| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von AviraWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2015, 14:30
| #1 |
| | !['TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira - Standard](images/icons/icon1.gif){kind=icon} 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira Hallo, nachdem ich heute meinen PC gestartet hab, kam von Avira folgende Meldung: In der Datei 'D:\Program Files\LucasArts\LEGO Clone Wars\LEGOCloneWars.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden. Hier der Virustotal check https://www.virustotal.com/de/file/33d3cde86fc4c041affdf1865dbcb4bfce59822332e8b2931b9a7f8a41f9573a/analysis/1420982705/ Ist das jetzt ein richtiger Trojaner oder ein Fehlalarm? Und wenn ein richtiger, was soll ich dann tun? |
|
11.01.2015, 14:35
| #2 |
| /// the machine /// TB-Ausbilder    | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.01.2015, 14:55
| #3 |
| | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira text
__________________Code:
ATTFilter Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {2161ec8a-1c03-11e0-8737-937ff6ed3be0} - F:\LGAutoRun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {33ec2797-0fa2-11e0-8c31-9adda40c9fee} - F:\LGAutoRun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {795e11e5-dcdc-11e2-8abd-89cf74b1abf0} - F:\autorun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {bb984def-b9a6-11de-9419-806e6f6e6963} - E:\RunGame.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {eb984a63-5dd8-11df-8949-a11f6e90a9f3} - F:\Startme.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {35A32DC0-6A98-4BE7-9EB7-669A196A4AEF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=3ee48730-e490-4b1e-b857-f2bddfc72fc5&apn_sauid=0D9D5EE7-59BF-4BF0-A4AD-579E40B9E738&
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67AC4F01-B060-4D59-97C5-253075060A21} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Nils\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-26]
FF Extension: ProxTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-14]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-26]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-26]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Nils\Program Files\DNA
FF Extension: DNA - C:\Users\Nils\Program Files\DNA [2009-12-28]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 appdrvrem01; C:\windows\System32\appdrvrem01.exe [304528 2009-12-25] (Protection Technology)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2014-04-16] ()
S2 pr2ah4nc; C:\windows\system32\pr2ah4nc.exe [410984 2007-08-17] (CODEMASTERS)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SystemStore; C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] () [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 SelfUpdateService; "C:\Program Files\Freetec\SystemStore\SelfUpdate.exe" -displayname "Self Update Service" -servicename "SelfUpdateService" [X]
S3 SGRKDV; C:\Users\Nils\AppData\Local\Temp\SGRKDV.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV07; C:\windows\system32\drivers\ACEDRV07.sys [101376 2010-02-07] (Protect Software GmbH) [File not signed]
R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
R1 appdrv01; C:\windows\System32\Drivers\appdrv01.sys [2915944 2009-12-25] (Protection Technology)
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [278728 2010-07-17] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-24] (DT Soft Ltd)
S3 FTDIBUS; C:\windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
S3 ggsomc; C:\windows\System32\DRIVERS\ggsomc.sys [26328 2014-09-14] (Sony Mobile Communications)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25416 2010-07-17] ()
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 papycpu; C:\windows\system32\Drivers\papycpu.sys [1984 1998-09-04] () [File not signed]
R0 pe3ah4nc; C:\windows\System32\drivers\pe3ah4nc.sys [64616 2007-08-17] (CODEMASTERS)
S1 prodrv06; C:\windows\System32\drivers\prodrv06.sys [54272 2004-04-08] (Protection Technology) [File not signed]
S0 prohlp02; C:\windows\System32\drivers\prohlp02.sys [70400 2004-04-08] (Protection Technology) [File not signed]
S0 prosync1; C:\windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R0 ps7ah4nc; C:\windows\System32\drivers\ps7ah4nc.sys [68208 2007-08-17] (CODEMASTERS)
S3 s1018obex; C:\windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S0 sfhlp01; C:\windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 WinDriver6; C:\windows\System32\drivers\windrvr6.sys [193696 2008-07-03] (Jungo)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
U5 papyjoy; C:\Windows\System32\Drivers\papyjoy.sys [1888 1998-09-04] () [File not signed]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva358; \??\C:\windows\system32\XDva358.sys [X]
S3 XDva370; \??\C:\windows\system32\XDva370.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 14:43 - 2015-01-11 14:51 - 00054798 _____ () C:\Users\Nils\Downloads\Addition.txt
2015-01-11 14:40 - 2015-01-11 14:51 - 00021141 _____ () C:\Users\Nils\Downloads\FRST.txt
2015-01-11 14:40 - 2015-01-11 14:51 - 00000000 ____D () C:\FRST
2015-01-11 14:39 - 2015-01-11 14:39 - 01115648 _____ (Farbar) C:\Users\Nils\Downloads\FRST.exe
2015-01-01 20:36 - 2015-01-01 20:36 - 00010826 _____ () C:\Users\Nils\Documents\autobahn.xlsx
2014-12-26 13:56 - 2014-12-26 13:56 - 00000000 ____D () C:\Program Files\Free Codec Pack
2014-12-26 13:54 - 2014-12-26 13:55 - 03529392 _____ (DVDVideoSoft Ltd. ) C:\Users\Nils\Downloads\FreeYouTubeToMP3-1215Converter.exe
2014-12-21 15:26 - 2014-12-21 15:26 - 00000000 ____D () C:\Users\Nils\Documents\Sony
2014-12-21 15:25 - 2014-12-21 15:27 - 00018242 _____ () C:\windows\DPINST.LOG
2014-12-21 15:25 - 2014-12-21 15:25 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-21 15:20 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\Nils\Desktop\100ANDRO
2014-12-19 19:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 14:50 - 2013-02-16 16:42 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 14:42 - 2013-05-21 17:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 14:36 - 2012-05-09 17:03 - 00000000 ____D () C:\Users\Nils\Documents\TubeBox
2015-01-11 14:32 - 2014-11-21 19:27 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 14:25 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 14:25 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 14:21 - 2009-09-16 22:52 - 01589071 _____ () C:\windows\WindowsUpdate.log
2015-01-11 14:15 - 2013-02-16 16:42 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 14:15 - 2009-12-25 14:21 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-11 14:14 - 2014-11-17 20:34 - 00003920 _____ () C:\windows\setupact.log
2015-01-11 14:14 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 14:18 - 2013-05-20 21:59 - 00000974 _____ () C:\windows\Tasks\Google Software Updater.job
2015-01-04 17:57 - 2010-01-10 15:09 - 00000000 ____D () C:\Users\Nils\AppData\Local\NFS Underground 2
2015-01-04 16:51 - 2011-03-06 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-01-02 17:32 - 2014-08-20 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2015-01-02 17:31 - 2012-05-20 17:00 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-01-02 17:31 - 2011-05-13 21:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-27 17:40 - 2013-08-05 13:26 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-12-27 11:37 - 2014-11-17 20:34 - 00002656 _____ () C:\windows\PFRO.log
2014-12-26 13:57 - 2014-09-23 16:08 - 00002272 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-12-26 13:57 - 2014-09-23 16:08 - 00001199 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-12-26 13:57 - 2013-06-29 22:10 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-12-26 13:57 - 2013-01-27 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-26 13:56 - 2014-09-23 16:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-12-26 13:56 - 2010-09-11 19:12 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\DVDVideoSoft
2014-12-25 20:23 - 2014-11-08 18:12 - 00027861 _____ () C:\Users\Nils\Documents\TombRaider.log
2014-12-21 18:20 - 2012-09-26 18:46 - 00098304 _____ (Sony DADC Austria AG.) C:\windows\system32\CmdLineExt.dll
2014-12-21 15:25 - 2014-09-14 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-21 15:25 - 2009-09-16 22:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-21 15:23 - 2011-03-06 13:51 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 19:02 - 2014-11-07 17:49 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 19:02 - 2014-08-07 12:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 19:02 - 2012-12-03 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 19:02 - 2012-12-03 17:15 - 00000000 ____D () C:\Program Files\Avira
2014-12-14 20:39 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2014-12-14 12:30 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
Files to move or delete:
====================
C:\Users\Nils\RD2.EXE
Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\tmd_34013466.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 19:16
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015
Ran by Nils at 2015-01-11 14:51:51
Running from C:\Users\Nils\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF79E1E0-EB3B-A08A-624B-08F7296DFD65}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Battlefield 2(TM) (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 2: Special Forces (HKLM\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version: - )
Biathlon Champion 2007 (HKLM\...\{5AE1B733-291D-41A6-8399-EDA07155C12F}) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) Demo (Version: 1.00.0000 - Activision) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DiRT (HKLM\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters)
DiRT2 (HKLM\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DiRT2 (Version: 1.0.0002.133 - Codemasters) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DNA (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
EAX Unified (HKLM\...\EAX Unified) (Version: - )
EAX4 Unified Redist (HKLM\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Euro Truck Simulator 1.1 (HKLM\...\Euro Truck Simulator) (Version: 1.1 - )
F1 2011 (HKLM\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (Version: 1.0.0002.129 - Codemasters) Hidden
Far Cry® 3 (HKLM\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Free Audio Dub version 1.7.9.908 (HKLM\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free Audio Editor version 1.0.5.923 (HKLM\...\Free Audio Editor_is1) (Version: 1.0.5.923 - DVDVideoSoft Ltd.)
Free Hide IP (HKLM\...\FreeHideIP) (Version: 3.9.0.2 - )
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 09 (HKLM\...\FUSSBALL MANAGER 09) (Version: - Electronic Arts)
Google Earth (HKLM\...\{528145C0-462A-11E1-B8B4-B8AC6F97B88E}) (Version: 6.2.0.5905 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL 2004 DEMO (HKLM\...\GPL 2004 DEMO) (Version: - GPL Community & The GPLEA)
Grand Prix 3 (HKLM\...\{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}) (Version: - )
Grand Prix Legends (HKLM\...\Grand Prix Legends) (Version: - )
Grand Theft Auto San Andreas (HKLM\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
GRID (HKLM\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters)
GTR Evolution (HKLM\...\GTR Evolution_1.1.1.2_is1) (Version: - SimBin)
GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
L.A. Noire (HKLM\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - )
Locomotion (HKLM\...\{77F45E76-E897-42CA-A9FE-5F56817D875C}) (Version: 1.00.000 - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Mafia (HKLM\...\Mafia) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt (HKLM\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
nccad76 (HKLM\...\{5CE0A0F8-85F6-458C-86D3-9C53479056F9}) (Version: 1.0 - MAX computer GmbH)
Need For Speed - Porsche (HKLM\...\Need For Speed - Porsche) (Version: - )
Need for Speed (HKLM\...\Need for Speed High Stakes) (Version: - )
Need for Speed Underground 2 (HKLM\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
NetSetMan 2.6.1 (HKLM\...\NetSetMan 2_is1) (Version: 2.6.1 - Ilja Herlein)
Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
NVIDIA PhysX (HKLM\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Pro Cycling Manager - Season 2008 1.0.2.3 (HKLM\...\Pro Cycling Manager 2008_is1) (Version: 1.0.2.3 - Cyanide Entertainment)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RACE 07 - Formula RaceRoom Add-On (HKLM\...\Steam App 44630) (Version: - )
RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
Race Driver 2 (HKLM\...\InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}) (Version: 1.01.0000 - Codemasters)
Race Driver 2 (Version: 1.01.0000 - Codemasters) Hidden
Rapture3D 2.4.9 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (Version: 1.61 - Firaxis Games) Hidden
Sierra Utilities (HKLM\...\Sierra Utilities) (Version: - )
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
Spec Ops: The Line (HKLM\...\Steam App 50300) (Version: - Yager)
Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Test Drive Unlimited (HKLM\...\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}) (Version: 0.10.0000 - Ihr Firmenname)
TGV Pack (HKLM\...\{50795E20-2B69-11D6-B782-00A0CC7B9044}) (Version: - )
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Tropico 3: Absolute Power (HKLM\...\Tropico3) (Version: 2.01 - Kalypso Media)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{047DDC7E-F9C2-11DD-A093-79D855D89593}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0AFACED1-E828-11D1-9187-B532F1E9575D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{19352205-42B0-4690-9AA4-D7DB9AE5F259}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{1FDA955B-61FF-11DA-978C-0008744FAAB7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{375FF002-DD27-11D9-8F9C-0002B3988E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{3ABEAFC4-F48F-4517-A9B0-8AD6A94A99A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{41937347-2ABA-4D4C-A4CA-6FE4F11F1BAC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{4516CEE1-97DA-4030-A444-2D8E296B96B6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{5F6C1BA8-5330-422E-A368-572B244D3F87}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{6B9228DA-9C15-419E-856C-19E768A13BDC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{7B4A83B6-F704-4B77-8E3D-C6087E3A21D2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{88D96A06-F192-11D4-A65F-0040963251E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{a3c6dafc-e193-42fc-adca-5316b5d6d653}\InprocServer32 -> C:\Users\Nils\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{BD472F60-27FA-11CF-B8B4-444553540000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C100BEA3-D33A-4A4B-BF23-BBEF4663D017}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C529C7EF-A3AF-45F2-8A47-767B33AA5CC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C605507B-9613-4756-9C07-E0D74321CB1E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C707F6A6-A1F3-45D7-99AA-A2B9491E84AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C72BE2EC-8E90-452C-B29A-AB8FF1C071FC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{CDC82860-468D-4D4E-B7E7-C298FF23AB2C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{D3DCB472-7261-43CE-924B-0704BD730D5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{ECF03A32-103D-11D2-854D-006008059367}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{F46316E4-FB1B-46EB-AEDF-9520BFBB916A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path
==================== Restore Points =========================
11-01-2015 13:58:55 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05CADDB5-03AC-448D-B1BD-2AD145E17F61} - System32\Tasks\{C4D5C8F0-75A3-417C-A67B-158DA58E7C8E} => C:\Program Files\Atari\Locomotion\Loco.exe [2004-09-07] (Atari Inc.)
