:52.0572 0x0d10 KeyIso - ok
08:31:52.0612 0x0d10 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
08:31:52.0632 0x0d10 KSecDD - ok
08:31:52.0662 0x0d10 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
08:31:52.0692 0x0d10 KSecPkg - ok
08:31:52.0722 0x0d10 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
08:31:52.0802 0x0d10 ksthunk - ok
08:31:52.0842 0x0d10 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
08:31:52.0942 0x0d10 KtmRm - ok
08:31:52.0992 0x0d10 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\System32\srvsvc.dll
08:31:53.0084 0x0d10 LanmanServer - ok
08:31:53.0114 0x0d10 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:31:53.0194 0x0d10 LanmanWorkstation - ok
08:31:53.0224 0x0d10 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
08:31:53.0294 0x0d10 lltdio - ok
08:31:53.0334 0x0d10 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
08:31:53.0434 0x0d10 lltdsvc - ok
08:31:53.0464 0x0d10 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
08:31:53.0534 0x0d10 lmhosts - ok
08:31:53.0614 0x0d10 [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:31:53.0664 0x0d10 LMS - ok
08:31:53.0704 0x0d10 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
08:31:53.0724 0x0d10 LSI_FC - ok
08:31:53.0754 0x0d10 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
08:31:53.0774 0x0d10 LSI_SAS - ok
08:31:53.0794 0x0d10 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
08:31:53.0824 0x0d10 LSI_SAS2 - ok
08:31:53.0854 0x0d10 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
08:31:53.0874 0x0d10 LSI_SCSI - ok
08:31:53.0904 0x0d10 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
08:31:53.0994 0x0d10 luafv - ok
08:31:54.0024 0x0d10 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
08:31:54.0054 0x0d10 Mcx2Svc - ok
08:31:54.0094 0x0d10 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
08:31:54.0114 0x0d10 megasas - ok
08:31:54.0154 0x0d10 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
08:31:54.0194 0x0d10 MegaSR - ok
08:31:54.0224 0x0d10 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
08:31:54.0254 0x0d10 MEIx64 - ok
08:31:54.0274 0x0d10 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
08:31:54.0364 0x0d10 MMCSS - ok
08:31:54.0376 0x0d10 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
08:31:54.0456 0x0d10 Modem - ok
08:31:54.0486 0x0d10 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
08:31:54.0516 0x0d10 monitor - ok
08:31:54.0546 0x0d10 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
08:31:54.0566 0x0d10 mouclass - ok
08:31:54.0586 0x0d10 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
08:31:54.0606 0x0d10 mouhid - ok
08:31:54.0636 0x0d10 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
08:31:54.0666 0x0d10 mountmgr - ok
08:31:54.0696 0x0d10 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
08:31:54.0726 0x0d10 mpio - ok
08:31:54.0756 0x0d10 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
08:31:54.0836 0x0d10 mpsdrv - ok
08:31:54.0896 0x0d10 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
08:31:55.0028 0x0d10 MpsSvc - ok
08:31:55.0068 0x0d10 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
08:31:55.0118 0x0d10 MRxDAV - ok
08:31:55.0148 0x0d10 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
08:31:55.0188 0x0d10 mrxsmb - ok
08:31:55.0208 0x0d10 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
08:31:55.0258 0x0d10 mrxsmb10 - ok
08:31:55.0268 0x0d10 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
08:31:55.0298 0x0d10 mrxsmb20 - ok
08:31:55.0328 0x0d10 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
08:31:55.0348 0x0d10 msahci - ok
08:31:55.0388 0x0d10 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
08:31:55.0418 0x0d10 msdsm - ok
08:31:55.0448 0x0d10 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
08:31:55.0478 0x0d10 MSDTC - ok
08:31:55.0528 0x0d10 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
08:31:55.0618 0x0d10 Msfs - ok
08:31:55.0628 0x0d10 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
08:31:55.0708 0x0d10 mshidkmdf - ok
08:31:55.0738 0x0d10 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
08:31:55.0758 0x0d10 msisadrv - ok
08:31:55.0788 0x0d10 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
08:31:55.0878 0x0d10 MSiSCSI - ok
08:31:55.0888 0x0d10 msiserver - ok
08:31:55.0918 0x0d10 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
08:31:55.0988 0x0d10 MSKSSRV - ok
08:31:55.0998 0x0d10 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
08:31:56.0078 0x0d10 MSPCLOCK - ok
08:31:56.0088 0x0d10 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
08:31:56.0158 0x0d10 MSPQM - ok
08:31:56.0198 0x0d10 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
08:31:56.0238 0x0d10 MsRPC - ok
08:31:56.0258 0x0d10 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
08:31:56.0288 0x0d10 mssmbios - ok
08:31:56.0298 0x0d10 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
08:31:56.0383 0x0d10 MSTEE - ok
08:31:56.0394 0x0d10 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
08:31:56.0420 0x0d10 MTConfig - ok
08:31:56.0450 0x0d10 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
08:31:56.0470 0x0d10 Mup - ok
08:31:56.0520 0x0d10 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
08:31:56.0630 0x0d10 napagent - ok
08:31:56.0690 0x0d10 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
08:31:56.0750 0x0d10 NativeWifiP - ok
08:31:56.0840 0x0d10 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
08:31:56.0920 0x0d10 NDIS - ok
08:31:56.0970 0x0d10 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
08:31:57.0060 0x0d10 NdisCap - ok
08:31:57.0090 0x0d10 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
08:31:57.0160 0x0d10 NdisTapi - ok
08:31:57.0180 0x0d10 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
08:31:57.0260 0x0d10 Ndisuio - ok