Task: {0B344FCD-3D87-4A93-A9B8-471A96FFDA75} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {40BEE685-77E1-4331-9A32-41E108E7162C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D013930-778D-4A7B-AD38-FEF72EB5A7FA} - System32\Tasks\{EEA173BF-AB99-46B7-86C6-9005AF60709D} => pcalua.exe -a "C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TNG3AG9\pt1-setup2[1].exe" -d C:\Users\Nils\Desktop
Task: {62105D4E-1B84-49EF-A1A9-556D8886C695} - System32\Tasks\{36C2BAAA-638D-4863-A531-E04269F980F2} => pcalua.exe -a E:\SetupLauncher.exe -d E:\
Task: {64E73D73-B2D1-4334-A68E-41EA1E5F73E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {75215230-74AB-40AA-BDC3-E120797026DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {8AA5DDE9-3A3C-41D9-AE93-403EF40DF482} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {939C07AD-6464-4AF6-B00E-6EA49000837C} - System32\Tasks\{B17697FA-D54B-443E-ADE2-81BEED1451D1} => pcalua.exe -a "C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TNG3AG9\avira_antivir_personal_de[1].exe" -d C:\Users\Nils\Desktop
Task: {997A9BB9-F201-4146-94AD-C29F5C0AE42B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1016556084-3091970497-507946437-1000
Task: {9B94600A-C2BB-44A5-BBC7-38E55B6F1BC9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
Task: {C0AF16A9-7CA5-41AD-A125-7AB7D84C3058} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EB34FAA0-2B0B-453C-AEB5-0BAE6C88D6BF} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-05-20] (Google)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-21 17:21 - 2014-04-16 16:27 - 00076888 _____ () C:\windows\system32\PnkBstrA.exe
2009-09-16 22:57 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2012-04-24 13:21 - 2012-04-24 13:21 - 00014848 ____N () C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2009-09-16 23:06 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-10-14 13:39 - 2014-12-09 19:17 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-03-14 13:21 - 2011-03-14 13:21 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-08 12:53 - 2011-09-08 12:53 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-02 17:31 - 2015-01-02 17:31 - 16843952 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Nils\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: C: =>
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDFPrint => D:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Nils\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
========================= Accounts: ==========================
Administrator (S-1-5-21-1016556084-3091970497-507946437-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1016556084-3091970497-507946437-1008 - Limited - Enabled)
Gast (S-1-5-21-1016556084-3091970497-507946437-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1016556084-3091970497-507946437-1010 - Limited - Enabled)
Nils (S-1-5-21-1016556084-3091970497-507946437-1000 - Administrator - Enabled) => C:\Users\Nils
oliver (S-1-5-21-1016556084-3091970497-507946437-1006 - Administrator - Enabled)
==================== Faulty Device Manager Devices =============
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2015 02:00:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/11/2015 02:00:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/11/2015 01:55:01 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (01/11/2015 01:54:11 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (01/11/2015 01:54:11 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0x80072EE7
Error: (01/11/2015 01:53:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/11/2015 01:52:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/08/2015 08:03:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Microsoft Office Word wurde wegen dieses Fehlers geschlossen.
Programm: Microsoft Office Word
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0
Error: (01/08/2015 08:03:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6713.5000, Zeitstempel: 0x546c1c8e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000096
Fehleroffset: 0x089df89d
ID des fehlerhaften Prozesses: 0x177c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Error: (01/06/2015 01:10:08 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
System errors:
=============
Error: (01/11/2015 02:17:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (01/11/2015 02:15:59 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 02:15:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
sfhlp01
Error: (01/11/2015 02:15:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/11/2015 02:15:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (01/11/2015 02:14:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (01/11/2015 02:14:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Self Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/11/2015 02:14:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/11/2015 02:14:12 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (01/11/2015 02:13:56 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber prodrv06.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (09/28/2014 03:46:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/26/2013 06:14:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3101 seconds with 840 seconds of active time. This session ended with a crash.
Error: (06/04/2012 04:24:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 819 seconds with 360 seconds of active time. This session ended with a crash.
Error: (11/05/2010 08:44:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162 seconds with 60 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 3036.61 MB
Available physical RAM: 1451.83 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3993.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.92 GB) (Free:10.33 GB) NTFS
Drive d: () (Fixed) (Total:82.07 GB) (Free:14.43 GB) NTFS
Drive e: (NFSUG2_DISK2) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=82.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.01.2015, 15:41
| #4 |
| /// the machine /// TB-Ausbilder | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.01.2015, 17:12
| #5 |
| | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira Also von Logfile von MBAR Code:
ATTFilter ls :: NILS-PC [administrator]
11.01.2015 16:35:48
mbar-log-2015-01-11 (16-35-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 378863
Time elapsed: 23 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:08:24.0516 0x12ec TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
17:08:26.0419 0x12ec ============================================================
17:08:26.0419 0x12ec Current date / time: 2015/01/11 17:08:26.0419
17:08:26.0419 0x12ec SystemInfo:
17:08:26.0419 0x12ec
17:08:26.0419 0x12ec OS Version: 6.1.7601 ServicePack: 1.0
17:08:26.0419 0x12ec Product type: Workstation
17:08:26.0419 0x12ec ComputerName: NILS-PC
17:08:26.0419 0x12ec UserName: Nils
17:08:26.0419 0x12ec Windows directory: C:\windows
17:08:26.0419 0x12ec System windows directory: C:\windows
17:08:26.0419 0x12ec Processor architecture: Intel x86
17:08:26.0419 0x12ec Number of processors: 2
17:08:26.0419 0x12ec Page size: 0x1000
17:08:26.0419 0x12ec Boot type: Normal boot
17:08:26.0419 0x12ec ============================================================
17:08:26.0544 0x12ec KLMD registered as C:\windows\system32\drivers\40317518.sys
17:08:26.0793 0x12ec System UUID: {A160D5DF-7125-66C5-C6F0-770F78877DFA}
17:08:27.0433 0x12ec Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:27.0433 0x12ec ============================================================
17:08:27.0433 0x12ec \Device\Harddisk0\DR0:
17:08:27.0433 0x12ec MBR partitions:
17:08:27.0433 0x12ec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:08:27.0433 0x12ec \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x191D8800
17:08:27.0433 0x12ec \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B00B000, BlocksNum 0xA423000
17:08:27.0433 0x12ec ============================================================
17:08:27.0480 0x12ec C: <-> \Device\Harddisk0\DR0\Partition2
17:08:27.0542 0x12ec D: <-> \Device\Harddisk0\DR0\Partition3
17:08:27.0542 0x12ec ============================================================
17:08:27.0542 0x12ec Initialize success
17:08:27.0542 0x12ec ============================================================
17:08:28.0946 0x04a0 ============================================================
17:08:28.0946 0x04a0 Scan started
17:08:28.0946 0x04a0 Mode: Manual;
17:08:28.0946 0x04a0 ============================================================
17:08:28.0946 0x04a0 KSN ping started
17:08:31.0739 0x04a0 KSN ping finished: true
17:08:32.0519 0x04a0 ================ Scan system memory ========================
17:08:32.0519 0x04a0 System memory - ok
17:08:32.0534 0x04a0 ================ Scan services =============================
17:08:32.0815 0x04a0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:08:32.0815 0x04a0 1394ohci - ok
17:08:32.0940 0x04a0 [ 4E5451DD0AEC8504D7F8030DD2D4C416, D1BF62B1D3D3D347DA46C0FE002C117FABC0ABCCABD1C56D5A6D9F1682C61233 ] ACEDRV07 C:\windows\system32\drivers\ACEDRV07.sys
17:08:32.0955 0x04a0 ACEDRV07 - ok
17:08:33.0080 0x04a0 [ A6FE70357A68AD1E279CD1012419CCE6, 561B0E21383600F9A0BFB8562AAE648BBC48A320F58E4189C508123B8F106A29 ] acedrv11 C:\windows\system32\drivers\acedrv11.sys
17:08:33.0096 0x04a0 acedrv11 - ok
17:08:33.0189 0x04a0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\windows\system32\drivers\ACPI.sys
17:08:33.0205 0x04a0 ACPI - ok
17:08:33.0252 0x04a0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:08:33.0252 0x04a0 AcpiPmi - ok
17:08:33.0377 0x04a0 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:08:33.0377 0x04a0 AdobeARMservice - ok
17:08:33.0517 0x04a0 [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:08:33.0533 0x04a0 AdobeFlashPlayerUpdateSvc - ok
17:08:33.0626 0x04a0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:08:33.0642 0x04a0 adp94xx - ok
17:08:33.0673 0x04a0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:08:33.0673 0x04a0 adpahci - ok
17:08:33.0704 0x04a0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:08:33.0720 0x04a0 adpu320 - ok
17:08:33.0782 0x04a0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:08:33.0782 0x04a0 AeLookupSvc - ok
17:08:33.0876 0x04a0 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\windows\system32\drivers\afd.sys
17:08:33.0891 0x04a0 AFD - ok
17:08:33.0938 0x04a0 [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:08:33.0938 0x04a0 AgereModemAudio - ok
17:08:34.0032 0x04a0 [ 07758C2196A62F207F77556311E7459A, E63C4BE29CA03907FC8E23D65D1D6CF517D22AA7F5C341E42777101AF1CAB2D9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
17:08:34.0063 0x04a0 AgereSoftModem - ok
17:08:34.0110 0x04a0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\windows\system32\drivers\agp440.sys
17:08:34.0110 0x04a0 agp440 - ok
17:08:34.0188 0x04a0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
17:08:34.0188 0x04a0 aic78xx - ok
17:08:34.0281 0x04a0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\windows\System32\alg.exe
17:08:34.0297 0x04a0 ALG - ok
17:08:34.0344 0x04a0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\windows\system32\drivers\aliide.sys
17:08:34.0344 0x04a0 aliide - ok
17:08:34.0437 0x04a0 [ 4B808991F51D50BC6A3A3C8541D52748, 77900F9585BBA99147473CEDACB472038EEEE862BB70B2C803546181EF61B378 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:08:34.0437 0x04a0 AMD External Events Utility - ok
17:08:34.0484 0x04a0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\windows\system32\drivers\amdagp.sys
17:08:34.0484 0x04a0 amdagp - ok
17:08:34.0593 0x04a0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\windows\system32\drivers\amdide.sys
17:08:34.0593 0x04a0 amdide - ok
17:08:34.0640 0x04a0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:08:34.0640 0x04a0 AmdK8 - ok
17:08:35.0467 0x04a0 [ BC7C2154C4B23F74222859C4D93A3039, C9F758286AB6567D26C337F6B5A591797D12E576627AB45B72A6761F6D817087 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
17:08:35.0654 0x04a0 amdkmdag - ok
17:08:35.0748 0x04a0 [ DC5D417390A70DB5583374A232BE622F, 6A2F8E566DADB4DEB1ECD74F5B310AA9AD177BCF91EA179F846D2F9E8115AFEB ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
17:08:35.0748 0x04a0 amdkmdap - ok
17:08:35.0826 0x04a0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:08:35.0826 0x04a0 AmdPPM - ok
17:08:35.0888 0x04a0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:08:35.0888 0x04a0 amdsata - ok
17:08:35.0919 0x04a0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:08:35.0935 0x04a0 amdsbs - ok
17:08:35.0966 0x04a0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:08:35.0966 0x04a0 amdxata - ok
17:08:36.0091 0x04a0 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:08:36.0107 0x04a0 AntiVirSchedulerService - ok
17:08:36.0169 0x04a0 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:08:36.0185 0x04a0 AntiVirService - ok
17:08:36.0341 0x04a0 [ FEC0C3F9B39C5D17EC3442F244EC0474, 9FAE0AD7EB5A4BD4FF2450D648C1EE7C928FEFD22F85DADBA77652E2C9781F1D ] appdrv01 C:\windows\system32\Drivers\appdrv01.sys
17:08:36.0403 0x04a0 appdrv01 - ok
17:08:36.0419 0x04a0 appdrvrem01 - ok
17:08:36.0465 0x04a0 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\windows\system32\drivers\appid.sys
17:08:36.0481 0x04a0 AppID - ok
17:08:36.0528 0x04a0 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\windows\System32\appidsvc.dll
17:08:36.0528 0x04a0 AppIDSvc - ok
17:08:36.0606 0x04a0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\windows\System32\appinfo.dll
17:08:36.0606 0x04a0 Appinfo - ok
17:08:36.0731 0x04a0 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:36.0746 0x04a0 Apple Mobile Device - ok
17:08:36.0777 0x04a0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\windows\system32\DRIVERS\arc.sys
17:08:36.0793 0x04a0 arc - ok
17:08:36.0809 0x04a0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:08:36.0809 0x04a0 arcsas - ok
17:08:37.0011 0x04a0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:08:37.0011 0x04a0 aspnet_state - ok
17:08:37.0043 0x04a0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:08:37.0043 0x04a0 AsyncMac - ok
17:08:37.0152 0x04a0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\windows\system32\drivers\atapi.sys
17:08:37.0152 0x04a0 atapi - ok
17:08:37.0292 0x04a0 [ 49F17A2E79469BE6581D491706720671, C6D1497847286A0C63779B27F730526235250D2113B4BED66AF630DC1CF22527 ] athr C:\windows\system32\DRIVERS\athr.sys
17:08:37.0339 0x04a0 athr - ok
17:08:37.0698 0x04a0 [ BC7C2154C4B23F74222859C4D93A3039, C9F758286AB6567D26C337F6B5A591797D12E576627AB45B72A6761F6D817087 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
17:08:37.0869 0x04a0 atikmdag - ok
17:08:37.0994 0x04a0 [ 72BC628AF75C4C3250F2A3BAC260265A, 8A7DA327FB053EF172F0FD57F9822CF165B93F4B224D6FEE663690694D9CAA80 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
17:08:38.0010 0x04a0 atksgt - ok
17:08:38.0135 0x04a0 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:08:38.0150 0x04a0 AudioEndpointBuilder - ok
17:08:38.0166 0x04a0 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\windows\System32\Audiosrv.dll
17:08:38.0181 0x04a0 Audiosrv - ok
17:08:38.0244 0x04a0 [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:08:38.0244 0x04a0 avgntflt - ok
17:08:38.0337 0x04a0 [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:08:38.0337 0x04a0 avipbb - ok
17:08:38.0462 0x04a0 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
17:08:38.0462 0x04a0 Avira.OE.ServiceHost - ok
17:08:38.0525 0x04a0 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:08:38.0540 0x04a0 avkmgr - ok
17:08:38.0603 0x04a0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\windows\System32\AxInstSV.dll
17:08:38.0603 0x04a0 AxInstSV - ok
17:08:38.0681 0x04a0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
17:08:38.0681 0x04a0 b06bdrv - ok
17:08:38.0727 0x04a0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
17:08:38.0743 0x04a0 b57nd60x - ok
17:08:38.0852 0x04a0 [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:08:38.0852 0x04a0 BcmSqlStartupSvc - ok
17:08:38.0915 0x04a0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\windows\System32\bdesvc.dll
17:08:38.0915 0x04a0 BDESVC - ok
17:08:38.0946 0x04a0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\windows\system32\drivers\Beep.sys
17:08:38.0946 0x04a0 Beep - ok
17:08:39.0024 0x04a0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\windows\System32\bfe.dll
17:08:39.0055 0x04a0 BFE - ok
17:08:39.0133 0x04a0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\windows\System32\qmgr.dll
17:08:39.0164 0x04a0 BITS - ok
17:08:39.0195 0x04a0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:08:39.0195 0x04a0 blbdrive - ok
17:08:39.0351 0x04a0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:08:39.0367 0x04a0 Bonjour Service - ok
17:08:39.0476 0x04a0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:08:39.0476 0x04a0 bowser - ok
17:08:39.0539 0x04a0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:08:39.0539 0x04a0 BrFiltLo - ok
17:08:39.0570 0x04a0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:08:39.0570 0x04a0 BrFiltUp - ok
17:08:39.0632 0x04a0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\windows\System32\browser.dll
17:08:39.0648 0x04a0 Browser - ok
17:08:39.0679 0x04a0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:08:39.0695 0x04a0 Brserid - ok
17:08:39.0710 0x04a0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:08:39.0710 0x04a0 BrSerWdm - ok
17:08:39.0726 0x04a0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:08:39.0741 0x04a0 BrUsbMdm - ok
17:08:39.0741 0x04a0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:08:39.0741 0x04a0 BrUsbSer - ok
17:08:39.0835 0x04a0 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:08:39.0835 0x04a0 BthEnum - ok
17:08:39.0866 0x04a0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:08:39.0866 0x04a0 BTHMODEM - ok
17:08:39.0897 0x04a0 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:08:39.0897 0x04a0 BthPan - ok
17:08:39.0975 0x04a0 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:08:39.0975 0x04a0 BTHPORT - ok
17:08:40.0007 0x04a0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\windows\system32\bthserv.dll
17:08:40.0022 0x04a0 bthserv - ok
17:08:40.0038 0x04a0 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:08:40.0038 0x04a0 BTHUSB - ok
17:08:40.0069 0x04a0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:08:40.0069 0x04a0 cdfs - ok
17:08:40.0194 0x04a0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:08:40.0194 0x04a0 cdrom - ok
17:08:40.0256 0x04a0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\windows\System32\certprop.dll
17:08:40.0256 0x04a0 CertPropSvc - ok
17:08:40.0428 0x04a0 [ 08D4BD3F12DFF3A11E4F2C09745DA0FA, 99A19D3B43F5B21A3E23B9A91D9443ED2710C14B954C769B837626181FC4F630 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
17:08:40.0428 0x04a0 CGVPNCliService - ok
17:08:40.0475 0x04a0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:08:40.0475 0x04a0 circlass - ok
17:08:40.0568 0x04a0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\windows\system32\CLFS.sys
17:08:40.0584 0x04a0 CLFS - ok
17:08:40.0693 0x04a0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:40.0693 0x04a0 clr_optimization_v2.0.50727_32 - ok
17:08:40.0755 0x04a0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:40.0755 0x04a0 clr_optimization_v4.0.30319_32 - ok
17:08:40.0771 0x04a0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:08:40.0771 0x04a0 CmBatt - ok
17:08:40.0865 0x04a0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\windows\system32\drivers\cmdide.sys
17:08:40.0865 0x04a0 cmdide - ok
17:08:40.0943 0x04a0 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\windows\system32\Drivers\cng.sys
17:08:40.0943 0x04a0 CNG - ok
17:08:41.0005 0x04a0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:08:41.0005 0x04a0 Compbatt - ok
17:08:41.0067 0x04a0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:08:41.0067 0x04a0 CompositeBus - ok
17:08:41.0083 0x04a0 COMSysApp - ok
17:08:41.0114 0x04a0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:08:41.0114 0x04a0 crcdisk - ok
17:08:41.0177 0x04a0 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:08:41.0177 0x04a0 CryptSvc - ok
17:08:41.0270 0x04a0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\windows\system32\rpcss.dll
17:08:41.0270 0x04a0 DcomLaunch - ok
17:08:41.0333 0x04a0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\windows\System32\defragsvc.dll
17:08:41.0333 0x04a0 defragsvc - ok
17:08:41.0426 0x04a0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:08:41.0426 0x04a0 DfsC - ok
17:08:41.0520 0x04a0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\windows\system32\dhcpcore.dll
17:08:41.0535 0x04a0 Dhcp - ok
17:08:41.0582 0x04a0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\windows\system32\drivers\discache.sys
17:08:41.0582 0x04a0 discache - ok
17:08:41.0645 0x04a0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\windows\system32\DRIVERS\disk.sys
17:08:41.0645 0x04a0 Disk - ok
17:08:41.0707 0x04a0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\windows\System32\dnsrslvr.dll
17:08:41.0707 0x04a0 Dnscache - ok
17:08:41.0769 0x04a0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\windows\System32\dot3svc.dll
17:08:41.0785 0x04a0 dot3svc - ok
17:08:41.0847 0x04a0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\windows\system32\dps.dll
17:08:41.0847 0x04a0 DPS - ok
17:08:41.0941 0x04a0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:08:41.0941 0x04a0 drmkaud - ok
17:08:42.0035 0x04a0 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
17:08:42.0050 0x04a0 dtsoftbus01 - ok
17:08:42.0144 0x04a0 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:08:42.0159 0x04a0 DXGKrnl - ok
17:08:42.0206 0x04a0 EagleNT - ok
17:08:42.0253 0x04a0 EagleXNt - ok
17:08:42.0315 0x04a0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\windows\System32\eapsvc.dll
17:08:42.0331 0x04a0 EapHost - ok
17:08:42.0534 0x04a0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
17:08:42.0596 0x04a0 ebdrv - ok
17:08:42.0705 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\windows\System32\lsass.exe
17:08:42.0705 0x04a0 EFS - ok
17:08:43.0189 0x04a0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:08:43.0205 0x04a0 ehRecvr - ok
17:08:43.0251 0x04a0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\windows\ehome\ehsched.exe
17:08:43.0251 0x04a0 ehSched - ok
17:08:43.0314 0x04a0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:08:43.0329 0x04a0 elxstor - ok
17:08:43.0376 0x04a0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:08:43.0376 0x04a0 ErrDev - ok
17:08:43.0439 0x04a0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\windows\system32\es.dll
17:08:43.0439 0x04a0 EventSystem - ok
17:08:43.0470 0x04a0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\windows\system32\drivers\exfat.sys
17:08:43.0485 0x04a0 exfat - ok
17:08:43.0501 0x04a0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:08:43.0501 0x04a0 fastfat - ok
17:08:43.0626 0x04a0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\windows\system32\fxssvc.exe
17:08:43.0641 0x04a0 Fax - ok
17:08:43.0688 0x04a0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:08:43.0704 0x04a0 fdc - ok
17:08:43.0719 0x04a0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\windows\system32\fdPHost.dll
17:08:43.0719 0x04a0 fdPHost - ok
17:08:43.0735 0x04a0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\windows\system32\fdrespub.dll
17:08:43.0735 0x04a0 FDResPub - ok
17:08:43.0766 0x04a0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:08:43.0766 0x04a0 FileInfo - ok
17:08:43.0766 0x04a0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:08:43.0766 0x04a0 Filetrace - ok
17:08:43.0797 0x04a0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:08:43.0797 0x04a0 flpydisk - ok
17:08:43.0844 0x04a0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:08:43.0844 0x04a0 FltMgr - ok
17:08:44.0000 0x04a0 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\windows\system32\FntCache.dll
17:08:44.0031 0x04a0 FontCache - ok
17:08:44.0219 0x04a0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:44.0234 0x04a0 FontCache3.0.0.0 - ok
17:08:44.0250 0x04a0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:08:44.0250 0x04a0 FsDepends - ok
17:08:44.0297 0x04a0 [ 491E9D9A26A745F6AE7D570849F4BD87, 9E0E0924C129DC82EAFCC74036A2F8DCAB969E38008312F2583CC00E082A5EA2 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
17:08:44.0297 0x04a0 fssfltr - ok
17:08:44.0406 0x04a0 [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:08:44.0421 0x04a0 fsssvc - ok
17:08:44.0531 0x04a0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:08:44.0546 0x04a0 Fs_Rec - ok
17:08:44.0609 0x04a0 [ ED1C6D5C2063C25948F03E605D2135B6, C0A0F6304B3DE36B50331123E3582CC0172F79377DC8EE07B4D7194516040D74 ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys
17:08:44.0624 0x04a0 FTDIBUS - ok
17:08:44.0671 0x04a0 [ 2BF31C308361DFC896C36AF43956D83D, 4A52D543814800C686C635C663A732FBBD919B8B1C4EDF6EE1EB920968592491 ] FTSER2K C:\windows\system32\drivers\ftser2k.sys
17:08:44.0671 0x04a0 FTSER2K - ok
17:08:44.0749 0x04a0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:08:44.0765 0x04a0 fvevol - ok
17:08:44.0811 0x04a0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:08:44.0811 0x04a0 gagp30kx - ok
17:08:44.0905 0x04a0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:08:44.0905 0x04a0 GEARAspiWDM - ok
17:08:44.0983 0x04a0 [ 1FEC299F19D64E30788F0F1572933AE1, A720D9CC558787B6880785533230000E12C309D10FDACC6AD489E2F34AC54DFE ] ggflt C:\windows\system32\DRIVERS\ggflt.sys
17:08:44.0983 0x04a0 ggflt - ok
17:08:45.0061 0x04a0 [ F84723EF1733053581689B74C47F4DD2, D69E0DB817B82BC9E564B1136AD5D55EF3A66842B74C66D7DF96CE5528F414BD ] ggsomc C:\windows\system32\DRIVERS\ggsomc.sys
17:08:45.0061 0x04a0 ggsomc - ok
17:08:45.0139 0x04a0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\windows\System32\gpsvc.dll
17:08:45.0155 0x04a0 gpsvc - ok
17:08:45.0295 0x04a0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:45.0295 0x04a0 gupdate - ok
17:08:45.0311 0x04a0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:45.0311 0x04a0 gupdatem - ok
17:08:45.0373 0x04a0 [ 408DDD80EEDE47175F6844817B90213E, 836822885D90DAFFD25A7D7EE363F4DACD41AA4B59095243E2798B137DC55FE3 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:08:45.0373 0x04a0 gusvc - ok
17:08:45.0420 0x04a0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:08:45.0420 0x04a0 hcw85cir - ok
17:08:45.0482 0x04a0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:08:45.0498 0x04a0 HdAudAddService - ok
17:08:45.0560 0x04a0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:08:45.0560 0x04a0 HDAudBus - ok
17:08:45.0591 0x04a0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:08:45.0591 0x04a0 HidBatt - ok
17:08:45.0607 0x04a0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:08:45.0607 0x04a0 HidBth - ok
17:08:45.0623 0x04a0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:08:45.0623 0x04a0 HidIr - ok
17:08:45.0654 0x04a0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\windows\system32\hidserv.dll
17:08:45.0669 0x04a0 hidserv - ok
17:08:45.0701 0x04a0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\windows\system32\drivers\hidusb.sys
17:08:45.0701 0x04a0 HidUsb - ok
17:08:45.0763 0x04a0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\windows\system32\kmsvc.dll
17:08:45.0763 0x04a0 hkmsvc - ok
17:08:45.0841 0x04a0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:08:45.0841 0x04a0 HomeGroupListener - ok
17:08:45.0903 0x04a0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:08:45.0903 0x04a0 HomeGroupProvider - ok
17:08:45.0966 0x04a0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:08:45.0966 0x04a0 HpSAMD - ok
17:08:46.0106 0x04a0 [ 7F437A78C5B0105B67B830D00AD719F8, F84EA4269F1B5DF14D0C027CC0940E047EACB420A9F33CB6C618122187E4AE65 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:08:46.0122 0x04a0 HPSLPSVC - ok
17:08:46.0215 0x04a0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:08:46.0215 0x04a0 HTTP - ok
17:08:46.0262 0x04a0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:08:46.0278 0x04a0 hwpolicy - ok
17:08:46.0371 0x04a0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:08:46.0371 0x04a0 i8042prt - ok
17:08:46.0434 0x04a0 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:08:46.0434 0x04a0 iaStor - ok
17:08:46.0512 0x04a0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:08:46.0512 0x04a0 iaStorV - ok
17:08:46.0637 0x04a0 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:08:46.0637 0x04a0 IDriverT - ok
17:08:46.0746 0x04a0 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:46.0777 0x04a0 idsvc - ok
17:08:46.0824 0x04a0 IEEtwCollectorService - ok
17:08:47.0058 0x04a0 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
17:08:47.0167 0x04a0 igfx - ok
17:08:47.0214 0x04a0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:08:47.0214 0x04a0 iirsp - ok
17:08:47.0307 0x04a0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\windows\System32\ikeext.dll
17:08:47.0323 0x04a0 IKEEXT - ok
17:08:47.0510 0x04a0 [ 8D061158F3668CA50380A33A4B227958, 1438CADF1439052229CF1AE2A1B99E44C2E97AFAA79EF5DAD68A48686A44D19D ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
17:08:47.0573 0x04a0 IntcAzAudAddService - ok
17:08:47.0635 0x04a0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\windows\system32\drivers\intelide.sys
17:08:47.0635 0x04a0 intelide - ok
17:08:47.0666 0x04a0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:08:47.0682 0x04a0 intelppm - ok