08:31:57.0280 0x0d10 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
08:31:57.0360 0x0d10 NdisWan - ok
08:31:57.0380 0x0d10 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
08:31:57.0460 0x0d10 NDProxy - ok
08:31:57.0590 0x0d10 [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
08:31:57.0640 0x0d10 NeroMediaHomeService.4 - ok
08:31:57.0650 0x0d10 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
08:31:57.0730 0x0d10 NetBIOS - ok
08:31:57.0760 0x0d10 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
08:31:57.0850 0x0d10 NetBT - ok
08:31:57.0880 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
08:31:57.0900 0x0d10 Netlogon - ok
08:31:57.0950 0x0d10 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
08:31:58.0066 0x0d10 Netman - ok
08:31:58.0122 0x0d10 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0162 0x0d10 NetMsmqActivator - ok
08:31:58.0172 0x0d10 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0212 0x0d10 NetPipeActivator - ok
08:31:58.0264 0x0d10 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
08:31:58.0374 0x0d10 netprofm - ok
08:31:58.0414 0x0d10 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0444 0x0d10 NetTcpActivator - ok
08:31:58.0454 0x0d10 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0494 0x0d10 NetTcpPortSharing - ok
08:31:59.0215 0x0d10 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
08:32:00.0025 0x0d10 NETwNs64 - ok
08:32:00.0095 0x0d10 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
08:32:00.0125 0x0d10 nfrd960 - ok
08:32:00.0165 0x0d10 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
08:32:00.0215 0x0d10 NlaSvc - ok
08:32:00.0435 0x0d10 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:32:00.0627 0x0d10 NOBU - ok
08:32:00.0677 0x0d10 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
08:32:00.0747 0x0d10 Npfs - ok
08:32:00.0787 0x0d10 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
08:32:00.0867 0x0d10 nsi - ok
08:32:00.0897 0x0d10 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
08:32:00.0967 0x0d10 nsiproxy - ok
08:32:01.0127 0x0d10 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
08:32:01.0247 0x0d10 Ntfs - ok
08:32:01.0277 0x0d10 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
08:32:01.0347 0x0d10 Null - ok
08:32:02.0157 0x0d10 [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
08:32:02.0957 0x0d10 nvlddmkm - ok
08:32:03.0007 0x0d10 [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
08:32:03.0017 0x0d10 nvpciflt - ok
08:32:03.0057 0x0d10 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
08:32:03.0110 0x0d10 nvraid - ok
08:32:03.0170 0x0d10 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
08:32:03.0210 0x0d10 nvstor - ok
08:32:03.0300 0x0d10 [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc C:\windows\system32\nvvsvc.exe
08:32:03.0390 0x0d10 NVSvc - ok
08:32:03.0550 0x0d10 [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:32:03.0700 0x0d10 nvUpdatusService - ok
08:32:03.0740 0x0d10 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
08:32:03.0780 0x0d10 nv_agp - ok
08:32:03.0790 0x0d10 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
08:32:03.0820 0x0d10 ohci1394 - ok
08:32:03.0850 0x0d10 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:03.0890 0x0d10 ose - ok
08:32:04.0230 0x0d10 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:32:04.0660 0x0d10 osppsvc - ok
08:32:04.0730 0x0d10 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
08:32:04.0810 0x0d10 p2pimsvc - ok
08:32:04.0854 0x0d10 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
08:32:04.0902 0x0d10 p2psvc - ok
08:32:04.0942 0x0d10 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
08:32:04.0972 0x0d10 Parport - ok
08:32:05.0002 0x0d10 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
08:32:05.0032 0x0d10 partmgr - ok
08:32:05.0062 0x0d10 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
08:32:05.0112 0x0d10 PcaSvc - ok
08:32:05.0152 0x0d10 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
08:32:05.0192 0x0d10 pci - ok
08:32:05.0222 0x0d10 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
08:32:05.0242 0x0d10 pciide - ok
08:32:05.0282 0x0d10 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
08:32:05.0312 0x0d10 pcmcia - ok
08:32:05.0332 0x0d10 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
08:32:05.0352 0x0d10 pcw - ok
08:32:05.0392 0x0d10 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
08:32:05.0512 0x0d10 PEAUTH - ok
08:32:05.0602 0x0d10 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
08:32:05.0632 0x0d10 PerfHost - ok
08:32:05.0742 0x0d10 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
08:32:05.0912 0x0d10 pla - ok
08:32:05.0982 0x0d10 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
08:32:06.0042 0x0d10 PlugPlay - ok
08:32:06.0072 0x0d10 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
08:32:06.0112 0x0d10 PNRPAutoReg - ok
08:32:06.0152 0x0d10 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
08:32:06.0202 0x0d10 PNRPsvc - ok
08:32:06.0252 0x0d10 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
08:32:06.0362 0x0d10 PolicyAgent - ok
08:32:06.0392 0x0d10 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
08:32:06.0482 0x0d10 Power - ok
08:32:06.0512 0x0d10 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
08:32:06.0582 0x0d10 PptpMiniport - ok
08:32:06.0612 0x0d10 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
08:32:06.0632 0x0d10 Processor - ok
08:32:06.0672 0x0d10 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
08:32:06.0722 0x0d10 ProfSvc - ok
08:32:06.0742 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
08:32:06.0782 0x0d10 ProtectedStorage - ok
08:32:06.0822 0x0d10 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
08:32:06.0902 0x0d10 Psched - ok
08:32:07.0012 0x0d10 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