17:08:47.0713 0x04a0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:08:47.0729 0x04a0 IPBusEnum - ok
17:08:47.0760 0x04a0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:08:47.0760 0x04a0 IpFilterDriver - ok
17:08:47.0853 0x04a0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:08:47.0885 0x04a0 iphlpsvc - ok
17:08:47.0931 0x04a0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:08:47.0931 0x04a0 IPMIDRV - ok
17:08:47.0947 0x04a0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:08:47.0963 0x04a0 IPNAT - ok
17:08:48.0025 0x04a0 [ 061614179585BE398A73B9B3AF111310, BE715790531CBF3E038C6C2083A0802FA492D1DCAB3ACFE035DF72E3D6A4B83B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:08:48.0056 0x04a0 iPod Service - ok
17:08:48.0087 0x04a0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\windows\system32\drivers\irenum.sys
17:08:48.0087 0x04a0 IRENUM - ok
17:08:48.0134 0x04a0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\windows\system32\drivers\isapnp.sys
17:08:48.0134 0x04a0 isapnp - ok
17:08:48.0197 0x04a0 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:08:48.0212 0x04a0 iScsiPrt - ok
17:08:48.0243 0x04a0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:08:48.0243 0x04a0 kbdclass - ok
17:08:48.0306 0x04a0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:08:48.0306 0x04a0 kbdhid - ok
17:08:48.0353 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\windows\system32\lsass.exe
17:08:48.0353 0x04a0 KeyIso - ok
17:08:48.0415 0x04a0 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:08:48.0415 0x04a0 KSecDD - ok
17:08:48.0477 0x04a0 [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:08:48.0493 0x04a0 KSecPkg - ok
17:08:48.0555 0x04a0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\windows\system32\msdtckrm.dll
17:08:48.0555 0x04a0 KtmRm - ok
17:08:48.0649 0x04a0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\windows\system32\srvsvc.dll
17:08:48.0649 0x04a0 LanmanServer - ok
17:08:48.0680 0x04a0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:08:48.0680 0x04a0 LanmanWorkstation - ok
17:08:48.0696 0x04a0 lgbusenum - ok
17:08:48.0727 0x04a0 [ 4127E8B6DDB4090E815C1F8852C277D3, A5BC1F65FA6D8952CDDA08320ADDF0E4394E10AE4780017C8C86AC5E68DF83F8 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
17:08:48.0727 0x04a0 lirsgt - ok
17:08:48.0789 0x04a0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:08:48.0789 0x04a0 lltdio - ok
17:08:48.0836 0x04a0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:08:48.0852 0x04a0 lltdsvc - ok
17:08:48.0867 0x04a0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\windows\System32\lmhsvc.dll
17:08:48.0867 0x04a0 lmhosts - ok
17:08:48.0899 0x04a0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:08:48.0914 0x04a0 LSI_FC - ok
17:08:48.0930 0x04a0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:08:48.0930 0x04a0 LSI_SAS - ok
17:08:48.0930 0x04a0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:08:48.0930 0x04a0 LSI_SAS2 - ok
17:08:48.0945 0x04a0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:08:48.0945 0x04a0 LSI_SCSI - ok
17:08:48.0977 0x04a0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\windows\system32\drivers\luafv.sys
17:08:48.0977 0x04a0 luafv - ok
17:08:49.0039 0x04a0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:08:49.0039 0x04a0 Mcx2Svc - ok
17:08:49.0070 0x04a0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:08:49.0070 0x04a0 megasas - ok
17:08:49.0086 0x04a0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:08:49.0101 0x04a0 MegaSR - ok
17:08:49.0133 0x04a0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\windows\system32\mmcss.dll
17:08:49.0133 0x04a0 MMCSS - ok
17:08:49.0164 0x04a0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\windows\system32\drivers\modem.sys
17:08:49.0164 0x04a0 Modem - ok
17:08:49.0211 0x04a0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:08:49.0211 0x04a0 monitor - ok
17:08:49.0273 0x04a0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:08:49.0273 0x04a0 mouclass - ok
17:08:49.0320 0x04a0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:08:49.0320 0x04a0 mouhid - ok
17:08:49.0382 0x04a0 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:08:49.0382 0x04a0 mountmgr - ok
17:08:49.0445 0x04a0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\windows\system32\drivers\mpio.sys
17:08:49.0445 0x04a0 mpio - ok
17:08:49.0507 0x04a0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:08:49.0507 0x04a0 mpsdrv - ok
17:08:49.0616 0x04a0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\windows\system32\mpssvc.dll
17:08:49.0632 0x04a0 MpsSvc - ok
17:08:49.0694 0x04a0 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:08:49.0694 0x04a0 MRxDAV - ok
17:08:49.0772 0x04a0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:08:49.0788 0x04a0 mrxsmb - ok
17:08:49.0850 0x04a0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:08:49.0850 0x04a0 mrxsmb10 - ok
17:08:49.0881 0x04a0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:08:49.0881 0x04a0 mrxsmb20 - ok
17:08:49.0928 0x04a0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\windows\system32\drivers\msahci.sys
17:08:49.0928 0x04a0 msahci - ok
17:08:49.0959 0x04a0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:08:49.0975 0x04a0 msdsm - ok
17:08:49.0991 0x04a0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\windows\System32\msdtc.exe
17:08:49.0991 0x04a0 MSDTC - ok
17:08:50.0037 0x04a0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\windows\system32\drivers\Msfs.sys
17:08:50.0037 0x04a0 Msfs - ok
17:08:50.0069 0x04a0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:08:50.0069 0x04a0 mshidkmdf - ok
17:08:50.0115 0x04a0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:08:50.0115 0x04a0 msisadrv - ok
17:08:50.0162 0x04a0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:08:50.0162 0x04a0 MSiSCSI - ok
17:08:50.0162 0x04a0 msiserver - ok
17:08:50.0193 0x04a0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:08:50.0193 0x04a0 MSKSSRV - ok
17:08:50.0209 0x04a0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:08:50.0209 0x04a0 MSPCLOCK - ok
17:08:50.0225 0x04a0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:08:50.0225 0x04a0 MSPQM - ok
17:08:50.0256 0x04a0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:08:50.0271 0x04a0 MsRPC - ok
17:08:50.0303 0x04a0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:08:50.0303 0x04a0 mssmbios - ok
17:08:50.0396 0x04a0 MSSQL$MSSMLBIZ - ok
17:08:50.0474 0x04a0 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:08:50.0474 0x04a0 MSSQLServerADHelper - ok
17:08:50.0490 0x04a0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:08:50.0490 0x04a0 MSTEE - ok
17:08:50.0521 0x04a0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:08:50.0521 0x04a0 MTConfig - ok
17:08:50.0552 0x04a0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\windows\system32\Drivers\mup.sys
17:08:50.0552 0x04a0 Mup - ok
17:08:50.0615 0x04a0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\windows\system32\qagentRT.dll
17:08:50.0630 0x04a0 napagent - ok
17:08:50.0677 0x04a0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:08:50.0677 0x04a0 NativeWifiP - ok
17:08:50.0786 0x04a0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\windows\system32\drivers\ndis.sys
17:08:50.0802 0x04a0 NDIS - ok
17:08:50.0817 0x04a0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:08:50.0817 0x04a0 NdisCap - ok
17:08:50.0849 0x04a0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:08:50.0864 0x04a0 NdisTapi - ok
17:08:50.0911 0x04a0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:08:50.0911 0x04a0 Ndisuio - ok
17:08:50.0973 0x04a0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:08:50.0973 0x04a0 NdisWan - ok
17:08:51.0036 0x04a0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:08:51.0036 0x04a0 NDProxy - ok
17:08:51.0114 0x04a0 [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
17:08:51.0114 0x04a0 Net Driver HPZ12 - ok
17:08:51.0161 0x04a0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:08:51.0161 0x04a0 NetBIOS - ok
17:08:51.0223 0x04a0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:08:51.0223 0x04a0 NetBT - ok
17:08:51.0254 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\windows\system32\lsass.exe
17:08:51.0254 0x04a0 Netlogon - ok
17:08:51.0317 0x04a0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\windows\System32\netman.dll
17:08:51.0332 0x04a0 Netman - ok
17:08:51.0395 0x04a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:51.0395 0x04a0 NetMsmqActivator - ok
17:08:51.0426 0x04a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:51.0426 0x04a0 NetPipeActivator - ok
17:08:51.0457 0x04a0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\windows\System32\netprofm.dll
17:08:51.0457 0x04a0 netprofm - ok
17:08:51.0473 0x04a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:51.0473 0x04a0 NetTcpActivator - ok
17:08:51.0488 0x04a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:51.0488 0x04a0 NetTcpPortSharing - ok
17:08:51.0519 0x04a0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:08:51.0535 0x04a0 nfrd960 - ok
17:08:51.0582 0x04a0 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\windows\System32\nlasvc.dll
17:08:51.0597 0x04a0 NlaSvc - ok
17:08:51.0691 0x04a0 [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] npf C:\windows\system32\drivers\npf.sys
17:08:51.0691 0x04a0 npf - ok
17:08:51.0722 0x04a0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:08:51.0722 0x04a0 Npfs - ok
17:08:51.0753 0x04a0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\windows\system32\nsisvc.dll
17:08:51.0753 0x04a0 nsi - ok
17:08:51.0769 0x04a0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:08:51.0769 0x04a0 nsiproxy - ok
17:08:51.0878 0x04a0 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:08:51.0894 0x04a0 Ntfs - ok
17:08:51.0925 0x04a0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\windows\system32\drivers\Null.sys
17:08:51.0925 0x04a0 Null - ok
17:08:51.0972 0x04a0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\windows\system32\drivers\nvraid.sys
17:08:51.0972 0x04a0 nvraid - ok
17:08:52.0019 0x04a0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\windows\system32\drivers\nvstor.sys
17:08:52.0019 0x04a0 nvstor - ok
17:08:52.0050 0x04a0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:08:52.0050 0x04a0 nv_agp - ok
17:08:52.0190 0x04a0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:08:52.0206 0x04a0 odserv - ok
17:08:52.0221 0x04a0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:08:52.0221 0x04a0 ohci1394 - ok
17:08:52.0284 0x04a0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:08:52.0284 0x04a0 ose - ok
17:08:52.0331 0x04a0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:08:52.0346 0x04a0 p2pimsvc - ok
17:08:52.0393 0x04a0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\windows\system32\p2psvc.dll
17:08:52.0393 0x04a0 p2psvc - ok
17:08:52.0471 0x04a0 [ 2F886A56D520F872E7E4BA9423A9B07B, 8A3604EDBA04AACED3C6F961E559E5769197DED59F2B0A10AF4BEC0BBEEF239A ] papycpu C:\windows\system32\drivers\papycpu.sys
17:08:52.0471 0x04a0 papycpu - ok
17:08:52.0518 0x04a0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\windows\system32\DRIVERS\parport.sys
17:08:52.0518 0x04a0 Parport - ok
17:08:52.0565 0x04a0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\windows\system32\drivers\partmgr.sys
17:08:52.0565 0x04a0 partmgr - ok
17:08:52.0596 0x04a0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
17:08:52.0596 0x04a0 Parvdm - ok
17:08:52.0627 0x04a0 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\windows\System32\pcasvc.dll
17:08:52.0627 0x04a0 PcaSvc - ok
17:08:52.0689 0x04a0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\windows\system32\drivers\pci.sys
17:08:52.0689 0x04a0 pci - ok
17:08:52.0752 0x04a0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\windows\system32\drivers\pciide.sys
17:08:52.0752 0x04a0 pciide - ok
17:08:52.0783 0x04a0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:08:52.0799 0x04a0 pcmcia - ok
17:08:52.0814 0x04a0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\windows\system32\drivers\pcw.sys
17:08:52.0814 0x04a0 pcw - ok
17:08:52.0877 0x04a0 [ 01B729B6489DCBA9C3899162F81C648A, 460D25D458F5DCE6B5D4BC53099634EA14DFCFFBEDC56C433956FF79A6B877E3 ] pe3ah4nc C:\windows\system32\drivers\pe3ah4nc.sys
17:08:52.0877 0x04a0 pe3ah4nc - ok
17:08:52.0923 0x04a0 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:08:52.0939 0x04a0 PEAUTH - ok
17:08:53.0079 0x04a0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\windows\system32\pla.dll
17:08:53.0126 0x04a0 pla - ok
17:08:53.0204 0x04a0 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:08:53.0220 0x04a0 PlugPlay - ok
17:08:53.0298 0x04a0 [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
17:08:53.0298 0x04a0 Pml Driver HPZ12 - ok
17:08:53.0407 0x04a0 [ 205E1B699FD3F2F9B036EEA2EC30C620, 9D5C8009BC3F6F76438FC82C3DAAA3E9CC87F74CDE841A0ADD9EF00E98DB6890 ] PnkBstrA C:\windows\system32\PnkBstrA.exe
17:08:53.0407 0x04a0 PnkBstrA - ok
17:08:53.0438 0x04a0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:08:53.0454 0x04a0 PNRPAutoReg - ok
17:08:53.0485 0x04a0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:08:53.0501 0x04a0 PNRPsvc - ok
17:08:53.0579 0x04a0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:08:53.0579 0x04a0 PolicyAgent - ok
17:08:53.0641 0x04a0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\windows\system32\umpo.dll
17:08:53.0641 0x04a0 Power - ok
17:08:53.0703 0x04a0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:08:53.0703 0x04a0 PptpMiniport - ok
17:08:53.0766 0x04a0 pr2ah4nc - ok
17:08:53.0813 0x04a0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\windows\system32\DRIVERS\processr.sys
17:08:53.0813 0x04a0 Processor - ok
17:08:53.0891 0x04a0 [ C051DEB1AD5FDAAE04114A30998FF869, 0F819EB3F57E4EB383C32F97EF16D2E35BE95BF94400654C2E1038C3E1765DD8 ] prodrv06 C:\windows\System32\drivers\prodrv06.sys
17:08:53.0891 0x04a0 prodrv06 - ok
17:08:53.0953 0x04a0 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\windows\system32\profsvc.dll
17:08:53.0953 0x04a0 ProfSvc - ok
17:08:54.0000 0x04a0 [ D9D5CC53E73D7796FFC6266D52DE80DA, 7F6BFAAA94274F0AEC1733A21D3F6F96C2112FACC43A6BF5EF26ED2CF6FB0070 ] prohlp02 C:\windows\system32\drivers\prohlp02.sys
17:08:54.0000 0x04a0 prohlp02 - ok
17:08:54.0062 0x04a0 [ F3471E7971EE62420451D958DA635064, 7F6CA14D455AB43B31F0D2B2B431EF1180E258D670C2E362E248CC6E55665718 ] prosync1 C:\windows\system32\drivers\prosync1.sys
17:08:54.0078 0x04a0 prosync1 - ok
17:08:54.0093 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\windows\system32\lsass.exe
17:08:54.0093 0x04a0 ProtectedStorage - ok
17:08:54.0140 0x04a0 [ F41001A404511EFC8E02FC33F1F3786C, 5C54597E37F9A1BC2A6BA4B7C2CBD01848353726CEB29BAD09E86BA1EB114F61 ] ps7ah4nc C:\windows\system32\drivers\ps7ah4nc.sys
17:08:54.0156 0x04a0 ps7ah4nc - ok
17:08:54.0203 0x04a0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:08:54.0203 0x04a0 Psched - ok
17:08:54.0281 0x04a0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:08:54.0312 0x04a0 ql2300 - ok
17:08:54.0343 0x04a0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:08:54.0343 0x04a0 ql40xx - ok
17:08:54.0390 0x04a0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\windows\system32\qwave.dll
17:08:54.0390 0x04a0 QWAVE - ok
17:08:54.0405 0x04a0 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:08:54.0405 0x04a0 QWAVEdrv - ok
17:08:54.0421 0x04a0 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:08:54.0437 0x04a0 RasAcd - ok
17:08:54.0468 0x04a0 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:08:54.0468 0x04a0 RasAgileVpn - ok
17:08:54.0483 0x04a0 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\windows\System32\rasauto.dll
17:08:54.0499 0x04a0 RasAuto - ok
17:08:54.0499 0x04a0 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:08:54.0515 0x04a0 Rasl2tp - ok
17:08:54.0593 0x04a0 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\windows\System32\rasmans.dll
17:08:54.0608 0x04a0 RasMan - ok
17:08:54.0624 0x04a0 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:08:54.0624 0x04a0 RasPppoe - ok
17:08:54.0655 0x04a0 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:08:54.0655 0x04a0 RasSstp - ok
17:08:54.0717 0x04a0 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:08:54.0717 0x04a0 rdbss - ok
17:08:54.0733 0x04a0 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:08:54.0733 0x04a0 rdpbus - ok
17:08:54.0795 0x04a0 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:08:54.0795 0x04a0 RDPCDD - ok
17:08:54.0811 0x04a0 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:08:54.0811 0x04a0 RDPENCDD - ok
17:08:54.0827 0x04a0 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:08:54.0827 0x04a0 RDPREFMP - ok
17:08:54.0936 0x04a0 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
17:08:54.0951 0x04a0 RdpVideoMiniport - ok
17:08:54.0998 0x04a0 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:08:55.0014 0x04a0 RDPWD - ok
17:08:55.0076 0x04a0 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:08:55.0076 0x04a0 rdyboost - ok
17:08:55.0107 0x04a0 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\windows\System32\mprdim.dll
17:08:55.0107 0x04a0 RemoteAccess - ok
17:08:55.0139 0x04a0 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\windows\system32\regsvc.dll
17:08:55.0154 0x04a0 RemoteRegistry - ok
17:08:55.0201 0x04a0 [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip C:\windows\SYSTEM32\Rezip.exe
17:08:55.0217 0x04a0 Rezip - ok
17:08:55.0263 0x04a0 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:08:55.0263 0x04a0 RFCOMM - ok
17:08:55.0295 0x04a0 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:08:55.0295 0x04a0 RpcEptMapper - ok
17:08:55.0326 0x04a0 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\windows\system32\locator.exe
17:08:55.0326 0x04a0 RpcLocator - ok
17:08:55.0357 0x04a0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\windows\system32\rpcss.dll
17:08:55.0357 0x04a0 RpcSs - ok
17:08:55.0404 0x04a0 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:08:55.0419 0x04a0 rspndr - ok
17:08:55.0451 0x04a0 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
17:08:55.0451 0x04a0 RTL8167 - ok
17:08:55.0529 0x04a0 [ 1C5C2CB892553D2CF3F45A4BB323FCD6, 635FDBCF5FAEE1C90BF3C9CD80E659A4B3B97B4BD9221CD0DCD534797FB40220 ] s1018bus C:\windows\system32\DRIVERS\s1018bus.sys
17:08:55.0529 0x04a0 s1018bus - ok
17:08:55.0560 0x04a0 [ 38F5EA219593F19B6B3A1B9C169E3B61, 714ADF14971D563C6890286E858B54D3CB9E459077DDBEA4A9AD796726D1F36D ] s1018mdfl C:\windows\system32\DRIVERS\s1018mdfl.sys
17:08:55.0575 0x04a0 s1018mdfl - ok
17:08:55.0591 0x04a0 [ 666AF6B64FC7DF92D3CA4819EA91631D, E9916FEDD81B277AD37DB7286523622040667210B061E823DD9A692A66686FC9 ] s1018mdm C:\windows\system32\DRIVERS\s1018mdm.sys
17:08:55.0591 0x04a0 s1018mdm - ok
17:08:55.0622 0x04a0 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0, 9D32B4399B9F5E6A2BEDC51C8039886B51E9CBEA088B04811AFC2ABEEA3CAD3D ] s1018mgmt C:\windows\system32\DRIVERS\s1018mgmt.sys
17:08:55.0622 0x04a0 s1018mgmt - ok
17:08:55.0685 0x04a0 [ 3622D9FF2253DCBE885B10736609A4CA, 6C8AFFFB165B31339716BDCE1A67ED486DA6EE2670C78FA525B4BE568632337E ] s1018nd5 C:\windows\system32\DRIVERS\s1018nd5.sys
17:08:55.0685 0x04a0 s1018nd5 - ok
17:08:55.0716 0x04a0 [ 49431EFDA842B474531C29FFAE9F5D09, DA69D12F11608EF016D50A1293DEA0AEE1C4A626C1833F88A6853EABDABD4B99 ] s1018obex C:\windows\system32\DRIVERS\s1018obex.sys
17:08:55.0731 0x04a0 s1018obex - ok
17:08:55.0763 0x04a0 [ AC6B514CB4474F4C867D7CDC9CD54F05, 8846559C8B78CF3863A79BBEAAE6A49555C5C2AC67C837DE94B253FD1D0D39A3 ] s1018unic C:\windows\system32\DRIVERS\s1018unic.sys
17:08:55.0763 0x04a0 s1018unic - ok
17:08:55.0825 0x04a0 [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI C:\windows\system32\Drivers\SABI.sys
17:08:55.0825 0x04a0 SABI - ok
17:08:55.0841 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\windows\system32\lsass.exe
17:08:55.0841 0x04a0 SamSs - ok
17:08:55.0903 0x04a0 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:08:55.0919 0x04a0 sbp2port - ok
17:08:55.0950 0x04a0 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\windows\System32\SCardSvr.dll
17:08:55.0965 0x04a0 SCardSvr - ok
17:08:55.0997 0x04a0 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:08:55.0997 0x04a0 scfilter - ok
17:08:56.0090 0x04a0 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\windows\system32\schedsvc.dll
17:08:56.0106 0x04a0 Schedule - ok
17:08:56.0168 0x04a0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\windows\System32\certprop.dll
17:08:56.0168 0x04a0 SCPolicySvc - ok
17:08:56.0215 0x04a0 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:08:56.0215 0x04a0 SDRSVC - ok
17:08:56.0262 0x04a0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:08:56.0262 0x04a0 secdrv - ok
17:08:56.0309 0x04a0 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\windows\system32\seclogon.dll
17:08:56.0309 0x04a0 seclogon - ok
17:08:56.0355 0x04a0 SelfUpdateService - ok
17:08:56.0402 0x04a0 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\windows\System32\sens.dll
17:08:56.0402 0x04a0 SENS - ok
17:08:56.0433 0x04a0 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:08:56.0433 0x04a0 SensrSvc - ok
17:08:56.0480 0x04a0 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:08:56.0480 0x04a0 Serenum - ok
17:08:56.0527 0x04a0 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\windows\system32\DRIVERS\serial.sys
17:08:56.0527 0x04a0 Serial - ok
17:08:56.0543 0x04a0 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:08:56.0543 0x04a0 sermouse - ok
17:08:56.0605 0x04a0 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\windows\system32\sessenv.dll
17:08:56.0621 0x04a0 SessionEnv - ok
17:08:56.0667 0x04a0 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:08:56.0683 0x04a0 sffdisk - ok
17:08:56.0699 0x04a0 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:08:56.0699 0x04a0 sffp_mmc - ok
17:08:56.0714 0x04a0 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:08:56.0714 0x04a0 sffp_sd - ok
17:08:56.0808 0x04a0 [ 462AEE0EA0481EA8BD45CAC876A4CCC4, C26AF130C2FB4234B6AA5EE979DEFDFAC38EA038D6046495196F8DF62DEE4120 ] sfhlp01 C:\windows\system32\drivers\sfhlp01.sys
17:08:56.0808 0x04a0 sfhlp01 - ok
17:08:56.0839 0x04a0 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:08:56.0839 0x04a0 sfloppy - ok
17:08:57.0011 0x04a0 SGRKDV - ok
17:08:57.0167 0x04a0 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\windows\System32\ipnathlp.dll
17:08:57.0182 0x04a0 SharedAccess - ok
17:08:57.0245 0x04a0 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:08:57.0260 0x04a0 ShellHWDetection - ok
17:08:57.0354 0x04a0 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\windows\system32\drivers\sisagp.sys
17:08:57.0354 0x04a0 sisagp - ok
17:08:57.0401 0x04a0 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:08:57.0401 0x04a0 SiSRaid2 - ok
17:08:57.0432 0x04a0 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:08:57.0432 0x04a0 SiSRaid4 - ok
17:08:57.0525 0x04a0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:08:57.0541 0x04a0 SkypeUpdate - ok
17:08:57.0557 0x04a0 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:08:57.0557 0x04a0 Smb - ok
17:08:57.0619 0x04a0 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:08:57.0619 0x04a0 SNMPTRAP - ok
17:08:57.0728 0x04a0 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:08:57.0728 0x04a0 Sony PC Companion - ok
17:08:57.0775 0x04a0 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\windows\system32\drivers\spldr.sys
17:08:57.0775 0x04a0 spldr - ok
17:08:57.0853 0x04a0 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\windows\System32\spoolsv.exe
17:08:57.0869 0x04a0 Spooler - ok
17:08:58.0025 0x04a0 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\windows\system32\sppsvc.exe
17:08:58.0087 0x04a0 sppsvc - ok
17:08:58.0149 0x04a0 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\windows\system32\sppuinotify.dll
17:08:58.0149 0x04a0 sppuinotify - ok
17:08:58.0274 0x04a0 [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:08:58.0290 0x04a0 SQLBrowser - ok
17:08:58.0337 0x04a0 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:08:58.0337 0x04a0 SQLWriter - ok
17:08:58.0415 0x04a0 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\windows\system32\DRIVERS\srv.sys
17:08:58.0430 0x04a0 srv - ok
17:08:58.0446 0x04a0 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:08:58.0461 0x04a0 srv2 - ok
17:08:58.0477 0x04a0 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:08:58.0477 0x04a0 srvnet - ok
17:08:58.0524 0x04a0 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:08:58.0524 0x04a0 SSDPSRV - ok
17:08:58.0586 0x04a0 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
17:08:58.0586 0x04a0 ssmdrv - ok
17:08:58.0617 0x04a0 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\windows\system32\sstpsvc.dll
17:08:58.0633 0x04a0 SstpSvc - ok
17:08:58.0742 0x04a0 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
17:08:58.0758 0x04a0 Steam Client Service - ok
17:08:58.0789 0x04a0 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:08:58.0789 0x04a0 stexstor - ok
17:08:58.0851 0x04a0 [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\windows\system32\drivers\serscan.sys
17:08:58.0851 0x04a0 StillCam - ok
17:08:58.0929 0x04a0 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\windows\System32\wiaservc.dll
17:08:58.0961 0x04a0 StiSvc - ok
17:08:59.0023 0x04a0 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\windows\system32\drivers\swenum.sys
17:08:59.0023 0x04a0 swenum - ok
17:08:59.0070 0x04a0 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\windows\System32\swprv.dll
17:08:59.0085 0x04a0 swprv - ok
17:08:59.0132 0x04a0 [ 069E5728E565BD401347CB94732C4733, 16D6F0DE070E0A00FEE2512A9F238DA8175C4C44D76FBC5DD49CAF2EBB779C1F ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:08:59.0132 0x04a0 SynTP - ok
17:08:59.0226 0x04a0 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\windows\system32\sysmain.dll
17:08:59.0257 0x04a0 SysMain - ok
17:08:59.0366 0x04a0 [ 1A78D70D7A02C920A18843426682899B, 0BF376BCAF8626582D591477031A6B1C2080A596E46B04921147998D271D7D2C ] SystemStore C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
17:08:59.0366 0x04a0 SystemStore - ok
17:08:59.0429 0x04a0 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
17:08:59.0429 0x04a0 TabletInputService - ok
17:08:59.0522 0x04a0 [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
17:08:59.0522 0x04a0 tap0901 - ok
17:08:59.0585 0x04a0 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\windows\System32\tapisrv.dll
17:08:59.0600 0x04a0 TapiSrv - ok
17:08:59.0647 0x04a0 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\windows\System32\tbssvc.dll
17:08:59.0647 0x04a0 TBS - ok
17:08:59.0787 0x04a0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:08:59.0819 0x04a0 Tcpip - ok
17:08:59.0881 0x04a0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:08:59.0912 0x04a0 TCPIP6 - ok
17:08:59.0975 0x04a0 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:08:59.0975 0x04a0 tcpipreg - ok
17:09:00.0037 0x04a0 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:09:00.0037 0x04a0 TDPIPE - ok
17:09:00.0084 0x04a0 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:09:00.0084 0x04a0 TDTCP - ok
17:09:00.0131 0x04a0 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:09:00.0131 0x04a0 tdx - ok
17:09:00.0209 0x04a0 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\windows\system32\drivers\termdd.sys
17:09:00.0209 0x04a0 TermDD - ok
17:09:00.0287 0x04a0 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\windows\System32\termsrv.dll
17:09:00.0302 0x04a0 TermService - ok
17:09:00.0333 0x04a0 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\windows\system32\themeservice.dll
17:09:00.0333 0x04a0 Themes - ok
17:09:00.0365 0x04a0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\windows\system32\mmcss.dll
17:09:00.0365 0x04a0 THREADORDER - ok
17:09:00.0380 0x04a0 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\windows\System32\trkwks.dll
17:09:00.0380 0x04a0 TrkWks - ok
17:09:00.0458 0x04a0 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:09:00.0458 0x04a0 TrustedInstaller - ok
17:09:00.0521 0x04a0 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:09:00.0521 0x04a0 tssecsrv - ok
17:09:00.0614 0x04a0 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:09:00.0614 0x04a0 TsUsbFlt - ok
17:09:00.0692 0x04a0 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:09:00.0692 0x04a0 tunnel - ok
17:09:00.0739 0x04a0 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:09:00.0739 0x04a0 uagp35 - ok
17:09:00.0770 0x04a0 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:09:00.0770 0x04a0 udfs - ok
17:09:00.0817 0x04a0 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\windows\system32\UI0Detect.exe
17:09:00.0817 0x04a0 UI0Detect - ok
17:09:00.0864 0x04a0 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:09:00.0879 0x04a0 uliagpkx - ok
17:09:00.0942 0x04a0 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\windows\system32\drivers\umbus.sys
17:09:00.0942 0x04a0 umbus - ok
17:09:00.0973 0x04a0 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:09:00.0973 0x04a0 UmPass - ok
17:09:01.0004 0x04a0 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\windows\System32\upnphost.dll
17:09:01.0020 0x04a0 upnphost - ok
17:09:01.0082 0x04a0 [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
17:09:01.0082 0x04a0 USBAAPL - ok
17:09:01.0098 0x04a0 usbbus - ok
17:09:01.0129 0x04a0 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:09:01.0145 0x04a0 usbccgp - ok