08:32:07.0122 0x0d10 ql2300 - ok
08:32:07.0152 0x0d10 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
08:32:07.0182 0x0d10 ql40xx - ok
08:32:07.0232 0x0d10 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
08:32:07.0282 0x0d10 QWAVE - ok
08:32:07.0312 0x0d10 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
08:32:07.0342 0x0d10 QWAVEdrv - ok
08:32:07.0352 0x0d10 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
08:32:07.0422 0x0d10 RasAcd - ok
08:32:07.0462 0x0d10 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
08:32:07.0532 0x0d10 RasAgileVpn - ok
08:32:07.0552 0x0d10 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
08:32:07.0642 0x0d10 RasAuto - ok
08:32:07.0692 0x0d10 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
08:32:07.0782 0x0d10 Rasl2tp - ok
08:32:07.0832 0x0d10 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
08:32:07.0942 0x0d10 RasMan - ok
08:32:07.0972 0x0d10 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
08:32:08.0052 0x0d10 RasPppoe - ok
08:32:08.0082 0x0d10 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
08:32:08.0153 0x0d10 RasSstp - ok
08:32:08.0193 0x0d10 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
08:32:08.0283 0x0d10 rdbss - ok
08:32:08.0313 0x0d10 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
08:32:08.0343 0x0d10 rdpbus - ok
08:32:08.0363 0x0d10 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
08:32:08.0443 0x0d10 RDPCDD - ok
08:32:08.0463 0x0d10 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
08:32:08.0533 0x0d10 RDPENCDD - ok
08:32:08.0553 0x0d10 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
08:32:08.0623 0x0d10 RDPREFMP - ok
08:32:08.0663 0x0d10 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
08:32:08.0703 0x0d10 RDPWD - ok
08:32:08.0733 0x0d10 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
08:32:08.0773 0x0d10 rdyboost - ok
08:32:08.0803 0x0d10 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
08:32:08.0883 0x0d10 RemoteAccess - ok
08:32:08.0923 0x0d10 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
08:32:09.0013 0x0d10 RemoteRegistry - ok
08:32:09.0053 0x0d10 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
08:32:09.0093 0x0d10 RFCOMM - ok
08:32:09.0163 0x0d10 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:32:09.0193 0x0d10 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
08:32:11.0883 0x0d10 Detect skipped due to KSN trusted
08:32:11.0883 0x0d10 RichVideo - ok
08:32:11.0943 0x0d10 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
08:32:12.0033 0x0d10 RpcEptMapper - ok
08:32:12.0053 0x0d10 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
08:32:12.0083 0x0d10 RpcLocator - ok
08:32:12.0123 0x0d10 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
08:32:12.0233 0x0d10 RpcSs - ok
08:32:12.0273 0x0d10 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
08:32:12.0363 0x0d10 rspndr - ok
08:32:12.0433 0x0d10 [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
08:32:12.0483 0x0d10 RTL8167 - ok
08:32:12.0553 0x0d10 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys
08:32:12.0593 0x0d10 rtport - ok
08:32:12.0623 0x0d10 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys
08:32:12.0663 0x0d10 SABI - ok
08:32:12.0673 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
08:32:12.0723 0x0d10 SamSs - ok
08:32:12.0763 0x0d10 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
08:32:12.0793 0x0d10 sbp2port - ok
08:32:12.0833 0x0d10 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
08:32:12.0933 0x0d10 SCardSvr - ok
08:32:12.0953 0x0d10 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
08:32:13.0023 0x0d10 scfilter - ok
08:32:13.0133 0x0d10 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
08:32:13.0285 0x0d10 Schedule - ok
08:32:13.0315 0x0d10 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
08:32:13.0385 0x0d10 SCPolicySvc - ok
08:32:13.0425 0x0d10 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
08:32:13.0465 0x0d10 SDRSVC - ok
08:32:13.0635 0x0d10 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
08:32:13.0745 0x0d10 SDScannerService - ok
08:32:13.0925 0x0d10 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:32:14.0065 0x0d10 SDUpdateService - ok
08:32:14.0115 0x0d10 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:32:14.0145 0x0d10 SDWSCService - ok
08:32:14.0205 0x0d10 [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:32:14.0245 0x0d10 SeaPort - ok
08:32:14.0295 0x0d10 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
08:32:14.0365 0x0d10 secdrv - ok
08:32:14.0395 0x0d10 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
08:32:14.0465 0x0d10 seclogon - ok
08:32:14.0485 0x0d10 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\system32\sens.dll
08:32:14.0565 0x0d10 SENS - ok
08:32:14.0575 0x0d10 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
08:32:14.0595 0x0d10 SensrSvc - ok
08:32:14.0635 0x0d10 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
08:32:14.0665 0x0d10 Serenum - ok
08:32:14.0695 0x0d10 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
08:32:14.0735 0x0d10 Serial - ok
08:32:14.0765 0x0d10 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
08:32:14.0795 0x0d10 sermouse - ok
08:32:14.0835 0x0d10 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
08:32:14.0915 0x0d10 SessionEnv - ok
08:32:14.0925 0x0d10 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
08:32:14.0955 0x0d10 sffdisk - ok
08:32:14.0965 0x0d10 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
08:32:14.0995 0x0d10 sffp_mmc - ok
08:32:14.0995 0x0d10 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
08:32:15.0035 0x0d10 sffp_sd - ok
08:32:15.0035 0x0d10 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
08:32:15.0065 0x0d10 sfloppy - ok
08:32:15.0155 0x0d10 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