17:09:01.0191 0x04a0 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\windows\system32\drivers\usbcir.sys
17:09:01.0191 0x04a0 usbcir - ok
17:09:01.0191 0x04a0 UsbDiag - ok
17:09:01.0223 0x04a0 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:09:01.0223 0x04a0 usbehci - ok
17:09:01.0269 0x04a0 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:09:01.0269 0x04a0 usbhub - ok
17:09:01.0301 0x04a0 USBModem - ok
17:09:01.0332 0x04a0 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:09:01.0332 0x04a0 usbohci - ok
17:09:01.0363 0x04a0 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:09:01.0363 0x04a0 usbprint - ok
17:09:01.0425 0x04a0 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:09:01.0425 0x04a0 USBSTOR - ok
17:09:01.0441 0x04a0 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
17:09:01.0441 0x04a0 usbuhci - ok
17:09:01.0488 0x04a0 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:09:01.0503 0x04a0 usbvideo - ok
17:09:01.0535 0x04a0 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\windows\System32\uxsms.dll
17:09:01.0550 0x04a0 UxSms - ok
17:09:01.0597 0x04a0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\windows\system32\lsass.exe
17:09:01.0597 0x04a0 VaultSvc - ok
17:09:01.0659 0x04a0 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:09:01.0659 0x04a0 vdrvroot - ok
17:09:01.0722 0x04a0 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\windows\System32\vds.exe
17:09:01.0737 0x04a0 vds - ok
17:09:01.0800 0x04a0 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:09:01.0800 0x04a0 vga - ok
17:09:01.0815 0x04a0 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\windows\System32\drivers\vga.sys
17:09:01.0815 0x04a0 VgaSave - ok
17:09:01.0878 0x04a0 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:09:01.0878 0x04a0 vhdmp - ok
17:09:01.0925 0x04a0 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\windows\system32\drivers\viaagp.sys
17:09:01.0925 0x04a0 viaagp - ok
17:09:01.0956 0x04a0 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
17:09:01.0956 0x04a0 ViaC7 - ok
17:09:02.0003 0x04a0 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\windows\system32\drivers\viaide.sys
17:09:02.0003 0x04a0 viaide - ok
17:09:02.0049 0x04a0 [ 88C52F322117F60B7A0C89D683E30F6A, 12F96D4AC42FDF61B22304B1AED7C99C52DEBCB6CEF2927E74AB6D7BEFFDD7CB ] VMC326 C:\windows\system32\Drivers\VMC326.sys
17:09:02.0065 0x04a0 VMC326 - ok
17:09:02.0127 0x04a0 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:09:02.0127 0x04a0 volmgr - ok
17:09:02.0143 0x04a0 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:09:02.0159 0x04a0 volmgrx - ok
17:09:02.0190 0x04a0 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:09:02.0190 0x04a0 volsnap - ok
17:09:02.0237 0x04a0 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:09:02.0237 0x04a0 vsmraid - ok
17:09:02.0330 0x04a0 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\windows\system32\vssvc.exe
17:09:02.0361 0x04a0 VSS - ok
17:09:02.0377 0x04a0 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:09:02.0377 0x04a0 vwifibus - ok
17:09:02.0408 0x04a0 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:09:02.0424 0x04a0 vwififlt - ok
17:09:02.0455 0x04a0 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:09:02.0455 0x04a0 vwifimp - ok
17:09:02.0502 0x04a0 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\windows\system32\w32time.dll
17:09:02.0502 0x04a0 W32Time - ok
17:09:02.0549 0x04a0 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:09:02.0549 0x04a0 WacomPen - ok
17:09:02.0611 0x04a0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:09:02.0611 0x04a0 WANARP - ok
17:09:02.0611 0x04a0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:09:02.0611 0x04a0 Wanarpv6 - ok
17:09:02.0736 0x04a0 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:09:02.0767 0x04a0 WatAdminSvc - ok
17:09:02.0861 0x04a0 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\windows\system32\wbengine.exe
17:09:02.0892 0x04a0 wbengine - ok
17:09:02.0923 0x04a0 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:09:02.0939 0x04a0 WbioSrvc - ok
17:09:03.0001 0x04a0 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\windows\System32\wcncsvc.dll
17:09:03.0017 0x04a0 wcncsvc - ok
17:09:03.0032 0x04a0 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:09:03.0032 0x04a0 WcsPlugInService - ok
17:09:03.0063 0x04a0 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\windows\system32\DRIVERS\wd.sys
17:09:03.0063 0x04a0 Wd - ok
17:09:03.0141 0x04a0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:09:03.0141 0x04a0 Wdf01000 - ok
17:09:03.0157 0x04a0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\windows\system32\wdi.dll
17:09:03.0173 0x04a0 WdiServiceHost - ok
17:09:03.0173 0x04a0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\windows\system32\wdi.dll
17:09:03.0173 0x04a0 WdiSystemHost - ok
17:09:03.0219 0x04a0 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\windows\System32\webclnt.dll
17:09:03.0235 0x04a0 WebClient - ok
17:09:03.0251 0x04a0 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\windows\system32\wecsvc.dll
17:09:03.0251 0x04a0 Wecsvc - ok
17:09:03.0282 0x04a0 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:09:03.0282 0x04a0 wercplsupport - ok
17:09:03.0344 0x04a0 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\windows\System32\WerSvc.dll
17:09:03.0344 0x04a0 WerSvc - ok
17:09:03.0391 0x04a0 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:09:03.0391 0x04a0 WfpLwf - ok
17:09:03.0422 0x04a0 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:09:03.0422 0x04a0 WIMMount - ok
17:09:03.0516 0x04a0 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:09:03.0531 0x04a0 WinDefend - ok
17:09:03.0687 0x04a0 [ 451F905BC7BFF9E1CFF2E7AE76196B2C, C43DBAE72156C47D1EDC88567545FA6E543D2B9AC3BED426550CC6166380BCA6 ] WinDriver6 C:\windows\system32\drivers\windrvr6.sys
17:09:03.0687 0x04a0 WinDriver6 - ok
17:09:03.0703 0x04a0 WinHttpAutoProxySvc - ok
17:09:03.0765 0x04a0 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:09:03.0781 0x04a0 Winmgmt - ok
17:09:03.0875 0x04a0 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\windows\system32\WsmSvc.dll
17:09:03.0906 0x04a0 WinRM - ok
17:09:03.0968 0x04a0 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:09:03.0984 0x04a0 WinUsb - ok
17:09:04.0062 0x04a0 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\windows\System32\wlansvc.dll
17:09:04.0077 0x04a0 Wlansvc - ok
17:09:04.0265 0x04a0 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:09:04.0296 0x04a0 wlidsvc - ok
17:09:04.0358 0x04a0 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:09:04.0358 0x04a0 WmiAcpi - ok
17:09:04.0405 0x04a0 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:09:04.0405 0x04a0 wmiApSrv - ok
17:09:04.0577 0x04a0 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:09:04.0608 0x04a0 WMPNetworkSvc - ok
17:09:04.0639 0x04a0 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\windows\System32\wpcsvc.dll
17:09:04.0655 0x04a0 WPCSvc - ok
17:09:04.0701 0x04a0 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:09:04.0717 0x04a0 WPDBusEnum - ok
17:09:04.0748 0x04a0 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:09:04.0748 0x04a0 ws2ifsl - ok
17:09:04.0779 0x04a0 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\windows\System32\wscsvc.dll
17:09:04.0779 0x04a0 wscsvc - ok
17:09:04.0826 0x04a0 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
17:09:04.0842 0x04a0 WSDPrintDevice - ok
17:09:04.0842 0x04a0 WSearch - ok
17:09:04.0982 0x04a0 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\windows\system32\wuaueng.dll
17:09:05.0029 0x04a0 wuauserv - ok
17:09:05.0091 0x04a0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:09:05.0091 0x04a0 WudfPf - ok
17:09:05.0123 0x04a0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:09:05.0123 0x04a0 WUDFRd - ok
17:09:05.0185 0x04a0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:09:05.0185 0x04a0 wudfsvc - ok
17:09:05.0247 0x04a0 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\windows\System32\wwansvc.dll
17:09:05.0247 0x04a0 WwanSvc - ok
17:09:05.0279 0x04a0 XDva358 - ok
17:09:05.0294 0x04a0 XDva370 - ok
17:09:05.0357 0x04a0 [ C26C68BCBAC1F33F890C226769759209, 15FCBDF391C68D440A61512CF236C328A540DBC155D252FB7E97E14D0E99AA40 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
17:09:05.0372 0x04a0 xusb21 - ok
17:09:05.0435 0x04a0 [ 30B73EB97218A16CBC6DE535782A1B35, 5B034F39FA5B902BD6899717F7696871CDAFB8698B48BB0E95DAE51234715A28 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
17:09:05.0450 0x04a0 yukonw7 - ok
17:09:05.0497 0x04a0 ================ Scan global ===============================
17:09:05.0544 0x04a0 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
17:09:05.0622 0x04a0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:09:05.0637 0x04a0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:09:05.0684 0x04a0 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
17:09:05.0715 0x04a0 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
17:09:05.0731 0x04a0 [ Global ] - ok
17:09:05.0731 0x04a0 ================ Scan MBR ==================================
17:09:05.0747 0x04a0 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
17:09:06.0121 0x04a0 \Device\Harddisk0\DR0 - ok
17:09:06.0121 0x04a0 ================ Scan VBR ==================================
17:09:06.0121 0x04a0 [ 620D63C6C70847CF6C08D4E280E7D476 ] \Device\Harddisk0\DR0\Partition1
17:09:06.0121 0x04a0 \Device\Harddisk0\DR0\Partition1 - ok
17:09:06.0137 0x04a0 [ C3DC5327D02582155FB2F63CC6CE59C3 ] \Device\Harddisk0\DR0\Partition2
17:09:06.0137 0x04a0 \Device\Harddisk0\DR0\Partition2 - ok
17:09:06.0137 0x04a0 [ 754BC07530D001B959549D809C6D3696 ] \Device\Harddisk0\DR0\Partition3
17:09:06.0137 0x04a0 \Device\Harddisk0\DR0\Partition3 - ok
17:09:06.0137 0x04a0 ================ Scan generic autorun ======================
17:09:06.0293 0x04a0 [ E4A94D17436B4E9F53CD64D08E53D964, E3B2D336A1E90C1C520B834FA986AE2CFBD2807664C35E8AB9059CC899E58CFC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
17:09:06.0339 0x04a0 SynTPEnh - ok
17:09:06.0433 0x04a0 [ CD1E74BC24CB1D1544406741F46F4D61, 658529854926471AE413D8A365C8E6500AEBDC33A562607DAB185F1571A5524B ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
17:09:06.0433 0x04a0 UCam_Menu - ok
17:09:06.0573 0x04a0 [ 6AB979D8B90A2E0C1CBFCBB13BFF37E2, 56EFEA72B2A300D5F40C975F32C8DAE41994528FF6E4CB4AAB015F602009039A ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
17:09:06.0589 0x04a0 StartCCC - ok
17:09:06.0683 0x04a0 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
17:09:06.0714 0x04a0 avgnt - ok
17:09:06.0807 0x04a0 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:09:06.0807 0x04a0 APSDaemon - ok
17:09:06.0901 0x04a0 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
17:09:06.0917 0x04a0 SunJavaUpdateSched - ok
17:09:07.0447 0x04a0 [ C466DEC538A3BC4FA8909F09F91FA5A8, 7C4C51A2581068B3BB94FD62D7239E41B1F2784CF6A8AD927435D8B95BFAE130 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
17:09:07.0868 0x04a0 RTHDVCPL - ok
17:09:07.0946 0x04a0 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:09:07.0977 0x04a0 Adobe ARM - ok
17:09:08.0071 0x04a0 [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
17:09:08.0071 0x04a0 Avira Systray - ok
17:09:08.0196 0x04a0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:09:08.0227 0x04a0 Sidebar - ok
17:09:08.0274 0x04a0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:09:08.0289 0x04a0 mctadmin - ok
17:09:08.0336 0x04a0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:09:08.0352 0x04a0 Sidebar - ok
17:09:08.0367 0x04a0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:09:08.0367 0x04a0 mctadmin - ok
17:09:08.0399 0x04a0 Skype - ok
17:09:08.0477 0x04a0 [ AFA1F8CC076AB0462512A78473D86D53, ECE30F6AFFBA3EDAEACC6C53BF17089D1050C9913524D7AE7A5070B42F6D5FF9 ] C:\Users\Nils\Program Files\DNA\btdna.exe
17:09:08.0477 0x04a0 BitTorrent DNA - ok
17:09:08.0492 0x04a0 Sony Ericsson PC Suite - ok
17:09:08.0523 0x04a0 Pando Media Booster - ok
17:09:08.0523 0x04a0 Waiting for KSN requests completion. In queue: 136
17:09:09.0537 0x04a0 Waiting for KSN requests completion. In queue: 136
17:09:10.0551 0x04a0 Waiting for KSN requests completion. In queue: 136
17:09:11.0581 0x04a0 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
17:09:11.0581 0x04a0 Win FW state via NFP2: enabled
17:09:14.0358 0x04a0 ============================================================
17:09:14.0358 0x04a0 Scan finished
17:09:14.0358 0x04a0 ============================================================
17:09:14.0373 0x1510 Detected object count: 0
17:09:14.0373 0x1510 Actual detected object count: 0
|
|
11.01.2015, 18:04
| #6 |
| /// the machine /// TB-Ausbilder | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira hi, Scan mit Combofix
__________________ --> 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira |
|
13.01.2015, 18:27
| #7 |
| | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira hi, die Meldung " Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde." trat auf. Hier die Combofix.txt: Code:
ATTFilter Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.2038 [GMT 1:00]
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\CFLog
C:\Users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
C:\windows\IsUn0407.exe
C:\windows\msdownld.tmp
C:\windows\system32\tmp587C.tmp
C:\windows\system32\tmp587D.tmp
C:\windows\system32\tmp6395.tmp
C:\windows\system32\tmp63B6.tmp
C:\windows\system32\tmp909D.tmp
C:\windows\system32\tmp90FB.tmp
C:\windows\system32\tmpCEE3.tmp
C:\windows\system32\tmpCEE4.tmp
C:\windows\system32\tmpD8A3.tmp
C:\windows\system32\tmpDAF4.tmp
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
((((((((((((((((((((((( Dateien erstellt von 2014-12-13 bis 2015-01-13 ))))))))))))))))))))))))))))))
2015-01-13 17:02:20 . 2015-01-13 17:02:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-01-13 17:02:19 . 2015-01-13 17:02:19 -------- d-----w- C:\Users\oliver\AppData\Local\temp
2015-01-11 14:53:18 . 2015-01-12 17:21:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-26 12:56:27 . 2014-12-26 12:56:27 -------- d-----w- C:\Program Files\Free Codec Pack
2014-12-19 18:08:02 . 2014-12-13 03:33:44 115712 ----a-w- C:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2015-01-11 17:43:40 . 2014-11-21 18:27:47 114904 ----a-w- C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 15:33:11 . 2014-11-21 18:27:22 79576 ----a-w- C:\windows\system32\drivers\mbamchameleon.sys
2015-01-02 16:31:45 . 2012-05-20 16:00:53 701616 ----a-w- C:\windows\system32\FlashPlayerApp.exe
2015-01-02 16:31:45 . 2011-05-13 20:31:36 71344 ----a-w- C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-21 17:20:28 . 2012-09-26 17:46:18 98304 ----a-w- C:\windows\system32\CmdLineExt.dll
2014-11-22 02:20:44 . 2014-12-10 16:39:38 2724864 ----a-w- C:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 . 2014-12-10 16:39:47 4096 ----a-w- C:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 . 2014-12-10 16:39:47 501248 ----a-w- C:\windows\system32\vbscript.dll
2014-11-22 02:07:17 . 2014-12-10 16:39:37 62464 ----a-w- C:\windows\system32\iesetup.dll
2014-11-22 02:06:32 . 2014-12-10 16:39:48 47616 ----a-w- C:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 . 2014-12-10 16:39:43 64000 ----a-w- C:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 . 2014-12-10 16:39:48 102912 ----a-w- C:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 . 2014-12-10 16:39:48 620032 ----a-w- C:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 . 2014-12-10 16:39:48 667648 ----a-w- C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 . 2014-12-10 16:39:49 60416 ----a-w- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 . 2014-12-10 16:39:42 4299264 ----a-w- C:\windows\system32\jscript9.dll
2014-11-22 01:22:49 . 2014-12-10 16:39:38 2052096 ----a-w- C:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 . 2014-12-10 16:39:44 1155072 ----a-w- C:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 . 2014-12-10 16:39:47 1888256 ----a-w- C:\windows\system32\wininet.dll
2014-11-21 05:14:20 . 2014-11-21 18:27:22 51928 ----a-w- C:\windows\system32\drivers\mwac.sys
2014-11-21 05:14:06 . 2013-01-01 17:06:07 23256 ----a-w- C:\windows\system32\drivers\mbam.sys
2014-11-11 02:44:45 . 2014-12-10 16:39:05 1230336 ----a-w- C:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 . 2014-11-19 19:48:04 186880 ----a-w- C:\windows\system32\pku2u.dll
2014-11-11 02:44:25 . 2014-11-19 19:48:04 550912 ----a-w- C:\windows\system32\kerberos.dll
2014-11-11 01:32:14 . 2014-12-10 16:39:05 74752 ----a-w- C:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 . 2014-12-10 16:38:44 2048 ----a-w- C:\windows\system32\tzres.dll
2014-10-30 01:45:43 . 2014-12-10 16:38:34 155136 ----a-w- C:\windows\system32\charmap.exe
2014-10-25 01:32:37 . 2014-11-13 17:39:53 67584 ----a-w- C:\windows\system32\packager.dll
2014-10-24 17:16:19 . 2010-11-21 16:22:16 138032 ----a-w- C:\windows\system32\drivers\PnkBstrK.sys
2014-10-24 17:16:07 . 2010-11-21 16:22:07 281688 ----a-w- C:\windows\system32\PnkBstrB.exe
2014-10-24 17:16:07 . 2010-11-21 16:21:57 281688 ----a-w- C:\windows\system32\PnkBstrB.xtr
2014-10-21 16:51:55 . 2010-11-21 16:22:07 281688 ----a-w- C:\windows\system32\PnkBstrB.ex0
2014-10-18 01:33:18 . 2014-11-13 17:40:11 571904 ----a-w- C:\windows\system32\oleaut32.dll
2014-10-18 01:33:13 . 2014-12-10 19:47:34 3209728 ----a-w- C:\windows\system32\mf.dll
|
|
13.01.2015, 19:52
| #8 |
| /// the machine /// TB-Ausbilder | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2015, 13:50
| #9 |
| | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira Hi, so also hier MBAM Code:
ATTFilter Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 378168
Verstrichene Zeit: 18 Min, 0 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 0
(Keine schädliche Elemente erkannt)
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Code:
ATTFilter ***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Nils\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Nils\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Nils\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nils\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Nils\AppData\Roaming\GrabPro
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\e32nahuz.default\searchplugins\icqplugin.gif
Datei Gelöscht : C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\e32nahuz.default\searchplugins\icqplugin.src
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{35A32DC0-6A98-4BE7-9EB7-669A196A4AEF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v35.0 (x86 de)
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1286010613);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.history", "vegetarische%20kuechefaehre%20spanien%20nach%20afrikaspanien%20andalusien%20erfahrungsberichtandalusien%20im%20winteradobe%20flash%20player");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.installTime", "1286010613");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.10");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "126176034412617603431286010613799");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1286010622);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.version", "2.0.0.0");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
[e32nahuz.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=");
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [6909 octets] - [17/01/2015 13:24:32]
AdwCleaner[S0].txt - [6927 octets] - [17/01/2015 13:27:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6987 octets] ##########
Code:
ATTFilter
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67AC4F01-B060-4D59-97C5-253075060A21}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\fxpmt7an.default\minidumps [581 files]
~~~ Event Viewer Logs were cleared
Code:
ATTFilter ==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Nils\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-26]
FF Extension: ProxTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-14]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-26]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Nils\Program Files\DNA
FF Extension: DNA - C:\Users\Nils\Program Files\DNA [2009-12-28]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-26]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 appdrvrem01; C:\windows\System32\appdrvrem01.exe [304528 2009-12-25] (Protection Technology)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2014-04-16] ()
S2 pr2ah4nc; C:\windows\system32\pr2ah4nc.exe [410984 2007-08-17] (CODEMASTERS)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SystemStore; C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] () [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 SelfUpdateService; "C:\Program Files\Freetec\SystemStore\SelfUpdate.exe" -displayname "Self Update Service" -servicename "SelfUpdateService" [X]
S3 SGRKDV; C:\Users\Nils\AppData\Local\Temp\SGRKDV.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV07; C:\windows\system32\drivers\ACEDRV07.sys [101376 2010-02-07] (Protect Software GmbH) [File not signed]
R1 appdrv01; C:\windows\System32\Drivers\appdrv01.sys [2915944 2009-12-25] (Protection Technology)
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [278728 2010-07-17] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-24] (DT Soft Ltd)
S3 FTDIBUS; C:\windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
S3 ggsomc; C:\windows\System32\DRIVERS\ggsomc.sys [26328 2014-09-14] (Sony Mobile Communications)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25416 2010-07-17] ()
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 papycpu; C:\windows\system32\Drivers\papycpu.sys [1984 1998-09-04] () [File not signed]
R0 pe3ah4nc; C:\windows\System32\drivers\pe3ah4nc.sys [64616 2007-08-17] (CODEMASTERS)
S1 prodrv06; C:\windows\System32\drivers\prodrv06.sys [54272 2004-04-08] (Protection Technology) [File not signed]
S0 prohlp02; C:\windows\System32\drivers\prohlp02.sys [70400 2004-04-08] (Protection Technology) [File not signed]
S0 prosync1; C:\windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R0 ps7ah4nc; C:\windows\System32\drivers\ps7ah4nc.sys [68208 2007-08-17] (CODEMASTERS)
S3 s1018obex; C:\windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S0 sfhlp01; C:\windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 WinDriver6; C:\windows\System32\drivers\windrvr6.sys [193696 2008-07-03] (Jungo)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Nils\AppData\Local\Temp\catchme.sys [X]
S3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
U5 papyjoy; C:\Windows\System32\Drivers\papyjoy.sys [1888 1998-09-04] () [File not signed]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva358; \??\C:\windows\system32\XDva358.sys [X]
S3 XDva370; \??\C:\windows\system32\XDva370.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 13:41 - 2015-01-17 13:41 - 00000000 ____D () C:\FRST
2015-01-17 13:40 - 2015-01-17 13:39 - 00000903 _____ () C:\Users\Nils\Desktop\JRT.txt
2015-01-17 13:37 - 2015-01-17 13:37 - 01707939 _____ (Thisisu) C:\Users\Nils\Downloads\JRT641.exe
2015-01-17 13:37 - 2015-01-17 13:37 - 00000000 ____D () C:\windows\ERUNT
2015-01-17 13:33 - 2015-01-17 13:27 - 00007067 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt
2015-01-17 13:24 - 2015-01-17 13:27 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:24 - 2015-01-17 13:24 - 02186752 _____ () C:\Users\Nils\Downloads\adwcleaner_4.108.exe
2015-01-17 13:20 - 2015-01-17 13:20 - 02191360 _____ () C:\Users\Nils\Downloads\adwcleaner_4.107.exe
2015-01-17 13:20 - 2015-01-17 13:20 - 00001198 _____ () C:\Users\Nils\Desktop\mbam.txt
2015-01-14 19:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 19:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 19:01 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 19:01 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 19:01 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 19:01 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 18:03 - 2015-01-17 13:28 - 00000860 _____ () C:\windows\PFRO.log
2015-01-13 18:03 - 2015-01-17 13:28 - 00000392 _____ () C:\windows\setupact.log
2015-01-13 18:03 - 2015-01-13 18:03 - 00000000 _____ () C:\windows\setuperr.log
2015-01-13 17:43 - 2015-01-13 18:15 - 00000000 ____D () C:\ComboFix
2015-01-13 17:43 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-13 17:43 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-13 17:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-13 17:42 - 2015-01-13 18:15 - 00000000 ____D () C:\windows\erdnt
2015-01-13 17:42 - 2015-01-13 17:43 - 00000000 ____D () C:\Qoobox
2015-01-11 18:42 - 2015-01-13 17:31 - 05609736 ____R (Swearware) C:\Users\Nils\Downloads\ComboFix.exe
2015-01-11 18:42 - 2015-01-11 18:43 - 05609736 _____ (Swearware) C:\Users\Nils\Downloads\ComboFix(1).exe
2015-01-11 17:00 - 2015-01-11 17:00 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Nils\Downloads\TDSSKiller42.exe
2015-01-11 15:53 - 2015-01-12 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-11 15:51 - 2015-01-11 16:59 - 00000000 ____D () C:\Users\Nils\Desktop\mbar
2015-01-11 15:51 - 2015-01-11 15:51 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Nils\Downloads\mbar-1.08.2.1001.exe
2015-01-11 14:43 - 2015-01-11 14:53 - 00054799 _____ () C:\Users\Nils\Downloads\Addition.txt
2015-01-11 14:40 - 2015-01-17 13:41 - 00017896 _____ () C:\Users\Nils\Downloads\FRST.txt
2015-01-11 14:39 - 2015-01-11 14:39 - 01115648 _____ (Farbar) C:\Users\Nils\Downloads\FRST.exe
2015-01-01 20:36 - 2015-01-01 20:36 - 00010826 _____ () C:\Users\Nils\Documents\autobahn.xlsx
2014-12-26 13:56 - 2014-12-26 13:56 - 00000000 ____D () C:\Program Files\Free Codec Pack
2014-12-26 13:54 - 2014-12-26 13:55 - 03529392 _____ (DVDVideoSoft Ltd. ) C:\Users\Nils\Downloads\FreeYouTubeToMP3-1215Converter.exe
2014-12-21 15:26 - 2014-12-21 15:26 - 00000000 ____D () C:\Users\Nils\Documents\Sony
2014-12-21 15:25 - 2014-12-21 15:25 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-21 15:20 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\Nils\Desktop\100ANDRO
2014-12-19 19:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 13:42 - 2013-05-21 17:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 13:39 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 13:39 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 13:32 - 2009-12-25 14:21 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-17 13:28 - 2013-02-16 16:42 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-17 13:27 - 2009-09-16 22:52 - 01883450 _____ () C:\windows\WindowsUpdate.log
2015-01-17 13:21 - 2009-12-25 17:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 12:50 - 2013-02-16 16:42 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 12:24 - 2014-11-21 19:27 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 01:00 - 2012-05-09 17:03 - 00000000 ____D () C:\Users\Nils\Documents\TubeBox
2015-01-16 22:19 - 2009-12-29 16:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\temp
2015-01-14 21:49 - 2013-08-15 21:59 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 21:38 - 2009-12-25 14:42 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 19:42 - 2012-05-20 17:00 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-01-14 19:42 - 2011-05-13 21:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:10 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-01-13 18:02 - 2009-07-14 03:03 - 73924608 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 22806528 _____ () C:\windows\system32\config\SYSTEM.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2015-01-13 17:38 - 2011-03-06 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 16:33 - 2014-11-21 19:27 - 00079576 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-10 14:18 - 2013-05-20 21:59 - 00000974 _____ () C:\windows\Tasks\Google Software Updater.job
2015-01-04 17:57 - 2010-01-10 15:09 - 00000000 ____D () C:\Users\Nils\AppData\Local\NFS Underground 2
2015-01-02 17:32 - 2014-08-20 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-12-27 17:40 - 2013-08-05 13:26 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-12-26 13:57 - 2014-09-23 16:08 - 00002272 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-12-26 13:57 - 2014-09-23 16:08 - 00001199 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-12-26 13:57 - 2013-06-29 22:10 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-12-26 13:57 - 2013-01-27 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-26 13:56 - 2014-09-23 16:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-12-26 13:56 - 2010-09-11 19:12 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\DVDVideoSoft
2014-12-25 20:23 - 2014-11-08 18:12 - 00027861 _____ () C:\Users\Nils\Documents\TombRaider.log
2014-12-21 18:20 - 2012-09-26 18:46 - 00098304 _____ (Sony DADC Austria AG.) C:\windows\system32\CmdLineExt.dll
2014-12-21 15:25 - 2014-09-14 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-21 15:25 - 2009-09-16 22:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-21 15:23 - 2011-03-06 13:51 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 19:02 - 2014-11-07 17:49 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 19:02 - 2014-08-07 12:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 19:02 - 2012-12-03 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 19:02 - 2012-12-03 17:15 - 00000000 ____D () C:\Program Files\Avira
Files to move or delete:
====================
C:\Users\Nils\RD2.EXE
Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\drm_dyndata_7390004.dll
C:\Users\Nils\AppData\Local\Temp\Quarantine.exe
C:\Users\Nils\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 19:47