08:32:15.0227 0x0d10 Sftfs - ok
08:32:15.0327 0x0d10 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:32:15.0387 0x0d10 sftlist - ok
08:32:15.0417 0x0d10 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
08:32:15.0447 0x0d10 Sftplay - ok
08:32:15.0487 0x0d10 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
08:32:15.0507 0x0d10 Sftredir - ok
08:32:15.0537 0x0d10 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
08:32:15.0557 0x0d10 Sftvol - ok
08:32:15.0577 0x0d10 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:32:15.0617 0x0d10 sftvsa - ok
08:32:15.0647 0x0d10 [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
08:32:15.0687 0x0d10 SGDrv - ok
08:32:15.0737 0x0d10 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
08:32:15.0847 0x0d10 SharedAccess - ok
08:32:15.0887 0x0d10 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:32:15.0987 0x0d10 ShellHWDetection - ok
08:32:16.0007 0x0d10 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
08:32:16.0037 0x0d10 SiSRaid2 - ok
08:32:16.0067 0x0d10 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
08:32:16.0107 0x0d10 SiSRaid4 - ok
08:32:16.0147 0x0d10 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:32:16.0197 0x0d10 SkypeUpdate - ok
08:32:16.0238 0x0d10 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
08:32:16.0309 0x0d10 Smb - ok
08:32:16.0359 0x0d10 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
08:32:16.0389 0x0d10 SNMPTRAP - ok
08:32:16.0419 0x0d10 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
08:32:16.0439 0x0d10 spldr - ok
08:32:16.0499 0x0d10 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
08:32:16.0569 0x0d10 Spooler - ok
08:32:16.0799 0x0d10 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
08:32:17.0159 0x0d10 sppsvc - ok
08:32:17.0189 0x0d10 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
08:32:17.0269 0x0d10 sppuinotify - ok
08:32:17.0319 0x0d10 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
08:32:17.0379 0x0d10 srv - ok
08:32:17.0419 0x0d10 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
08:32:17.0479 0x0d10 srv2 - ok
08:32:17.0499 0x0d10 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
08:32:17.0534 0x0d10 srvnet - ok
08:32:17.0571 0x0d10 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
08:32:17.0661 0x0d10 SSDPSRV - ok
08:32:17.0671 0x0d10 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
08:32:17.0751 0x0d10 SstpSvc - ok
08:32:17.0781 0x0d10 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
08:32:17.0801 0x0d10 stexstor - ok
08:32:17.0861 0x0d10 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
08:32:17.0941 0x0d10 stisvc - ok
08:32:17.0971 0x0d10 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
08:32:17.0991 0x0d10 swenum - ok
08:32:18.0041 0x0d10 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
08:32:18.0151 0x0d10 swprv - ok
08:32:18.0246 0x0d10 SWUpdateService - ok
08:32:18.0436 0x0d10 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
08:32:18.0646 0x0d10 SysMain - ok
08:32:18.0696 0x0d10 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
08:32:18.0746 0x0d10 TabletInputService - ok
08:32:18.0786 0x0d10 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
08:32:18.0886 0x0d10 TapiSrv - ok
08:32:18.0906 0x0d10 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
08:32:18.0986 0x0d10 TBS - ok
08:32:19.0156 0x0d10 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
08:32:19.0286 0x0d10 Tcpip - ok
08:32:19.0446 0x0d10 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
08:32:19.0576 0x0d10 TCPIP6 - ok
08:32:19.0626 0x0d10 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
08:32:19.0646 0x0d10 tcpipreg - ok
08:32:19.0676 0x0d10 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
08:32:19.0716 0x0d10 TDPIPE - ok
08:32:19.0736 0x0d10 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
08:32:19.0766 0x0d10 TDTCP - ok
08:32:19.0786 0x0d10 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
08:32:19.0866 0x0d10 tdx - ok
08:32:19.0906 0x0d10 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
08:32:19.0926 0x0d10 TermDD - ok
08:32:20.0006 0x0d10 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
08:32:20.0126 0x0d10 TermService - ok
08:32:20.0146 0x0d10 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
08:32:20.0196 0x0d10 Themes - ok
08:32:20.0219 0x0d10 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
08:32:20.0296 0x0d10 THREADORDER - ok
08:32:20.0316 0x0d10 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
08:32:20.0454 0x0d10 TrkWks - ok
08:32:20.0508 0x0d10 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:32:20.0598 0x0d10 TrustedInstaller - ok
08:32:20.0628 0x0d10 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
08:32:20.0658 0x0d10 tssecsrv - ok
08:32:20.0688 0x0d10 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
08:32:20.0728 0x0d10 TsUsbFlt - ok
08:32:20.0748 0x0d10 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
08:32:20.0768 0x0d10 TsUsbGD - ok
08:32:20.0808 0x0d10 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
08:32:20.0888 0x0d10 tunnel - ok
08:32:20.0908 0x0d10 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
08:32:20.0938 0x0d10 uagp35 - ok
08:32:20.0978 0x0d10 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
08:32:21.0078 0x0d10 udfs - ok
08:32:21.0118 0x0d10 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
08:32:21.0148 0x0d10 UI0Detect - ok
08:32:21.0198 0x0d10 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
08:32:21.0218 0x0d10 uliagpkx - ok
08:32:21.0238 0x0d10 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
08:32:21.0268 0x0d10 umbus - ok
08:32:21.0278 0x0d10 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
08:32:21.0298 0x0d10 UmPass - ok
08:32:21.0518 0x0d10 [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:32:21.0688 0x0d10 UNS - ok
08:32:21.0738 0x0d10 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
08:32:21.0838 0x0d10 upnphost - ok
08:32:21.0878 0x0d10 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
08:32:21.0908 0x0d10 USBAAPL64 - ok
08:32:21.0988 0x0d10 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
08:32:22.0028 0x0d10 usbaudio - ok
08:32:22.0068 0x0d10 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
08:32:22.0138 0x0d10 usbccgp - ok
08:32:22.0168 0x0d10 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
08:32:22.0218 0x0d10 usbcir - ok
08:32:22.0256 0x0d10 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
08:32:22.0280 0x0d10 usbehci - ok
08:32:22.0330 0x0d10 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
08:32:22.0380 0x0d10 usbhub - ok
08:32:22.0400 0x0d10 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
08:32:22.0430 0x0d10 usbohci - ok
08:32:22.0460 0x0d10 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
08:32:22.0490 0x0d10 usbprint - ok
08:32:22.0520 0x0d10 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\drivers\usbscan.sys
08:32:22.0580 0x0d10 usbscan - ok
08:32:22.0610 0x0d10 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
08:32:22.0640 0x0d10 USBSTOR - ok
08:32:22.0670 0x0d10 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
08:32:22.0700 0x0d10 usbuhci - ok
08:32:22.0750 0x0d10 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
08:32:22.0790 0x0d10 usbvideo - ok
08:32:22.0820 0x0d10 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
08:32:22.0900 0x0d10 UxSms - ok
08:32:22.0920 0x0d10 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
08:32:22.0970 0x0d10 VaultSvc - ok
08:32:23.0020 0x0d10 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
08:32:23.0050 0x0d10 vdrvroot - ok
08:32:23.0100 0x0d10 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
08:32:23.0232 0x0d10 vds - ok
08:32:23.0282 0x0d10 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
08:32:23.0312 0x0d10 vga - ok
08:32:23.0332 0x0d10 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
08:32:23.0412 0x0d10 VgaSave - ok
08:32:23.0432 0x0d10 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
08:32:23.0482 0x0d10 vhdmp - ok
08:32:23.0502 0x0d10 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
08:32:23.0522 0x0d10 viaide - ok
08:32:23.0562 0x0d10 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
08:32:23.0602 0x0d10 volmgr - ok
08:32:23.0642 0x0d10 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
08:32:23.0682 0x0d10 volmgrx - ok
08:32:23.0732 0x0d10 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
08:32:23.0792 0x0d10 volsnap - ok
08:32:23.0852 0x0d10 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
08:32:23.0892 0x0d10 vsmraid - ok
08:32:24.0012 0x0d10 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
08:32:24.0202 0x0d10 VSS - ok
08:32:24.0232 0x0d10 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
08:32:24.0262 0x0d10 vwifibus - ok
08:32:24.0302 0x0d10 [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
08:32:24.0332 0x0d10 vwififlt - ok
08:32:24.0352 0x0d10 [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
08:32:24.0382 0x0d10 vwifimp - ok
08:32:24.0432 0x0d10 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
08:32:24.0542 0x0d10 W32Time - ok
08:32:24.0562 0x0d10 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
08:32:24.0592 0x0d10 WacomPen - ok
08:32:24.0622 0x0d10 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
08:32:24.0702 0x0d10 WANARP - ok
08:32:24.0712 0x0d10 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
08:32:24.0792 0x0d10 Wanarpv6 - ok
08:32:24.0912 0x0d10 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
08:32:25.0042 0x0d10 wbengine - ok
08:32:25.0072 0x0d10 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
08:32:25.0122 0x0d10 WbioSrvc - ok
08:32:25.0172 0x0d10 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
08:32:25.0232 0x0d10 wcncsvc - ok
08:32:25.0252 0x0d10 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:32:25.0282 0x0d10 WcsPlugInService - ok
08:32:25.0312 0x0d10 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
08:32:25.0332 0x0d10 Wd - ok
08:32:25.0412 0x0d10 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
08:32:25.0482 0x0d10 Wdf01000 - ok
08:32:25.0522 0x0d10 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
08:32:25.0572 0x0d10 WdiServiceHost - ok
08:32:25.0582 0x0d10 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
08:32:25.0622 0x0d10 WdiSystemHost - ok
08:32:25.0662 0x0d10 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
08:32:25.0713 0x0d10 WebClient - ok
08:32:25.0743 0x0d10 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
08:32:25.0843 0x0d10 Wecsvc - ok
08:32:25.0853 0x0d10 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
08:32:25.0943 0x0d10 wercplsupport - ok
08:32:25.0983 0x0d10 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
08:32:26.0063 0x0d10 WerSvc - ok
08:32:26.0083 0x0d10 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
08:32:26.0153 0x0d10 WfpLwf - ok
08:32:26.0183 0x0d10 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
08:32:26.0203 0x0d10 WIMMount - ok
08:32:26.0223 0x0d10 WinDefend - ok
08:32:26.0243 0x0d10 WinHttpAutoProxySvc - ok
08:32:26.0293 0x0d10 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
08:32:26.0385 0x0d10 Winmgmt - ok
08:32:26.0535 0x0d10 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
08:32:26.0745 0x0d10 WinRM - ok
08:32:26.0805 0x0d10 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
08:32:26.0845 0x0d10 WinUsb - ok
08:32:26.0915 0x0d10 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
08:32:27.0015 0x0d10 Wlansvc - ok
08:32:27.0075 0x0d10 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:27.0095 0x0d10 wlcrasvc - ok