==================== End Of Log ============================
|
|
17.01.2015, 18:18
| #10 |
| /// the machine /// TB-Ausbilder | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von AviraESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2015, 18:00
| #11 |
| | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira hi ESET hat zwei Bedrohungen gefunden Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60f46a67b7f232428b5af5ba5c109d38
# engine=22022
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 08:21:21
# local_time=2015-01-18 09:21:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 100913 287035771 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 48056925 173243672 0 0
# scanned=566183
# found=2
# cleaned=0
# scan_time=31605
sh=A47739F27C4BC8FD3A48B4A90B40679DF1218E1B ft=1 fh=ab4f3351c96b3042 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=3CA21B2EEB48C7F0F839FC61F8780B61FA9F139B ft=1 fh=f3ba7d0149b93754 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nils\Downloads\Zattoo - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 29
Java(TM) 6 Update 22
Java 7 Update 51
Java 2 Runtime Environment, SE v1.4.2
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.257
Adobe Reader XI
Mozilla Firefox (35.0)
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter ==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Nils\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-26]
FF Extension: ProxTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fxpmt7an.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-14]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-26]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Nils\Program Files\DNA
FF Extension: DNA - C:\Users\Nils\Program Files\DNA [2009-12-28]
FF HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-26]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 appdrvrem01; C:\windows\System32\appdrvrem01.exe [304528 2009-12-25] (Protection Technology)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2014-04-16] ()
S2 pr2ah4nc; C:\windows\system32\pr2ah4nc.exe [410984 2007-08-17] (CODEMASTERS)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SystemStore; C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SelfUpdateService; "C:\Program Files\Freetec\SystemStore\SelfUpdate.exe" -displayname "Self Update Service" -servicename "SelfUpdateService" [X]
S3 SGRKDV; C:\Users\Nils\AppData\Local\Temp\SGRKDV.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV07; C:\windows\system32\drivers\ACEDRV07.sys [101376 2010-02-07] (Protect Software GmbH) [File not signed]
R1 appdrv01; C:\windows\System32\Drivers\appdrv01.sys [2915944 2009-12-25] (Protection Technology)
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [278728 2010-07-17] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-24] (DT Soft Ltd)
S3 FTDIBUS; C:\windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
S3 ggsomc; C:\windows\System32\DRIVERS\ggsomc.sys [26328 2014-09-14] (Sony Mobile Communications)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25416 2010-07-17] ()
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 papycpu; C:\windows\system32\Drivers\papycpu.sys [1984 1998-09-04] () [File not signed]
R0 pe3ah4nc; C:\windows\System32\drivers\pe3ah4nc.sys [64616 2007-08-17] (CODEMASTERS)
S1 prodrv06; C:\windows\System32\drivers\prodrv06.sys [54272 2004-04-08] (Protection Technology) [File not signed]
S0 prohlp02; C:\windows\System32\drivers\prohlp02.sys [70400 2004-04-08] (Protection Technology) [File not signed]
S0 prosync1; C:\windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R0 ps7ah4nc; C:\windows\System32\drivers\ps7ah4nc.sys [68208 2007-08-17] (CODEMASTERS)
S3 s1018obex; C:\windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S0 sfhlp01; C:\windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 WinDriver6; C:\windows\System32\drivers\windrvr6.sys [193696 2008-07-03] (Jungo)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Nils\AppData\Local\Temp\catchme.sys [X]
S3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
U5 papyjoy; C:\Windows\System32\Drivers\papyjoy.sys [1888 1998-09-04] () [File not signed]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva358; \??\C:\windows\system32\XDva358.sys [X]
S3 XDva370; \??\C:\windows\system32\XDva370.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 17:54 - 2015-01-19 17:54 - 00000998 _____ () C:\Users\Nils\Desktop\checkup.txt
2015-01-19 17:54 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\FRST-OlderVersion
2015-01-19 17:44 - 2015-01-19 17:44 - 00852504 _____ () C:\Users\Nils\Downloads\SecurityCheck.exe
2015-01-19 00:12 - 2015-01-19 00:12 - 00017952 _____ () C:\Users\Nils\Documents\biathlon.xlsx
2015-01-18 00:10 - 2015-01-18 00:10 - 00000000 ____D () C:\Users\Nils\AppData\Local\TuneUp Software
2015-01-18 00:08 - 2015-01-18 00:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-18 00:07 - 2015-01-18 00:08 - 28598072 _____ (TuneUp Software) C:\Users\Nils\Downloads\TuneUpUtilities2014_de-DE.exe
2015-01-18 00:04 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\Convar
2015-01-18 00:04 - 2015-01-18 00:04 - 03462033 _____ () C:\Users\Nils\Downloads\pci_filerecovery.exe
2015-01-17 19:18 - 2015-01-17 19:18 - 02347384 _____ (ESET) C:\Users\Nils\Downloads\esetsmartinstaller_deu.exe
2015-01-17 13:41 - 2015-01-19 17:54 - 00000000 ____D () C:\FRST
2015-01-17 13:37 - 2015-01-17 13:37 - 01707939 _____ (Thisisu) C:\Users\Nils\Downloads\JRT641.exe
2015-01-17 13:37 - 2015-01-17 13:37 - 00000000 ____D () C:\windows\ERUNT
2015-01-17 13:24 - 2015-01-17 13:27 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:24 - 2015-01-17 13:24 - 02186752 _____ () C:\Users\Nils\Downloads\adwcleaner_4.108.exe
2015-01-17 13:20 - 2015-01-17 13:20 - 02191360 _____ () C:\Users\Nils\Downloads\adwcleaner_4.107.exe
2015-01-14 19:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 19:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 19:01 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 19:01 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 19:01 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 19:01 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 18:03 - 2015-01-19 17:21 - 00002956 _____ () C:\windows\PFRO.log
2015-01-13 18:03 - 2015-01-19 17:21 - 00000504 _____ () C:\windows\setupact.log
2015-01-13 18:03 - 2015-01-13 18:03 - 00000000 _____ () C:\windows\setuperr.log
2015-01-13 17:43 - 2015-01-13 18:15 - 00000000 ____D () C:\ComboFix
2015-01-13 17:43 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-13 17:43 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-13 17:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-13 17:43 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-13 17:42 - 2015-01-13 18:15 - 00000000 ____D () C:\windows\erdnt
2015-01-13 17:42 - 2015-01-13 17:43 - 00000000 ____D () C:\Qoobox
2015-01-11 18:42 - 2015-01-13 17:31 - 05609736 ____R (Swearware) C:\Users\Nils\Downloads\ComboFix.exe
2015-01-11 18:42 - 2015-01-11 18:43 - 05609736 _____ (Swearware) C:\Users\Nils\Downloads\ComboFix(1).exe
2015-01-11 17:00 - 2015-01-11 17:00 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Nils\Downloads\TDSSKiller42.exe
2015-01-11 15:53 - 2015-01-12 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-11 15:51 - 2015-01-11 16:59 - 00000000 ____D () C:\Users\Nils\Desktop\mbar
2015-01-11 15:51 - 2015-01-11 15:51 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Nils\Downloads\mbar-1.08.2.1001.exe
2015-01-11 14:43 - 2015-01-11 14:53 - 00054799 _____ () C:\Users\Nils\Downloads\Addition.txt
2015-01-11 14:40 - 2015-01-19 17:54 - 00017967 _____ () C:\Users\Nils\Downloads\FRST.txt
2015-01-11 14:39 - 2015-01-19 17:54 - 01118208 _____ (Farbar) C:\Users\Nils\Downloads\FRST.exe
2015-01-01 20:36 - 2015-01-01 20:36 - 00010826 _____ () C:\Users\Nils\Documents\autobahn.xlsx
2014-12-26 13:56 - 2014-12-26 13:56 - 00000000 ____D () C:\Program Files\Free Codec Pack
2014-12-26 13:54 - 2014-12-26 13:55 - 03529392 _____ (DVDVideoSoft Ltd. ) C:\Users\Nils\Downloads\FreeYouTubeToMP3-1215Converter.exe
2014-12-21 15:26 - 2014-12-21 15:26 - 00000000 ____D () C:\Users\Nils\Documents\Sony
2014-12-21 15:25 - 2014-12-21 15:25 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-21 15:20 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\Nils\Desktop\100ANDRO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 17:50 - 2013-02-16 16:42 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 17:42 - 2013-05-21 17:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 17:32 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 17:32 - 2009-07-14 05:34 - 00015056 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 17:29 - 2009-09-16 22:52 - 01992830 _____ () C:\windows\WindowsUpdate.log
2015-01-19 17:23 - 2009-12-25 14:21 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-19 17:22 - 2013-02-16 16:42 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 17:21 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-18 20:30 - 2012-05-09 17:03 - 00000000 ____D () C:\Users\Nils\Documents\TubeBox
2015-01-18 00:59 - 2012-09-05 11:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-18 00:27 - 2010-02-10 14:13 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-18 00:10 - 2010-02-10 14:14 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\TuneUp Software
2015-01-17 13:27 - 2010-01-23 16:35 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-17 13:21 - 2009-12-25 17:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 12:24 - 2014-11-21 19:27 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 22:19 - 2009-12-29 16:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\temp
2015-01-14 21:49 - 2013-08-15 21:59 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 21:38 - 2009-12-25 14:42 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 19:42 - 2012-05-20 17:00 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-01-14 19:42 - 2011-05-13 21:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:10 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-01-13 18:02 - 2009-07-14 03:03 - 73924608 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 22806528 _____ () C:\windows\system32\config\SYSTEM.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2015-01-13 18:02 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2015-01-13 17:38 - 2011-03-06 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 16:33 - 2014-11-21 19:27 - 00079576 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-10 14:18 - 2013-05-20 21:59 - 00000974 _____ () C:\windows\Tasks\Google Software Updater.job
2015-01-04 17:57 - 2010-01-10 15:09 - 00000000 ____D () C:\Users\Nils\AppData\Local\NFS Underground 2
2015-01-02 17:32 - 2014-08-20 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-12-27 17:40 - 2013-08-05 13:26 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-12-26 13:57 - 2014-09-23 16:08 - 00002272 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-12-26 13:57 - 2014-09-23 16:08 - 00001199 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-12-26 13:57 - 2013-06-29 22:10 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-12-26 13:57 - 2013-01-27 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-26 13:56 - 2014-09-23 16:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-12-26 13:56 - 2010-09-11 19:12 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\DVDVideoSoft
2014-12-25 20:23 - 2014-11-08 18:12 - 00027861 _____ () C:\Users\Nils\Documents\TombRaider.log
2014-12-21 18:20 - 2012-09-26 18:46 - 00098304 _____ (Sony DADC Austria AG.) C:\windows\system32\CmdLineExt.dll
2014-12-21 15:25 - 2014-09-14 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-21 15:25 - 2009-09-16 22:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-21 15:23 - 2011-03-06 13:51 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Files in the root of some directories =======
2010-02-13 15:54 - 2010-07-11 20:18 - 0000000 _____ () C:\Users\Nils\AppData\Roaming\FileIn.cns
2010-02-13 15:54 - 2010-07-11 20:18 - 0000000 _____ () C:\Users\Nils\AppData\Roaming\FileOut.cns
2004-01-26 16:15 - 2004-01-26 16:15 - 0233472 ____R () C:\Users\Nils\AppData\Roaming\MafiaSetup.exe
2011-02-24 17:57 - 2011-10-14 16:34 - 0138056 _____ () C:\Users\Nils\AppData\Roaming\PnkBstrK.sys
2010-02-22 19:55 - 2010-02-22 19:55 - 0033134 _____ () C:\Users\Nils\AppData\Roaming\UserTile.png
2009-12-30 21:05 - 2009-12-30 21:05 - 0000092 _____ () C:\Users\Nils\AppData\Local\fusioncache.dat
2010-06-18 16:42 - 2010-09-04 12:47 - 0017408 _____ () C:\Users\Nils\AppData\Local\WebpageIcons.db
2014-05-30 14:59 - 2014-05-30 14:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-12-25 20:15 - 2009-12-25 20:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-12-25 02:12 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-11-09 15:50 - 2010-11-09 15:55 - 0000386 _____ () C:\ProgramData\hpzinstall.log
2009-09-16 23:05 - 2009-09-16 23:05 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-16 23:03 - 2009-09-16 23:03 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-09-16 23:00 - 2009-09-16 23:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-16 23:04 - 2009-09-16 23:04 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-09-16 22:59 - 2009-09-16 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-09-16 23:01 - 2009-09-16 23:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Nils\RD2.EXE
Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\drm_dyndata_7390004.dll
C:\Users\Nils\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Nils\AppData\Local\Temp\Quarantine.exe
C:\Users\Nils\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Nils\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 19:47
==================== End Of Log ============================
|
|
19.01.2015, 20:29
| #12 |
| /// the machine /// TB-Ausbilder | 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira Java updaten. Download Ordner leeren. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R2 SystemStore; C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] () [File not signed]
S2 SelfUpdateService; "C:\Program Files\Freetec\SystemStore\SelfUpdate.exe" -displayname "Self Update Service" -servicename "SelfUpdateService" [X]
C:\Program Files\Freemium
C:\Program Files\Freetec
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu 'TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira |
| avira, datei, fehlalarm, files, folge, folgende, fund, gefunde, gestartet, heute, meldung, program, programm, richtiger, tr/crypt.zpack.gen, tr/crypt.zpack.gen2, troja, trojan, trojaner, unerwünschtes, unerwünschtes programm, virus, virustotal |
!['TR/Crypt.ZPACK.Gen2' [trojan] Fund von Avira](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-crypt-zpack-gen2-trojan-fund-avira_ltr.gif)
WARNUNG an die MITLESER: 
Linear-Darstellung