08:32:27.0255 0x0d10 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:27.0415 0x0d10 wlidsvc - ok
08:32:27.0435 0x0d10 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
08:32:27.0465 0x0d10 WmiAcpi - ok
08:32:27.0505 0x0d10 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
08:32:27.0555 0x0d10 wmiApSrv - ok
08:32:27.0595 0x0d10 WMPNetworkSvc - ok
08:32:27.0625 0x0d10 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
08:32:27.0655 0x0d10 WPCSvc - ok
08:32:27.0675 0x0d10 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
08:32:27.0715 0x0d10 WPDBusEnum - ok
08:32:27.0745 0x0d10 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
08:32:27.0825 0x0d10 ws2ifsl - ok
08:32:27.0855 0x0d10 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\system32\wscsvc.dll
08:32:27.0905 0x0d10 wscsvc - ok
08:32:27.0915 0x0d10 WSearch - ok
08:32:28.0075 0x0d10 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
08:32:28.0245 0x0d10 wuauserv - ok
08:32:28.0282 0x0d10 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
08:32:28.0322 0x0d10 WudfPf - ok
08:32:28.0392 0x0d10 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
08:32:28.0432 0x0d10 WUDFRd - ok
08:32:28.0472 0x0d10 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
08:32:28.0512 0x0d10 wudfsvc - ok
08:32:28.0562 0x0d10 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
08:32:28.0622 0x0d10 WwanSvc - ok
08:32:28.0672 0x0d10 ================ Scan global ===============================
08:32:28.0692 0x0d10 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
08:32:28.0742 0x0d10 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
08:32:28.0782 0x0d10 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
08:32:28.0812 0x0d10 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
08:32:28.0852 0x0d10 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
08:32:28.0862 0x0d10 [ Global ] - ok
08:32:28.0872 0x0d10 ================ Scan MBR ==================================
08:32:28.0882 0x0d10 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
08:32:29.0502 0x0d10 \Device\Harddisk0\DR0 - ok
08:32:29.0512 0x0d10 ================ Scan VBR ==================================
08:32:29.0512 0x0d10 [ 12DAF88A34F6BBCA003BC600F4B3E7BD ] \Device\Harddisk0\DR0\Partition1
08:32:29.0522 0x0d10 \Device\Harddisk0\DR0\Partition1 - ok
08:32:29.0532 0x0d10 [ 722C8CA0C3066ADB168BDEDE7EDF626E ] \Device\Harddisk0\DR0\Partition2
08:32:29.0542 0x0d10 \Device\Harddisk0\DR0\Partition2 - ok
08:32:29.0562 0x0d10 [ A0812CB5A031E4013F7EEEDDE0A4AEC5 ] \Device\Harddisk0\DR0\Partition3
08:32:29.0562 0x0d10 \Device\Harddisk0\DR0\Partition3 - ok
08:32:29.0562 0x0d10 ================ Scan generic autorun ======================
08:32:30.0332 0x0d10 [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
08:32:31.0202 0x0d10 RtHDVCpl - ok
08:32:31.0222 0x0d10 ETDCtrl - ok
08:32:31.0612 0x0d10 [ 5F3939E2FBA9BFE055E545826ACC0D97, C8C3C691B33E3B5F3F0E6FB79996F5753AC69C09827E03BE9FF73A4E6DE9A732 ] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
08:32:31.0912 0x0d10 Nero MediaHome 4 - ok
08:32:32.0002 0x0d10 [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
08:32:32.0022 0x0d10 APSDaemon - ok
08:32:32.0062 0x0d10 [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
08:32:32.0092 0x0d10 iTunesHelper - ok
08:32:32.0182 0x0d10 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
08:32:32.0232 0x0d10 avgnt - ok
08:32:32.0494 0x0d10 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
08:32:32.0804 0x0d10 SDTray - ok
08:32:32.0934 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:33.0044 0x0d10 Sidebar - ok
08:32:33.0074 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:33.0114 0x0d10 mctadmin - ok
08:32:33.0194 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:33.0296 0x0d10 Sidebar - ok
08:32:33.0316 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:33.0356 0x0d10 mctadmin - ok
08:32:33.0566 0x0d10 [ D6B3AF9E3CE610B69AB1D38262DAE833, CBE366A5459A651537466B9F5017AB87FA8AD5B28F4FADE3FA66B4D97950B5D7 ] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
08:32:33.0736 0x0d10 Plex Media Server - ok
08:32:34.0967 0x0d10 [ BA5819A23150B3B7C4F94125E7F11E83, 0EAFE4931B4EDD9A67DDCD9DAF83BFD190DADC2FCB149733071F956228E4D1E5 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
08:32:36.0257 0x0d10 Skype - ok
08:32:36.0587 0x0d10 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
08:32:36.0927 0x0d10 Spybot-S&D Cleaning - ok
08:32:37.0067 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:37.0167 0x0d10 Sidebar - ok
08:32:37.0187 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:37.0227 0x0d10 mctadmin - ok
08:32:37.0297 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:37.0407 0x0d10 Sidebar - ok
08:32:37.0427 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:37.0472 0x0d10 mctadmin - ok
08:32:37.0477 0x0d10 Waiting for KSN requests completion. In queue: 114
08:32:38.0477 0x0d10 Waiting for KSN requests completion. In queue: 114
08:32:39.0477 0x0d10 Waiting for KSN requests completion. In queue: 114
08:32:40.0517 0x0d10 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
08:32:40.0533 0x0d10 Win FW state via NFP2: enabled
08:32:43.0019 0x0d10 ============================================================
08:32:43.0019 0x0d10 Scan finished
08:32:43.0019 0x0d10 ============================================================
08:32:43.0029 0x1254 Detected object count: 0
08:32:43.0029 0x1254 Actual detected object count: 0
VG Mirko |
|
10.01.2015, 08:59
| #21 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber und hier das Log von Combofix Code:
ATTFilter ComboFix 15-01-08.01 - Luise 10.01.2015 8:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2824 [GMT 1:00]
ausgeführt von:: c:\users\Luise\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-10 bis 2015-01-10 ))))))))))))))))))))))))))))))
.
.
2015-01-10 07:54 . 2015-01-10 07:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-01-10 07:54 . 2015-01-10 07:54 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2015-01-10 07:54 . 2015-01-10 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-09 18:14 . 2015-01-09 18:14 -------- d-----w- C:\TDSSKiller_Quarantine
2015-01-08 17:55 . 2015-01-09 18:15 -------- d-----w- c:\users\TEMP
2015-01-07 16:57 . 2015-01-07 16:57 -------- d-----w- c:\windows\ERUNT
2015-01-07 16:46 . 2015-01-07 16:49 -------- d-----w- C:\AdwCleaner
2015-01-07 16:26 . 2015-01-07 16:27 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-07 16:25 . 2015-01-07 16:25 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-01-07 16:25 . 2015-01-07 16:25 -------- d-----w- c:\programdata\Malwarebytes
2015-01-07 16:25 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-07 16:25 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-07 16:25 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-06 17:55 . 2015-01-06 17:55 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-01-04 20:57 . 2015-01-04 20:56 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-01-04 20:57 . 2015-01-04 20:56 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-01-04 20:57 . 2015-01-04 20:56 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-01-04 19:23 . 2015-01-07 20:13 -------- d-----w- C:\FRST
2015-01-04 18:38 . 2015-01-07 16:39 -------- d-----w- c:\users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 18:38 . 2015-01-07 16:39 -------- d-----w- c:\programdata\Nico Mak Computing
2015-01-03 17:16 . 2015-01-03 17:16 -------- d-----w- c:\users\Luise\AppData\Roaming\Tific
2015-01-03 17:13 . 2015-01-03 17:13 -------- d-----w- c:\users\Luise\AppData\Local\Symantec
2015-01-01 19:22 . 2015-01-01 19:22 2123264 ----a-w- c:\users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts\FRST64.exe
2015-01-01 17:15 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-01-01 17:15 . 2015-01-01 18:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-01-01 17:15 . 2015-01-01 17:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-01 17:14 . 2015-01-01 17:14 -------- d-----w- c:\users\Luise\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 16:47 . 2013-10-23 18:04 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2011-11-26 2699344]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924064]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-27 702768]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
E-POP.lnk - c:\program files (x86)\Samsung\E-POP\E-POP.exe [2012-8-2 1786248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52068243
*Deregistered* - 52068243
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 17:16 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 18:58]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-52068243.sys
SafeBoot-80900510.sys
AddRemove-Doxillion - c:\program files (x86)\NCH Software\Doxillion\doxillion.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-10 08:58:47
ComboFix-quarantined-files.txt 2015-01-10 07:58
ComboFix2.txt 2015-01-06 18:19
.
Vor Suchlauf: 14 Verzeichnis(se), 114.846.126.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 114.627.956.736 Bytes frei
.
- - End Of File - - F6B0F0F00627D9BE36B0AEC8814802DB
|
|
10.01.2015, 11:59
| #22 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 14:39
| #23 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.01.2015 Suchlauf-Zeit: 13:39:41 Logdatei: mbam1.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.10.11 Rootkit Datenbank: v2015.01.07.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Luise Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 460381 Verstrichene Zeit: 32 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 10/01/2015 um 14:20:54
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luise - LUISE-PC
# Gestartet von : C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [5227 octets] - [07/01/2015 17:46:42]
AdwCleaner[R1].txt - [894 octets] - [10/01/2015 14:18:11]
AdwCleaner[S0].txt - [4929 octets] - [07/01/2015 17:49:06]
AdwCleaner[S1].txt - [816 octets] - [10/01/2015 14:20:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [875 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luise on 10.01.2015 at 14:28:14,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 14:31:37,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 10-01-2015 14:36:02
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 14:31 - 2015-01-10 14:31 - 00000894 _____ () C:\Users\Luise\Desktop\JRT.txt
2015-01-10 14:25 - 2015-01-10 14:25 - 00000954 _____ () C:\Users\Luise\Desktop\AdwCleaner[S1].txt
2015-01-10 14:16 - 2015-01-10 14:16 - 00001204 _____ () C:\Users\Luise\Desktop\mbam1.txt
2015-01-10 13:36 - 2015-01-10 13:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luise\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-08 18:49 - 2015-01-08 18:49 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Luise\Desktop\tdsskiller.exe
2015-01-08 18:44 - 2015-01-08 18:44 - 00000000 _____ () C:\Users\Luise\Desktop\tdsskiller_exe.cvh5o0v.partial
2015-01-07 21:07 - 2015-01-07 21:08 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-07 19:21 - 2015-01-07 19:24 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-07 18:12 - 2015-01-07 18:12 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 18:10 - 2015-01-07 21:13 - 00039782 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-07 18:09 - 2015-01-10 14:37 - 00015071 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-07 18:09 - 2015-01-07 18:09 - 00000000 ____D () C:\Users\Luise\Desktop\FRST-OlderVersion
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:55 - 2015-01-07 17:55 - 01707939 _____ (Thisisu) C:\Users\Luise\Desktop\JRT.exe
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:44 - 2015-01-07 17:44 - 02173952 _____ () C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
2015-01-07 17:39 - 2015-01-07 17:39 - 00001202 _____ () C:\Users\Luise\Desktop\mbam.txt
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 19:04 - 2015-01-10 08:40 - 05609736 ____R (Swearware) C:\Users\Luise\Desktop\ComboFix.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luise\Desktop\revosetup95.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 00001264 _____ () C:\Users\Luise\Desktop\Revo Uninstaller.lnk
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-10 14:36 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 14:30 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:30 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:26 - 2012-03-08 23:10 - 01531709 _____ () C:\windows\WindowsUpdate.log
2015-01-10 14:24 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-10 14:24 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 14:24 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 14:23 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 14:21 - 2012-09-16 14:43 - 00023895 _____ () C:\windows\setupact.log
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 14:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 14:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 13:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Luise\AppData\Local\Temp\Quarantine.exe
C:\Users\Luise\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2015-01-04 10:53
==================== End Of Log ============================
plus additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-10 14:37:22
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version: - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version: - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version: - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-10-2014 18:04:42 Geplanter Prüfpunkt
01-01-2015 17:39:10 Installed SW Update
01-01-2015 19:10:55 Säuberung (Spybot - Search & Destroy 2.4, Administratorrechte)
06-01-2015 18:57:09 Revo Uninstaller's restore point - Ask Toolbar
06-01-2015 19:01:29 Revo Uninstaller's restore point - Ask Toolbar Updater
10-01-2015 08:41:13 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-06-23 18:11:04.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-23 18:11:04.202
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 4009.55 MB
Available physical RAM: 2476.77 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 6217.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:177 GB) (Free:106.32 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)
==================== End Of Log ============================
|
|
10.01.2015, 15:58
| #24 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivierenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 23:19
| #25 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber -- 2 Bedrohungen bei ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd40bc6c397d584a82791a79bec9c49a
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 07:13:58
# local_time=2015-01-10 08:13:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 24255 39491996 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 38455612 172547088 0 0
# scanned=228241
# found=2
# cleaned=0
# scan_time=14468
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=E25EDA782B23085570F643F6D9FC95F3540D3905 ft=1 fh=505f46cb9dc52e14 vn="Variante von Win64/Rootkit.Kryptik.Z Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\09.01.2015_19.10.08\necurs0000\svc0000\tsk0000.dta"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Google Chrome 37.0.2062.124 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 10-01-2015 23:16:38
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 23:16 - 2015-01-10 23:17 - 00015462 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-10 23:12 - 2015-01-10 23:12 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-10 16:10 - 2015-01-10 16:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-10 16:09 - 2015-01-10 16:09 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-07 18:12 - 2015-01-10 23:16 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-10 23:16 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 23:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 23:08 - 2012-03-08 23:10 - 01641394 _____ () C:\windows\WindowsUpdate.log
2015-01-10 22:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 18:15 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 16:08 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:44 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-10 14:43 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 14:42 - 2012-09-16 14:43 - 00023951 _____ () C:\windows\setupact.log
2015-01-10 14:42 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Luise\AppData\Local\Temp\Quarantine.exe
C:\Users\Luise\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2015-01-04 10:53
==================== End Of Log ============================
+ Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-10 23:17:52
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version: - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version: - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version: - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-10-2014 18:04:42 Geplanter Prüfpunkt
01-01-2015 17:39:10 Installed SW Update
01-01-2015 19:10:55 Säuberung (Spybot - Search & Destroy 2.4, Administratorrechte)
06-01-2015 18:57:09 Revo Uninstaller's restore point - Ask Toolbar
06-01-2015 19:01:29 Revo Uninstaller's restore point - Ask Toolbar Updater
10-01-2015 08:41:13 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2015 11:12:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 09:01:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 04:10:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 04:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 04:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 04:09:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3243791
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3243791
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/10/2015 02:49:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
System errors:
=============
Error: (01/10/2015 02:44:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (01/10/2015 02:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/10/2015 02:44:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/10/2015 02:44:11 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (01/10/2015 11:12:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
Error: (01/10/2015 09:01:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/10/2015 04:10:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
Error: (01/10/2015 04:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
Error: (01/10/2015 04:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
Error: (01/10/2015 04:09:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3243791
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3243791
Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/10/2015 02:49:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
CodeIntegrity Errors:
===================================
Date: 2014-06-23 18:11:04.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-23 18:11:04.202
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 4009.55 MB
Available physical RAM: 2461.08 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5859.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:177 GB) (Free:105.85 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)
==================== End Of Log ============================
|
|
11.01.2015, 08:19
| #26 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.01.2015, 09:41
| #27 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber, anbei die Logs Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Luise at 2015-01-11 09:30:21 Run:1
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
Emptytemp:
*****************
Der Vorgang wurde erfolgreich beendet.
EmptyTemp: => Removed 953.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:31:34 ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 11-01-2015 09:38:18
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise & NeroMediaHomeUser.4 (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 23:17 - 2015-01-10 23:18 - 00037210 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-10 23:16 - 2015-01-11 09:38 - 00015393 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-10 23:12 - 2015-01-10 23:12 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-10 16:09 - 2015-01-10 16:09 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-07 18:12 - 2015-01-10 23:16 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-11 09:38 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 09:35 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-11 09:34 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-11 09:34 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-11 09:33 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-11 09:32 - 2012-09-16 14:43 - 00024007 _____ () C:\windows\setupact.log
2015-01-11 09:31 - 2012-03-08 23:10 - 01656553 _____ () C:\windows\WindowsUpdate.log
2015-01-11 09:27 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 09:26 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 16:08 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 10:53
==================== End Of Log ============================
VG Mirko |
|
11.01.2015, 09:59
| #28 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2015, 21:36
| #29 |
| | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Hallo Schrauber, Sorry das ich erst jetzt schaffe -- hatte aber vorher keine Zeit. alles geschafft, alles super, dafür vielen lieben Dank. Wie heißt das so schön "Äußerst zufrieden" Viele Grüße Mirko |
|
14.01.2015, 08:19
| #30 |
| /// the machine /// TB-Ausbilder | TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren |
| adware, aktiviere, aktivieren, andere, avira, beiträge, hallo zusammen, hoffe, löschen, neu, neue, neuen, nicht löschen, nichts, norton, registry, scan, scanner, suche, thread, tools, troja, trojaner, zusammen, öffnen |
WARNUNG an die MITLESER: 
Linear-Darstellung
